Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unusual traffic from your computer network

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unusual traffic from your computer network

Unread postby davidkan » March 4th, 2012, 11:44 pm

Good day,

I was googling on the internet when this notification appeared.
________________________________________________________________________________________________________________

Unusual traffic from your computer network

Read this first

When Google detects that a computer on your network may be sending automated traffic to Google we may show the following message: "Our systems have detected unusual traffic from your computer network." Automated queries are against our Terms of Service.

The error page most likely displays a CAPTCHA (a squiggly word with a box below it). To continue using Google, type the squiggly word into the box -- it's how we know you're a human, not a robot.

If you don't see a CAPTCHA image or if you continue to encounter the CAPTCHA over and over, try these steps in order:

Check for malware on your computer.

Malicious software, sometimes bundled with other free downloads without your knowledge, can trigger Google to show this message. Visit our security information site for some well-known programs that can detect and remove such applications.

If the suggested programs don't resolve the problem, you might want to try an advanced troubleshooting program such as HijackThis.
_______________________________________________________________________________________________________________

eventually i was led to this site, the DDS txt. is found below.
_______________________________________________________________________________________________________________
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by David at 11:35:10 on 2012-03-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3956.1894 [GMT 8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/home.php?ref=hp
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110716105230.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 218.186.1.58 218.186.2.16 218.186.2.6
TCP: Interfaces\{4308F2D5-7007-48AF-AFE8-75CCB2623190} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4B708FBA-45CC-4F77-8C6D-91D59FFEB667} : DhcpNameServer = 218.186.1.58 218.186.2.16 218.186.2.6
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110716105230.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\lh4asyxs.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://sg.search.yahoo.com/search?fr=gr ... =937811&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-5-25 47776]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-11 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-10 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-9-17 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-9-17 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-9-17 149032]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-4-16 144640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-10 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-9-17 243232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 355440]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 355440]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-4-16 50432]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 355440]
.
=============== Created Last 30 ================
.
2012-03-05 03:25:13 388096 ----a-r- C:\Users\David\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-05 03:25:12 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-05 01:58:48 -------- d-----w- C:\Users\David\AppData\Local\{7C07B73F-5879-4478-99C6-B32DF90CCA40}
2012-03-05 01:58:36 -------- d-----w- C:\Users\David\AppData\Local\{7708013B-F357-4075-B2C4-917BC9DBDE3D}
2012-03-04 09:30:41 -------- d-----w- C:\Users\David\AppData\Local\{2C7EC885-8603-4B69-A897-450E5F93E31F}
2012-03-04 09:30:29 -------- d-----w- C:\Users\David\AppData\Local\{7A77B22B-328C-4798-A208-05FDA53295ED}
2012-03-03 16:27:16 -------- d-----w- C:\Users\David\AppData\Local\{8C1E4DB0-AD7F-46C1-9AA6-DD0C0CCC8825}
2012-03-03 16:27:05 -------- d-----w- C:\Users\David\AppData\Local\{3AF0AAE9-3634-4141-89D1-306FD6DFD2B6}
2012-03-03 02:17:20 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{46B40DE0-D7F1-4BAA-8709-F2747DD760EA}\mpengine.dll
2012-03-02 16:07:57 -------- d-----w- C:\Users\David\AppData\Local\{D23A4522-9836-43FA-9DC1-B00BE4131315}
2012-03-02 04:07:22 -------- d-----w- C:\Users\David\AppData\Local\{C3E27CE5-07E2-4720-B4F4-A38B7CA66FF9}
2012-03-02 04:07:10 -------- d-----w- C:\Users\David\AppData\Local\{192EC41E-CFF8-4C59-9F0B-F1955100E713}
2012-03-01 04:43:44 -------- d-----w- C:\Users\David\AppData\Local\{2D83B564-CD9B-48D3-8C1F-71B85217B9DD}
2012-03-01 04:43:33 -------- d-----w- C:\Users\David\AppData\Local\{ECC05510-0270-4B5B-B783-AC6380919C7D}
2012-02-28 14:33:04 -------- d-----w- C:\Users\David\AppData\Local\{8CD71332-FF84-4161-890E-5F7DF1D483B2}
2012-02-28 14:32:53 -------- d-----w- C:\Users\David\AppData\Local\{5170550B-9B02-4386-8CC4-907897C731DF}
2012-02-27 14:37:12 -------- d-----w- C:\Users\David\AppData\Local\ESN Sonar
2012-02-27 11:14:26 -------- d-----w- C:\Users\David\AppData\Local\{204F6075-2B83-4FEF-AFFE-83A37F8F4786}
2012-02-27 11:14:14 -------- d-----w- C:\Users\David\AppData\Local\{4711D181-7527-40E8-9C71-9FFC1325AD95}
2012-02-26 07:20:17 -------- d-----w- C:\Users\David\AppData\Local\{C2EE37B1-54B5-4C93-8746-FC0E6A0C1EB5}
2012-02-26 07:20:06 -------- d-----w- C:\Users\David\AppData\Local\{B69659A0-4060-4EE3-B583-B55B3EBFBF92}
2012-02-25 08:13:52 -------- d-----w- C:\Users\David\AppData\Local\{56B8B269-0BEE-4507-8553-612E16ACA470}
2012-02-25 08:13:41 -------- d-----w- C:\Users\David\AppData\Local\{8B35C0AE-E948-4E48-ADE0-679D470FDD9B}
2012-02-24 15:33:48 -------- d-----w- C:\Users\David\AppData\Local\{C8D8AE19-512F-4202-82A2-9DA8E8DB9E30}
2012-02-24 15:33:36 -------- d-----w- C:\Users\David\AppData\Local\{A39B6A68-EF1A-4C8C-B3A4-3E59E334006E}
2012-02-23 03:42:10 -------- d-----w- C:\Users\David\AppData\Local\{5D6661C4-E128-4048-B1F1-EFADC6DDC3B9}
2012-02-23 03:41:59 -------- d-----w- C:\Users\David\AppData\Local\{4387445B-2B62-47B9-8B66-5461A6D68B78}
2012-02-22 15:41:32 -------- d-----w- C:\Users\David\AppData\Local\{5AEF4AEA-F562-444E-ABE3-4B1737D30C33}
2012-02-22 15:41:20 -------- d-----w- C:\Users\David\AppData\Local\{4879E86C-B33F-4BF1-86F6-9E5E24317179}
2012-02-21 15:00:05 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-02-21 14:59:23 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-21 14:59:23 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-21 14:59:23 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-21 14:59:23 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-21 14:59:23 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-02-21 14:59:23 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-21 14:58:48 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-02-21 14:36:07 -------- d-----w- C:\Users\David\AppData\Local\{4D73F422-E48A-4945-8106-AD3642485E48}
2012-02-21 14:35:55 -------- d-----w- C:\Users\David\AppData\Local\{8AC2B877-9215-44F9-B581-BCA7F0AE6207}
2012-02-20 13:44:28 -------- d-----w- C:\Users\David\AppData\Local\{85ED3432-11DC-405A-A7D0-764DD43A7A17}
2012-02-20 13:44:16 -------- d-----w- C:\Users\David\AppData\Local\{DF11D35B-F7E1-48FB-8987-9C0FA550D27A}
2012-02-19 14:11:29 -------- d-----w- C:\Users\David\AppData\Local\{AD1EEA1B-B630-4DD0-B2FF-93E3782E6150}
2012-02-19 14:11:18 -------- d-----w- C:\Users\David\AppData\Local\{A97F28C3-5E01-40B1-9008-4310581F9AFB}
2012-02-18 14:46:49 -------- d-----w- C:\Users\David\AppData\Local\{C7DC1B4B-DE24-4CF8-B298-76BADC303E63}
2012-02-18 14:46:37 -------- d-----w- C:\Users\David\AppData\Local\{BE5C0903-DE7B-40DF-8B56-67685DF65B72}
2012-02-18 11:17:32 -------- d-----w- C:\ProgramData\EA Logs
2012-02-18 02:46:11 -------- d-----w- C:\Users\David\AppData\Local\{E8DA5828-5058-4AD6-AF4B-6EB4D19169F3}
2012-02-18 02:45:59 -------- d-----w- C:\Users\David\AppData\Local\{169FD0A0-DDE9-45C9-9B69-A9D7E2211D03}
2012-02-17 14:45:24 -------- d-----w- C:\Users\David\AppData\Local\{F924C208-0D58-4BC5-AC0F-4B0C1C5A0B48}
2012-02-17 14:45:12 -------- d-----w- C:\Users\David\AppData\Local\{1FB4F52F-E287-4E0D-9215-05DDD335D4EF}
2012-02-16 13:43:53 -------- d-----w- C:\Users\David\AppData\Local\{E6D54C8D-8CE8-4AD2-9EDF-9541B1CDF76D}
2012-02-16 13:43:41 -------- d-----w- C:\Users\David\AppData\Local\{ED4B9AB2-DE44-42B2-92BE-F1765A230CBF}
2012-02-15 14:37:43 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 14:37:43 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 14:26:44 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 14:26:44 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 14:26:40 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 14:26:26 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 14:25:47 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 14:25:47 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 14:08:32 -------- d-----w- C:\Users\David\AppData\Local\{0D3D07C5-7CCD-4FCB-A8A5-0E649D8E0FF2}
2012-02-15 14:08:18 -------- d-----w- C:\Users\David\AppData\Local\{DB618FCC-0304-401B-A7A6-8DE603D15B5D}
2012-02-14 14:45:28 -------- d-----w- C:\Users\David\AppData\Local\{72C4826F-AF18-4A9C-8EBB-CB083B7CCEEF}
2012-02-14 14:45:16 -------- d-----w- C:\Users\David\AppData\Local\{81935550-7D36-4FFB-9751-0D5BCFED50A2}
2012-02-13 13:45:34 -------- d-----w- C:\Users\David\AppData\Local\{E9ED47E8-6111-445B-9B62-06FF2C604974}
2012-02-13 13:45:22 -------- d-----w- C:\Users\David\AppData\Local\{F9F3BB6B-E243-44F4-8E8A-748E3C43A2D3}
2012-02-12 06:51:30 -------- d-----w- C:\Users\David\AppData\Local\{B5875430-EF75-485B-82A5-EA01CF16F23F}
2012-02-12 06:51:19 -------- d-----w- C:\Users\David\AppData\Local\{3FD3E4F4-22B9-46A9-9938-10D058D25903}
2012-02-12 06:20:08 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2012-02-10 20:13:52 -------- d-----w- C:\Users\David\AppData\Local\{FE09E63D-E494-43A4-845B-8940495E4935}
2012-02-10 20:13:40 -------- d-----w- C:\Users\David\AppData\Local\{788EEBB4-9649-483D-B648-7079CB836C2E}
2012-02-10 07:53:53 -------- d-----w- C:\Users\David\AppData\Local\{A4DB2F13-7A2A-4DCF-A6E5-84D18F23EF15}
2012-02-10 07:53:42 -------- d-----w- C:\Users\David\AppData\Local\{C3EFF413-CB01-4962-A9ED-FC7AA140DFF6}
2012-02-09 19:53:08 -------- d-----w- C:\Users\David\AppData\Local\{AFAF9E84-66C2-4305-8645-978E34885C9F}
2012-02-09 19:52:57 -------- d-----w- C:\Users\David\AppData\Local\{60990868-B408-4875-BB1B-DEBF7FC584DB}
2012-02-08 10:00:39 -------- d-----w- C:\Users\David\AppData\Local\{E5D4A70D-164E-4688-9C19-090FC66A7325}
2012-02-08 10:00:28 -------- d-----w- C:\Users\David\AppData\Local\{1C11CC70-EA91-4D37-9C75-4A20052408D5}
2012-02-07 15:19:03 -------- d-----w- C:\Users\David\AppData\Local\{8C43A326-F134-4D40-9C4E-04DB03EAE712}
2012-02-07 15:18:51 -------- d-----w- C:\Users\David\AppData\Local\{3105EA90-FE5A-4963-954D-BF84FE689AE2}
2012-02-06 10:18:03 -------- d-----w- C:\Users\David\AppData\Local\{2361530A-E8C3-4DBB-B9E2-DA10848E0D7D}
2012-02-06 10:17:50 -------- d-----w- C:\Users\David\AppData\Local\{F70A42CB-61BF-4287-A5AF-7883CFF34EDA}
2012-02-05 15:32:30 -------- d-----w- C:\Users\David\AppData\Local\{6E86BAF7-FFC0-417E-9D3B-A7087B7E6CD5}
2012-02-05 15:32:19 -------- d-----w- C:\Users\David\AppData\Local\{38F27A96-D978-4086-BC66-11130B7B5311}
2012-02-05 03:31:53 -------- d-----w- C:\Users\David\AppData\Local\{104DD6DD-9F63-4252-A372-E98AA704D4AF}
2012-02-05 03:31:41 -------- d-----w- C:\Users\David\AppData\Local\{1C3C0B08-30AD-4E6A-BC7E-8D1045E8FDCC}
2012-02-04 15:31:15 -------- d-----w- C:\Users\David\AppData\Local\{9F27C804-2339-4689-B56E-8D1BC5CD750C}
2012-02-04 15:31:03 -------- d-----w- C:\Users\David\AppData\Local\{721C418F-9BAB-4DF0-809E-D361F8594833}
.
==================== Find3M ====================
.
2012-03-05 02:44:06 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-05 02:44:06 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-03-05 02:43:55 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-02-27 11:15:28 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-18 11:22:34 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-01-28 21:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-17 12:46:01 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-01-17 12:45:56 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-01-17 12:45:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 11:36:24.53 ===============
_______________________________________________________________________________________________________________

I hope that this information is useful and I hope to hear from you as soon as posible

Thanks,

David Kan
davidkan
Regular Member
 
Posts: 19
Joined: March 4th, 2012, 11:40 pm
Advertisement
Register to Remove

Re: Unusual traffic from your computer network

Unread postby diver79 » March 5th, 2012, 3:55 pm

Hi and welcome to MalwareRemoval.com, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems.

Before we start please note the following important guidelines.
  • The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
  • Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
diver79 wrote:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How to backup your data - Vista/Win7

Looking into your logs now. Will post instructions soon.

In the mean-time please re-run DDS and post the contents of Attach.txt.

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Unusual traffic from your computer network

Unread postby diver79 » March 5th, 2012, 4:38 pm

Hi davidkan,

There are no signs of infection in the supplied log. Have you had any other issues other than the received message?

Please run the below scans and reply back with the logs. Don't forget to re-run DDS and post the Attach.txt log.

aswMBR Scan
Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.


TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select Run as Administrator to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Unusual traffic from your computer network

Unread postby davidkan » March 6th, 2012, 12:14 pm

Good day, as i was performing the aswMBR Scan, i encountered this problem

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 18441

Additional information about the problem:
BCCode: 109
BCP1: A3A039D89C1339E5
BCP2: B3B7465EEE917613
BCP3: FFFFF880009F15C0
BCP4: 0000000000000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\030712-35365-01.dmp
C:\Users\David\AppData\Local\Temp\WER-50388-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

I did not proceed with any other steps after the incident. Please advise if i should proceed to perform the steps you have given.

Thanks a LOT

David Kan
davidkan
Regular Member
 
Posts: 19
Joined: March 4th, 2012, 11:40 pm

Re: Unusual traffic from your computer network

Unread postby davidkan » March 6th, 2012, 12:16 pm

Insert:
The computer restarted on its own, thus there were no records gathered from the scan. I was not looking at the computer during the scan so I am not very sure what was the cause of the restart.

David Kan
davidkan
Regular Member
 
Posts: 19
Joined: March 4th, 2012, 11:40 pm

Re: Unusual traffic from your computer network

Unread postby diver79 » March 6th, 2012, 2:44 pm

Hi davidkan,

Go ahead with the Tdsskiller scan and see if you can get it to produce a log.

Are there any other devices using the same internet connection as you?

I still need to see the attach.txt log. Please re-run DDS and post the Attach.txt log.

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Unusual traffic from your computer network

Unread postby davidkan » March 7th, 2012, 11:32 am

Good day,

The attach.txt log. is as shown below
__________________________________________________________________________________________________________________________
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 17/1/2011 6:41:29 PM
System Uptime: 7/3/2012 10:56:16 PM (1 hours ago)
.
Motherboard: Acer | | JE40_CP
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU 1 | 1573/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 349.797 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP189: 4/3/2012 8:49:11 PM - Scheduled Checkpoint
RP190: 5/3/2012 11:24:30 AM - Installed HiJackThis
RP191: 6/3/2012 11:13:21 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acer Backup Manager
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.2)
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
Backup Manager Basic
Bastion
Battlefield 3™
Battlelog Web Plugins
Canon DIGITAL CAMERA Solution Disk Software Guide
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot ELPH 500 HS_IXUS 310 HS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Company of Heroes
Company of Heroes: Tales of Valor
CyberLink PowerDVD 9
D3DX10
Empire: Total War
ESN Sonar
eSobi v2
HiJackThis
Identity Card
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Launch Manager
Mafia II
McAfee Internet Security Suite
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 10.0.2 (x86 en-GB)
MSVCRT
MSVCRT_amd64
Napoleon: Total War
Norton Online Backup
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA PhysX
OpenOffice.org 3.3
Origin
Portal 2
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Red Faction: Guerrilla
Roll
RollerCoaster Tycoon 3: Platinum!
Section 8: Prejudice
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype™ 4.1
Star Wars - Battlefront II
Star Wars: Knights of the Old Republic
Steam
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
The Witcher 2
Total War: SHOGUN 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.11
Warhammer 40,000 Space Marine
Warhammer® 40,000®: Dawn of War® II – Retribution™ Beta
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
YouTube Downloader 3.5
.
==== Event Viewer Messages From Past Week ========
.
7/3/2012 12:09:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa3a039d89c1339e5, 0xb3b7465eee917613, 0xfffff880009f15c0, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030712-35365-01.
7/3/2012 10:59:15 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 3 time(s).
7/3/2012 10:59:15 PM, Error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).
7/3/2012 10:59:15 PM, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
7/3/2012 10:59:15 PM, Error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s).
7/3/2012 10:59:15 PM, Error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s).
7/3/2012 10:59:15 PM, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 3 time(s).
7/3/2012 10:59:15 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/3/2012 10:59:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee VirusScan Announcer service, but this action failed with the following error: An instance of the service is already running.
7/3/2012 10:59:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
7/3/2012 10:59:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Personal Firewall Service service, but this action failed with the following error: An instance of the service is already running.
7/3/2012 10:59:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Network Agent service, but this action failed with the following error: An instance of the service is already running.
7/3/2012 10:58:10 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 2 time(s).
7/3/2012 10:58:10 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/3/2012 10:58:10 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/3/2012 10:58:10 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/3/2012 10:58:10 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/3/2012 10:58:10 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/3/2012 10:58:10 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/3/2012 10:57:00 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
7/3/2012 10:57:00 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/3/2012 10:57:00 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/3/2012 10:57:00 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/3/2012 10:57:00 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/3/2012 10:57:00 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/3/2012 8:11:05 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 5C-AC-4C-85-D3-4A. Network operations on this system may be disrupted as a result.
5/3/2012 10:06:10 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
4/3/2012 2:52:58 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
3/3/2012 11:32:53 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
.
==== End Of File ===========================
________________________________________________________________________________________________________________________

The Tdsskiller scan was performed, the results are shown below.
________________________________________________________________________________________________________________________

23:28:06.0217 5100 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
23:28:07.0116 5100 ============================================================
23:28:07.0116 5100 Current date / time: 2012/03/07 23:28:07.0116
23:28:07.0116 5100 SystemInfo:
23:28:07.0116 5100
23:28:07.0116 5100 OS Version: 6.1.7601 ServicePack: 1.0
23:28:07.0116 5100 Product type: Workstation
23:28:07.0116 5100 ComputerName: DAVID-PC
23:28:07.0116 5100 UserName: David
23:28:07.0116 5100 Windows directory: C:\Windows
23:28:07.0116 5100 System windows directory: C:\Windows
23:28:07.0116 5100 Running under WOW64
23:28:07.0116 5100 Processor architecture: Intel x64
23:28:07.0116 5100 Number of processors: 4
23:28:07.0116 5100 Page size: 0x1000
23:28:07.0116 5100 Boot type: Normal boot
23:28:07.0116 5100 ============================================================
23:28:07.0452 5100 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:28:07.0455 5100 \Device\Harddisk0\DR0:
23:28:07.0455 5100 MBR used
23:28:07.0455 5100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
23:28:07.0455 5100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x48CCD2B0
23:28:07.0497 5100 Initialize success
23:28:07.0497 5100 ============================================================
23:28:20.0878 5380 ============================================================
23:28:20.0878 5380 Scan started
23:28:20.0878 5380 Mode: Manual;
23:28:20.0878 5380 ============================================================
23:28:21.0210 5380 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:28:21.0213 5380 1394ohci - ok
23:28:21.0312 5380 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:28:21.0315 5380 ACPI - ok
23:28:21.0376 5380 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:28:21.0377 5380 AcpiPmi - ok
23:28:21.0558 5380 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:28:21.0562 5380 adp94xx - ok
23:28:21.0686 5380 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:28:21.0690 5380 adpahci - ok
23:28:21.0819 5380 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:28:21.0821 5380 adpu320 - ok
23:28:21.0955 5380 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:28:21.0960 5380 AFD - ok
23:28:22.0075 5380 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:28:22.0077 5380 agp440 - ok
23:28:22.0197 5380 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:28:22.0198 5380 aliide - ok
23:28:22.0258 5380 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:28:22.0259 5380 amdide - ok
23:28:22.0353 5380 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:28:22.0354 5380 AmdK8 - ok
23:28:22.0379 5380 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:28:22.0381 5380 AmdPPM - ok
23:28:22.0481 5380 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:28:22.0483 5380 amdsata - ok
23:28:22.0525 5380 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:28:22.0527 5380 amdsbs - ok
23:28:22.0627 5380 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:28:22.0628 5380 amdxata - ok
23:28:22.0740 5380 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
23:28:22.0741 5380 AmUStor - ok
23:28:22.0860 5380 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:28:22.0862 5380 AppID - ok
23:28:22.0981 5380 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:28:22.0982 5380 arc - ok
23:28:22.0995 5380 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:28:22.0996 5380 arcsas - ok
23:28:23.0048 5380 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:28:23.0048 5380 AsyncMac - ok
23:28:23.0118 5380 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:28:23.0119 5380 atapi - ok
23:28:23.0182 5380 AthBTPort (1c60a629ad4ffd06d80cd522b92cdb7c) C:\Windows\system32\DRIVERS\btath_flt.sys
23:28:23.0183 5380 AthBTPort - ok
23:28:23.0231 5380 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
23:28:23.0232 5380 ATHDFU - ok
23:28:23.0400 5380 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
23:28:23.0413 5380 athr - ok
23:28:23.0556 5380 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:28:23.0561 5380 b06bdrv - ok
23:28:23.0680 5380 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:28:23.0683 5380 b57nd60a - ok
23:28:23.0861 5380 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:28:23.0874 5380 BCM43XX - ok
23:28:24.0018 5380 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:28:24.0019 5380 Beep - ok
23:28:24.0171 5380 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:28:24.0173 5380 blbdrive - ok
23:28:24.0330 5380 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:28:24.0331 5380 bowser - ok
23:28:24.0437 5380 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:28:24.0438 5380 BrFiltLo - ok
23:28:24.0527 5380 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:28:24.0528 5380 BrFiltUp - ok
23:28:24.0629 5380 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
23:28:24.0633 5380 BrSerIb - ok
23:28:24.0727 5380 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:28:24.0731 5380 Brserid - ok
23:28:24.0824 5380 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:28:24.0825 5380 BrSerWdm - ok
23:28:24.0924 5380 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:28:24.0925 5380 BrUsbMdm - ok
23:28:25.0026 5380 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:28:25.0027 5380 BrUsbSer - ok
23:28:25.0117 5380 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
23:28:25.0118 5380 BrUsbSIb - ok
23:28:25.0172 5380 BTATH_A2DP (89f5586e80b42ca4e98b3efdafcad1b8) C:\Windows\system32\drivers\btath_a2dp.sys
23:28:25.0175 5380 BTATH_A2DP - ok
23:28:25.0271 5380 BTATH_BUS (bc14a513c0120919a019e18061faca46) C:\Windows\system32\DRIVERS\btath_bus.sys
23:28:25.0272 5380 BTATH_BUS - ok
23:28:25.0303 5380 BTATH_HCRP (76e867c34242d16e3418aa9a9430d96a) C:\Windows\system32\DRIVERS\btath_hcrp.sys
23:28:25.0305 5380 BTATH_HCRP - ok
23:28:25.0401 5380 BTATH_LWFLT (6409827297daf3699643e9f6ec5c2cd2) C:\Windows\system32\DRIVERS\btath_lwflt.sys
23:28:25.0402 5380 BTATH_LWFLT - ok
23:28:25.0495 5380 BTATH_RCP (2b53167c52a1730a59edfd3c83deff70) C:\Windows\system32\DRIVERS\btath_rcp.sys
23:28:25.0498 5380 BTATH_RCP - ok
23:28:25.0608 5380 BtFilter (9b014e62bd3541812a0b2a46459b31d7) C:\Windows\system32\DRIVERS\btfilter.sys
23:28:25.0611 5380 BtFilter - ok
23:28:25.0729 5380 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:28:25.0730 5380 BthEnum - ok
23:28:25.0772 5380 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:28:25.0774 5380 BTHMODEM - ok
23:28:25.0867 5380 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:28:25.0869 5380 BthPan - ok
23:28:25.0989 5380 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
23:28:25.0994 5380 BTHPORT - ok
23:28:26.0114 5380 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
23:28:26.0116 5380 BTHUSB - ok
23:28:26.0193 5380 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:28:26.0195 5380 cdfs - ok
23:28:26.0277 5380 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:28:26.0279 5380 cdrom - ok
23:28:26.0384 5380 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
23:28:26.0386 5380 cfwids - ok
23:28:26.0489 5380 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:28:26.0490 5380 circlass - ok
23:28:26.0580 5380 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:28:26.0585 5380 CLFS - ok
23:28:26.0689 5380 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:28:26.0690 5380 CmBatt - ok
23:28:26.0730 5380 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:28:26.0731 5380 cmdide - ok
23:28:26.0855 5380 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:28:26.0859 5380 CNG - ok
23:28:26.0949 5380 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:28:26.0950 5380 Compbatt - ok
23:28:27.0068 5380 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:28:27.0069 5380 CompositeBus - ok
23:28:27.0182 5380 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:28:27.0183 5380 crcdisk - ok
23:28:27.0284 5380 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
23:28:27.0286 5380 dc3d - ok
23:28:27.0414 5380 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:28:27.0415 5380 DfsC - ok
23:28:27.0513 5380 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:28:27.0514 5380 discache - ok
23:28:27.0604 5380 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:28:27.0606 5380 Disk - ok
23:28:27.0746 5380 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:28:27.0747 5380 drmkaud - ok
23:28:27.0887 5380 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:28:27.0896 5380 DXGKrnl - ok
23:28:27.0989 5380 EagleX64 - ok
23:28:28.0133 5380 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:28:28.0156 5380 ebdrv - ok
23:28:28.0267 5380 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:28:28.0272 5380 elxstor - ok
23:28:28.0382 5380 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:28:28.0383 5380 ErrDev - ok
23:28:28.0493 5380 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:28:28.0496 5380 exfat - ok
23:28:28.0577 5380 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:28:28.0579 5380 fastfat - ok
23:28:28.0634 5380 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:28:28.0635 5380 fdc - ok
23:28:28.0734 5380 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:28:28.0736 5380 FileInfo - ok
23:28:28.0752 5380 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:28:28.0754 5380 Filetrace - ok
23:28:28.0849 5380 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:28:28.0850 5380 flpydisk - ok
23:28:28.0955 5380 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:28:28.0958 5380 FltMgr - ok
23:28:29.0075 5380 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:28:29.0076 5380 FsDepends - ok
23:28:29.0175 5380 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:28:29.0176 5380 Fs_Rec - ok
23:28:29.0297 5380 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:28:29.0299 5380 fvevol - ok
23:28:29.0390 5380 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:28:29.0391 5380 gagp30kx - ok
23:28:29.0503 5380 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:28:29.0504 5380 GEARAspiWDM - ok
23:28:29.0622 5380 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:28:29.0623 5380 hcw85cir - ok
23:28:29.0750 5380 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:28:29.0753 5380 HdAudAddService - ok
23:28:29.0872 5380 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:28:29.0874 5380 HDAudBus - ok
23:28:29.0959 5380 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:28:29.0960 5380 HECIx64 - ok
23:28:29.0989 5380 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:28:29.0990 5380 HidBatt - ok
23:28:30.0057 5380 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:28:30.0059 5380 HidBth - ok
23:28:30.0094 5380 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:28:30.0095 5380 HidIr - ok
23:28:30.0226 5380 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:28:30.0227 5380 HidUsb - ok
23:28:30.0342 5380 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:28:30.0344 5380 HpSAMD - ok
23:28:30.0467 5380 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:28:30.0474 5380 HTTP - ok
23:28:30.0570 5380 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:28:30.0571 5380 hwpolicy - ok
23:28:30.0694 5380 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:28:30.0697 5380 i8042prt - ok
23:28:30.0735 5380 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
23:28:30.0740 5380 iaStor - ok
23:28:30.0845 5380 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:28:30.0852 5380 iaStorV - ok
23:28:31.0076 5380 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:28:31.0181 5380 igfx - ok
23:28:31.0288 5380 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:28:31.0290 5380 iirsp - ok
23:28:31.0390 5380 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
23:28:31.0393 5380 Impcd - ok
23:28:31.0557 5380 IntcAzAudAddService (5f35fe198ee7818221414776f8413ab0) C:\Windows\system32\drivers\RTKVHD64.sys
23:28:31.0590 5380 IntcAzAudAddService - ok
23:28:31.0690 5380 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:28:31.0692 5380 intelide - ok
23:28:31.0797 5380 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:28:31.0800 5380 intelppm - ok
23:28:31.0919 5380 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:28:31.0922 5380 IpFilterDriver - ok
23:28:32.0027 5380 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:28:32.0029 5380 IPMIDRV - ok
23:28:32.0140 5380 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:28:32.0143 5380 IPNAT - ok
23:28:32.0261 5380 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:28:32.0262 5380 IRENUM - ok
23:28:32.0375 5380 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:28:32.0377 5380 isapnp - ok
23:28:32.0426 5380 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:28:32.0431 5380 iScsiPrt - ok
23:28:32.0540 5380 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
23:28:32.0547 5380 k57nd60a - ok
23:28:32.0650 5380 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:28:32.0653 5380 kbdclass - ok
23:28:32.0770 5380 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:28:32.0772 5380 kbdhid - ok
23:28:32.0879 5380 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:28:32.0882 5380 KSecDD - ok
23:28:32.0907 5380 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:28:32.0910 5380 KSecPkg - ok
23:28:32.0989 5380 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:28:32.0991 5380 ksthunk - ok
23:28:33.0100 5380 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
23:28:33.0103 5380 L1E - ok
23:28:33.0203 5380 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:28:33.0205 5380 lltdio - ok
23:28:33.0315 5380 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:28:33.0318 5380 LSI_FC - ok
23:28:33.0330 5380 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:28:33.0334 5380 LSI_SAS - ok
23:28:33.0429 5380 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:28:33.0431 5380 LSI_SAS2 - ok
23:28:33.0467 5380 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:28:33.0470 5380 LSI_SCSI - ok
23:28:33.0537 5380 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:28:33.0540 5380 luafv - ok
23:28:33.0714 5380 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:28:33.0716 5380 megasas - ok
23:28:33.0755 5380 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:28:33.0759 5380 MegaSR - ok
23:28:33.0883 5380 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
23:28:33.0885 5380 mfeapfk - ok
23:28:33.0991 5380 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
23:28:33.0996 5380 mfeavfk - ok
23:28:34.0122 5380 mfeavfk01 - ok
23:28:34.0180 5380 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
23:28:34.0185 5380 mfefirek - ok
23:28:34.0283 5380 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
23:28:34.0292 5380 mfehidk - ok
23:28:34.0399 5380 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:28:34.0402 5380 mfenlfk - ok
23:28:34.0501 5380 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
23:28:34.0504 5380 mferkdet - ok
23:28:34.0611 5380 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
23:28:34.0615 5380 mfewfpk - ok
23:28:34.0699 5380 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:28:34.0701 5380 Modem - ok
23:28:34.0721 5380 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:28:34.0723 5380 monitor - ok
23:28:34.0835 5380 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:28:34.0837 5380 mouclass - ok
23:28:34.0945 5380 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:28:34.0946 5380 mouhid - ok
23:28:35.0053 5380 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:28:35.0056 5380 mountmgr - ok
23:28:35.0096 5380 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:28:35.0100 5380 mpio - ok
23:28:35.0191 5380 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:28:35.0193 5380 mpsdrv - ok
23:28:35.0246 5380 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:28:35.0250 5380 MRxDAV - ok
23:28:35.0358 5380 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:28:35.0361 5380 mrxsmb - ok
23:28:35.0447 5380 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:28:35.0451 5380 mrxsmb10 - ok
23:28:35.0546 5380 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:28:35.0557 5380 mrxsmb20 - ok
23:28:35.0670 5380 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:28:35.0673 5380 msahci - ok
23:28:35.0741 5380 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:28:35.0744 5380 msdsm - ok
23:28:35.0836 5380 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:28:35.0838 5380 Msfs - ok
23:28:35.0872 5380 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:28:35.0874 5380 mshidkmdf - ok
23:28:35.0958 5380 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:28:35.0960 5380 msisadrv - ok
23:28:36.0096 5380 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:28:36.0098 5380 MSKSSRV - ok
23:28:36.0196 5380 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:28:36.0197 5380 MSPCLOCK - ok
23:28:36.0294 5380 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:28:36.0295 5380 MSPQM - ok
23:28:36.0348 5380 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:28:36.0354 5380 MsRPC - ok
23:28:36.0470 5380 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:28:36.0472 5380 mssmbios - ok
23:28:36.0561 5380 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:28:36.0563 5380 MSTEE - ok
23:28:36.0574 5380 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:28:36.0576 5380 MTConfig - ok
23:28:36.0600 5380 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:28:36.0602 5380 Mup - ok
23:28:36.0702 5380 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:28:36.0707 5380 NativeWifiP - ok
23:28:36.0851 5380 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:28:36.0865 5380 NDIS - ok
23:28:36.0950 5380 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:28:36.0952 5380 NdisCap - ok
23:28:37.0043 5380 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:28:37.0044 5380 NdisTapi - ok
23:28:37.0161 5380 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:28:37.0162 5380 Ndisuio - ok
23:28:37.0200 5380 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:28:37.0202 5380 NdisWan - ok
23:28:37.0293 5380 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:28:37.0295 5380 NDProxy - ok
23:28:37.0387 5380 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:28:37.0389 5380 NetBIOS - ok
23:28:37.0443 5380 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:28:37.0446 5380 NetBT - ok
23:28:37.0551 5380 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:28:37.0552 5380 nfrd960 - ok
23:28:37.0671 5380 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:28:37.0672 5380 Npfs - ok
23:28:37.0690 5380 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:28:37.0691 5380 nsiproxy - ok
23:28:37.0810 5380 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:28:37.0831 5380 Ntfs - ok
23:28:37.0950 5380 NTIDrvr (710263b44c1d1aee07525a53401fbe48) C:\Windows\system32\drivers\NTIDrvr.sys
23:28:37.0952 5380 NTIDrvr - ok
23:28:38.0051 5380 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
23:28:38.0052 5380 NuidFltr - ok
23:28:38.0089 5380 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:28:38.0090 5380 Null - ok
23:28:38.0218 5380 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
23:28:38.0221 5380 NVHDA - ok
23:28:38.0582 5380 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:28:38.0842 5380 nvlddmkm - ok
23:28:38.0958 5380 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:28:38.0962 5380 nvraid - ok
23:28:39.0016 5380 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:28:39.0020 5380 nvstor - ok
23:28:39.0171 5380 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:28:39.0174 5380 nv_agp - ok
23:28:39.0311 5380 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:28:39.0313 5380 ohci1394 - ok
23:28:39.0434 5380 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:28:39.0437 5380 Parport - ok
23:28:39.0476 5380 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:28:39.0478 5380 partmgr - ok
23:28:39.0588 5380 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:28:39.0591 5380 pci - ok
23:28:39.0611 5380 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:28:39.0613 5380 pciide - ok
23:28:39.0714 5380 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:28:39.0718 5380 pcmcia - ok
23:28:39.0738 5380 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:28:39.0740 5380 pcw - ok
23:28:39.0830 5380 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:28:39.0839 5380 PEAUTH - ok
23:28:39.0980 5380 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
23:28:39.0982 5380 Point64 - ok
23:28:40.0105 5380 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:28:40.0107 5380 PptpMiniport - ok
23:28:40.0139 5380 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:28:40.0141 5380 Processor - ok
23:28:40.0250 5380 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:28:40.0253 5380 Psched - ok
23:28:40.0368 5380 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:28:40.0397 5380 ql2300 - ok
23:28:40.0488 5380 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:28:40.0490 5380 ql40xx - ok
23:28:40.0513 5380 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:28:40.0515 5380 QWAVEdrv - ok
23:28:40.0610 5380 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:28:40.0611 5380 RasAcd - ok
23:28:40.0674 5380 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:28:40.0676 5380 RasAgileVpn - ok
23:28:40.0766 5380 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:28:40.0769 5380 Rasl2tp - ok
23:28:40.0866 5380 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:28:40.0868 5380 RasPppoe - ok
23:28:40.0900 5380 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:28:40.0903 5380 RasSstp - ok
23:28:41.0002 5380 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:28:41.0008 5380 rdbss - ok
23:28:41.0081 5380 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:28:41.0083 5380 rdpbus - ok
23:28:41.0119 5380 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:28:41.0120 5380 RDPCDD - ok
23:28:41.0186 5380 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:28:41.0187 5380 RDPENCDD - ok
23:28:41.0217 5380 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:28:41.0218 5380 RDPREFMP - ok
23:28:41.0264 5380 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:28:41.0268 5380 RDPWD - ok
23:28:41.0368 5380 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:28:41.0372 5380 rdyboost - ok
23:28:41.0481 5380 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:28:41.0484 5380 RFCOMM - ok
23:28:41.0612 5380 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:28:41.0615 5380 rspndr - ok
23:28:41.0666 5380 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:28:41.0668 5380 sbp2port - ok
23:28:41.0768 5380 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:28:41.0770 5380 scfilter - ok
23:28:41.0877 5380 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:28:41.0879 5380 secdrv - ok
23:28:41.0978 5380 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:28:41.0980 5380 Serenum - ok
23:28:42.0080 5380 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:28:42.0083 5380 Serial - ok
23:28:42.0185 5380 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:28:42.0187 5380 sermouse - ok
23:28:42.0247 5380 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:28:42.0248 5380 sffdisk - ok
23:28:42.0354 5380 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:28:42.0356 5380 sffp_mmc - ok
23:28:42.0459 5380 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:28:42.0461 5380 sffp_sd - ok
23:28:42.0537 5380 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:28:42.0539 5380 sfloppy - ok
23:28:42.0638 5380 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:28:42.0641 5380 SiSRaid2 - ok
23:28:42.0654 5380 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:28:42.0656 5380 SiSRaid4 - ok
23:28:42.0753 5380 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:28:42.0756 5380 Smb - ok
23:28:42.0868 5380 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:28:42.0869 5380 spldr - ok
23:28:42.0917 5380 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:28:42.0925 5380 srv - ok
23:28:43.0019 5380 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:28:43.0027 5380 srv2 - ok
23:28:43.0119 5380 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:28:43.0122 5380 srvnet - ok
23:28:43.0231 5380 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:28:43.0233 5380 stexstor - ok
23:28:43.0348 5380 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:28:43.0349 5380 swenum - ok
23:28:43.0485 5380 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
23:28:43.0490 5380 SynTP - ok
23:28:43.0662 5380 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:28:43.0682 5380 Tcpip - ok
23:28:43.0853 5380 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:28:43.0870 5380 TCPIP6 - ok
23:28:43.0960 5380 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:28:43.0962 5380 tcpipreg - ok
23:28:44.0001 5380 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:28:44.0003 5380 TDPIPE - ok
23:28:44.0076 5380 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:28:44.0077 5380 TDTCP - ok
23:28:44.0124 5380 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:28:44.0127 5380 tdx - ok
23:28:44.0219 5380 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:28:44.0221 5380 TermDD - ok
23:28:44.0360 5380 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:28:44.0362 5380 tssecsrv - ok
23:28:44.0463 5380 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:28:44.0465 5380 TsUsbFlt - ok
23:28:44.0577 5380 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:28:44.0580 5380 tunnel - ok
23:28:44.0683 5380 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
23:28:44.0685 5380 TurboB - ok
23:28:44.0789 5380 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:28:44.0791 5380 uagp35 - ok
23:28:44.0891 5380 UBHelper (40079b0b801c5432ba435b5ad61ce6e3) C:\Windows\system32\drivers\UBHelper.sys
23:28:44.0893 5380 UBHelper - ok
23:28:44.0994 5380 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:28:45.0000 5380 udfs - ok
23:28:45.0120 5380 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:28:45.0123 5380 uliagpkx - ok
23:28:45.0192 5380 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:28:45.0194 5380 umbus - ok
23:28:45.0264 5380 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:28:45.0266 5380 UmPass - ok
23:28:45.0397 5380 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:28:45.0400 5380 USBAAPL64 - ok
23:28:45.0449 5380 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:28:45.0452 5380 usbccgp - ok
23:28:45.0570 5380 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:28:45.0573 5380 usbcir - ok
23:28:45.0628 5380 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:28:45.0630 5380 usbehci - ok
23:28:45.0745 5380 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:28:45.0752 5380 usbhub - ok
23:28:45.0803 5380 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:28:45.0805 5380 usbohci - ok
23:28:45.0906 5380 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:28:45.0907 5380 usbprint - ok
23:28:45.0999 5380 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:28:46.0001 5380 usbscan - ok
23:28:46.0057 5380 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:28:46.0059 5380 USBSTOR - ok
23:28:46.0134 5380 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:28:46.0136 5380 usbuhci - ok
23:28:46.0256 5380 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:28:46.0261 5380 usbvideo - ok
23:28:46.0387 5380 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:28:46.0389 5380 vdrvroot - ok
23:28:46.0497 5380 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:28:46.0499 5380 vga - ok
23:28:46.0518 5380 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:28:46.0520 5380 VgaSave - ok
23:28:46.0628 5380 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:28:46.0632 5380 vhdmp - ok
23:28:46.0678 5380 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:28:46.0680 5380 viaide - ok
23:28:46.0786 5380 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:28:46.0788 5380 volmgr - ok
23:28:46.0842 5380 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:28:46.0848 5380 volmgrx - ok
23:28:46.0949 5380 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:28:46.0954 5380 volsnap - ok
23:28:46.0993 5380 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:28:46.0997 5380 vsmraid - ok
23:28:47.0077 5380 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:28:47.0078 5380 vwifibus - ok
23:28:47.0108 5380 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:28:47.0110 5380 vwififlt - ok
23:28:47.0138 5380 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:28:47.0140 5380 WacomPen - ok
23:28:47.0238 5380 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:28:47.0241 5380 WANARP - ok
23:28:47.0249 5380 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:28:47.0251 5380 Wanarpv6 - ok
23:28:47.0376 5380 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:28:47.0378 5380 Wd - ok
23:28:47.0409 5380 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:28:47.0418 5380 Wdf01000 - ok
23:28:47.0551 5380 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:28:47.0553 5380 WfpLwf - ok
23:28:47.0608 5380 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:28:47.0610 5380 WIMMount - ok
23:28:47.0768 5380 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:28:47.0770 5380 WinUsb - ok
23:28:47.0892 5380 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:28:47.0894 5380 WmiAcpi - ok
23:28:48.0009 5380 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:28:48.0011 5380 ws2ifsl - ok
23:28:48.0076 5380 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:28:48.0079 5380 WudfPf - ok
23:28:48.0197 5380 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:28:48.0201 5380 WUDFRd - ok
23:28:48.0267 5380 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:28:48.0336 5380 \Device\Harddisk0\DR0 - ok
23:28:48.0341 5380 Boot (0x1200) (85ac0fd29c168d31bd5542a2dcd2c125) \Device\Harddisk0\DR0\Partition0
23:28:48.0342 5380 \Device\Harddisk0\DR0\Partition0 - ok
23:28:48.0359 5380 Boot (0x1200) (7c8679bbd83b2bd86ea613a1537cd1a6) \Device\Harddisk0\DR0\Partition1
23:28:48.0360 5380 \Device\Harddisk0\DR0\Partition1 - ok
23:28:48.0361 5380 ============================================================
23:28:48.0361 5380 Scan finished
23:28:48.0361 5380 ============================================================
23:28:48.0377 5392 Detected object count: 0
23:28:48.0377 5392 Actual detected object count: 0
________________________________________________________________________________________________________________________

And to answer your question of other devices using the same internet connection as me, I think the answer is yes. My family uses linkysys router so that we can all connect to the internet using the same internet access.

Appreciate the help and advice that you are providing,
David Kan
davidkan
Regular Member
 
Posts: 19
Joined: March 4th, 2012, 11:40 pm

Re: Unusual traffic from your computer network

Unread postby diver79 » March 7th, 2012, 5:21 pm

Hi davidkan,

Remove P2P Programs
  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
    µTorrent
  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on Start...then... Click the Search Programs and Files search box on the Start Menu.
  • Copy and paste the value below, into the open text entry box and press the Enter key.
    appwiz.cpl
  • Press the "Uninstall" button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Please reply to let me know that the program has been removed and I will post further instructions.

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Unusual traffic from your computer network

Unread postby davidkan » March 8th, 2012, 7:32 am

Good day,

Yes, µTorrent has been removed from my system. FYI it was in my computer when I bought it already but I did not use it.

David Kan
davidkan
Regular Member
 
Posts: 19
Joined: March 4th, 2012, 11:40 pm

Re: Unusual traffic from your computer network

Unread postby diver79 » March 8th, 2012, 5:35 pm

Hi davidkan,

Yes, µTorrent has been removed from my system
Great, lets proceed!

I see no signs of malware on this computer. The message you received from google is directed at your public IP address. This would be the address of your router and any devices connected to it. It is likely that another machine on your network is infected. Lets run a few more scans just to be sure this machine is not the culprit.

MBRCheck

    Please download MBRCheck.exe and save it to your desktop.
  • Right click on MBRCheck.exe and select " Run as administrator " to run it.
  • A window similar to this should open on your desktop:

Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
  • Please post the contents of the log in your next reply.


ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Unusual traffic from your computer network

Unread postby davidkan » March 9th, 2012, 2:50 am

Good day,

the report from MBRCheck is found below
__________________________________________________________________________________________________________________________

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 4741
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 199):
0x0360D000 \SystemRoot\system32\ntoskrnl.exe
0x03BF6000 \SystemRoot\system32\hal.dll
0x00BA8000 \SystemRoot\system32\kdcom.dll
0x00C6A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB9000 \SystemRoot\system32\PSHED.dll
0x00CCD000 \SystemRoot\system32\CLFS.SYS
0x00D2B000 \SystemRoot\system32\CI.dll
0x00E49000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EED000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EFC000 \SystemRoot\system32\drivers\ACPI.sys
0x00F53000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F5C000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F66000 \SystemRoot\system32\drivers\pci.sys
0x00F99000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FA6000 \SystemRoot\System32\drivers\partmgr.sys
0x00FBB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FC4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FD0000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FE5000 \SystemRoot\System32\drivers\mountmgr.sys
0x01052000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0125C000 \SystemRoot\system32\drivers\atapi.sys
0x01265000 \SystemRoot\system32\drivers\ataport.SYS
0x0128F000 \SystemRoot\system32\drivers\amdxata.sys
0x0129A000 \SystemRoot\system32\drivers\fltmgr.sys
0x012E6000 \SystemRoot\system32\drivers\fileinfo.sys
0x012FA000 \SystemRoot\system32\drivers\mfehidk.sys
0x01415000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0137A000 \SystemRoot\System32\Drivers\msrpc.sys
0x015B8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x016C1000 \SystemRoot\System32\Drivers\cng.sys
0x01733000 \SystemRoot\System32\drivers\pcw.sys
0x01744000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0181F000 \SystemRoot\system32\drivers\ndis.sys
0x01912000 \SystemRoot\system32\drivers\NETIO.SYS
0x01972000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A87000 \SystemRoot\System32\drivers\tcpip.sys
0x01C8B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01CD5000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01D19000 \SystemRoot\system32\drivers\TDI.SYS
0x01D26000 \SystemRoot\system32\drivers\volsnap.sys
0x01D72000 \SystemRoot\System32\Drivers\spldr.sys
0x01D7A000 \SystemRoot\System32\drivers\rdyboost.sys
0x01DB4000 \SystemRoot\System32\Drivers\mup.sys
0x01DC6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0466C000 \SystemRoot\system32\drivers\cdrom.sys
0x04696000 \SystemRoot\System32\Drivers\Null.SYS
0x0469F000 \SystemRoot\System32\Drivers\Beep.SYS
0x046A6000 \SystemRoot\System32\drivers\vga.sys
0x046B4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x046D9000 \SystemRoot\System32\drivers\watchdog.sys
0x046E9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x046F2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x046FB000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04704000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0470F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04720000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04742000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0174E000 \SystemRoot\system32\drivers\afd.sys
0x04787000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04790000 \SystemRoot\system32\DRIVERS\pacer.sys
0x047B6000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x047CC000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x047DD000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04400000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0441B000 \SystemRoot\system32\drivers\termdd.sys
0x0199D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0442F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0443B000 \SystemRoot\system32\drivers\mssmbios.sys
0x047EC000 \SystemRoot\System32\drivers\discache.sys
0x01DDD000 \SystemRoot\System32\Drivers\dfsc.sys
0x019EE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x017D7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0F40E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x04845000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04939000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0497F000 \SystemRoot\system32\drivers\HDAudBus.sys
0x049A3000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x049B4000 \SystemRoot\system32\drivers\usbehci.sys
0x1012C000 \SystemRoot\system32\drivers\USBPORT.SYS
0x10182000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x04C0E000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04E34000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04E41000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04E46000 \SystemRoot\system32\drivers\i8042prt.sys
0x04E64000 \SystemRoot\system32\drivers\kbdclass.sys
0x04E73000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04EC0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04EC2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04ED1000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x04ED9000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x04EE1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04EEE000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x04F14000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04F2A000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04F33000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04F43000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04F59000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04F7D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04F89000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04FB8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04FD3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x049C5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04FF4000 \SystemRoot\system32\drivers\swenum.sys
0x04800000 \SystemRoot\system32\drivers\ks.sys
0x04C00000 \SystemRoot\system32\DRIVERS\btath_bus.sys
0x049DF000 \SystemRoot\system32\drivers\umbus.sys
0x01600000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x101E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0165A000 \SystemRoot\system32\drivers\nvhda64v.sys
0x01000000 \SystemRoot\system32\drivers\portcls.sys
0x0168C000 \SystemRoot\system32\drivers\drmk.sys
0x04FF6000 \SystemRoot\system32\drivers\ksthunk.sys
0x052C9000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0551D000 \SystemRoot\system32\drivers\mfeavfk.sys
0x0554A000 \SystemRoot\system32\drivers\mfefirek.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x055B4000 \SystemRoot\System32\drivers\Dxapi.sys
0x055C0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04446000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x055CE000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x055E1000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x055F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05200000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0520E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05227000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x05233000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05240000 \SystemRoot\system32\DRIVERS\point64.sys
0x05250000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0526D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0529B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005D0000 \SystemRoot\System32\TSDDD.dll
0x00700000 \SystemRoot\System32\cdd.dll
0x00820000 \SystemRoot\System32\ATMFD.DLL
0x015D3000 \SystemRoot\system32\drivers\luafv.sys
0x013D8000 \SystemRoot\system32\drivers\WudfPf.sys
0x052A9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04AA8000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04AFB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04B0E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04B26000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x04B2D000 \SystemRoot\system32\drivers\HTTP.sys
0x04A00000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04A1E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04A36000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06ED9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06F27000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06F4B000 \SystemRoot\system32\drivers\peauth.sys
0x06FF1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06E00000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06E31000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06E43000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0788D000 \SystemRoot\System32\DRIVERS\srv.sys
0x0781C000 \SystemRoot\system32\drivers\mfeapfk.sys
0x07838000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x07843000 \??\C:\Users\David\AppData\Local\Temp\aswMBR.sys
0x77AA0000 \Windows\System32\ntdll.dll
0x47950000 \Windows\System32\smss.exe
0xFFDC0000 \Windows\System32\apisetschema.dll
0xFF4D0000 \Windows\System32\autochk.exe
0x77C70000 \Windows\System32\psapi.dll
0xFFDA0000 \Windows\System32\nsi.dll
0x77950000 \Windows\System32\urlmon.dll
0xFF010000 \Windows\System32\shell32.dll
0xFEF40000 \Windows\System32\usp10.dll
0xFED30000 \Windows\System32\ole32.dll
0x77C60000 \Windows\System32\normaliz.dll
0xFEB50000 \Windows\System32\setupapi.dll
0xFEA40000 \Windows\System32\msctf.dll
0x77850000 \Windows\System32\user32.dll
0xFEA30000 \Windows\System32\lpk.dll
0xFE990000 \Windows\System32\msvcrt.dll
0xFE8B0000 \Windows\System32\oleaut32.dll
0xFE860000 \Windows\System32\ws2_32.dll
0xFE840000 \Windows\System32\sechost.dll
0xFE7E0000 \Windows\System32\Wldap32.dll
0x77730000 \Windows\System32\kernel32.dll
0xFE770000 \Windows\System32\gdi32.dll
0xFE690000 \Windows\System32\advapi32.dll
0xFE610000 \Windows\System32\shlwapi.dll
0xFE4E0000 \Windows\System32\rpcrt4.dll
0xFE440000 \Windows\System32\comdlg32.dll
0x775D0000 \Windows\System32\wininet.dll
0xFE3A0000 \Windows\System32\clbcatq.dll
0xFE370000 \Windows\System32\imm32.dll
0x773C0000 \Windows\System32\iertutil.dll
0xFE2F0000 \Windows\System32\difxapi.dll
0xFE2D0000 \Windows\System32\imagehlp.dll
0xFE160000 \Windows\System32\crypt32.dll
0xFE120000 \Windows\System32\cfgmgr32.dll
0xFE0B0000 \Windows\System32\KernelBase.dll
0xFE070000 \Windows\System32\wintrust.dll
0xFE050000 \Windows\System32\devobj.dll
0xFDFB0000 \Windows\System32\comctl32.dll
0xFDFA0000 \Windows\System32\msasn1.dll
0x75650000 \Windows\SysWOW64\normaliz.dll

Processes (total 88):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
588 csrss.exe
656 C:\Windows\System32\wininit.exe
676 csrss.exe
720 C:\Windows\System32\services.exe
744 C:\Windows\System32\lsass.exe
752 C:\Windows\System32\lsm.exe
876 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\nvvsvc.exe
980 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\winlogon.exe
356 C:\Windows\System32\svchost.exe
568 C:\Windows\System32\svchost.exe
592 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1340 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1352 C:\Windows\System32\nvvsvc.exe
1444 C:\Windows\System32\dwm.exe
1464 C:\Windows\System32\taskhost.exe
1504 C:\Windows\System32\spoolsv.exe
1564 C:\Windows\System32\svchost.exe
1640 C:\Windows\explorer.exe
1728 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1876 C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
1924 C:\Program Files\Bonjour\mDNSResponder.exe
1952 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1996 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
2032 C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
1112 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1608 C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
1768 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
1988 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1300 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2068 C:\Windows\SysWOW64\PnkBstrA.exe
2092 C:\Windows\System32\rundll32.exe
2100 C:\Windows\System32\rundll32.exe
2108 C:\Windows\SysWOW64\rundll32.exe
2140 C:\Windows\System32\svchost.exe
2180 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2256 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2284 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
2324 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2420 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
2992 C:\Windows\System32\svchost.exe
3340 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3352 C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
3364 C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
3376 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3384 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
3684 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3716 C:\Windows\System32\wbem\unsecapp.exe
3728 C:\Windows\System32\SearchIndexer.exe
3796 WmiPrvSE.exe
3860 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
3896 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
3980 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3988 C:\Program Files (x86)\Steam\steam.exe
3996 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
4072 C:\Windows\System32\StikyNot.exe
1028 C:\Program Files\mcafee.com\agent\mcagent.exe
3512 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
892 C:\Program Files (x86)\Launch Manager\LManager.exe
1828 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3304 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
3092 C:\Program Files (x86)\Launch Manager\LMworker.exe
3644 C:\Program Files\Windows Media Player\wmpnetwk.exe
4576 C:\Windows\System32\svchost.exe
4848 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
556 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
4552 C:\Windows\System32\svchost.exe
6008 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
4296 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1168 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
4932 C:\Program Files\iPod\bin\iPodService.exe
3884 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4312 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3656 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
2276 C:\Windows\System32\SearchProtocolHost.exe
2980 C:\Windows\System32\audiodg.exe
848 C:\Windows\splwow64.exe
4748 C:\Windows\System32\SearchFilterHost.exe
1312 dllhost.exe
5084 dllhost.exe
3956 C:\Users\David\Downloads\MalWare Removal Programmes\MBRCheck.exe
2712 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`71500000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK6465GSX, Rev: GJ002J

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
________________________________________________________________________________________________________________________

I am not sure if i did the second scan correct but this is the result that i saved, i hope this is what you are looking for

These are the programmes which are suspected:

C:\ProgramData\YouTube Downloader\ytd_installer.exe Win32/Toolbar.Widgi application
C:\Users\All Users\YouTube Downloader\ytd_installer.exe Win32/Toolbar.Widgi application
C:\Users\David\Downloads\SoftonicDownloader_for_vlc-media-player.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\David\Downloads\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application
C:\Users\David\Downloads\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application
________________________________________________________________________________________________________________________

Thank you for your kind assistance,
David Kan
davidkan
Regular Member
 
Posts: 19
Joined: March 4th, 2012, 11:40 pm

Re: Unusual traffic from your computer network

Unread postby diver79 » March 9th, 2012, 6:31 am

Hi David,

I have seen YoutubeDownloader programs perform various malicious activities. I would reccomend removing this one. It may be the cause of the unusual traffic.

I would have the other machines on your network checked out also, in case it is one of them.

  • Click on Start...then... Click the Search Programs and Files search box on the Start Menu.
  • Copy and paste the value below, into the open text entry box and press the Enter key:
    appwiz.cpl
  • Locate the program YouTube Downloader 3.5
  • Select the program and click on Uninstall to uninstall it.
  • When finished... Close the Control Panel window.


Run OTL Script
We need to run an OTL Fix
  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :files
    C:\ProgramData\YouTube Downloader\
    C:\Users\All Users\YouTube Downloader\
    C:\Users\David\Downloads\SoftonicDownloader_for_vlc-media-player.exe
    C:\Users\David\Downloads\YouTubeDownloaderSetup272.exe
    C:\Users\David\Downloads\YouTubeDownloaderSetup33.exe
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Unusual traffic from your computer network

Unread postby davidkan » March 9th, 2012, 10:39 pm

Good daym

Apologies but can you provide the link for OTL.exe?

I have already removed the youtube downloader programme.

David Kan
davidkan
Regular Member
 
Posts: 19
Joined: March 4th, 2012, 11:40 pm

Re: Unusual traffic from your computer network

Unread postby diver79 » March 10th, 2012, 4:34 pm

Hi David,
Apologies but can you provide the link for OTL.exe?
My mistake, I thought I had posted instructions for it earlier. Please see instructions below to get an OTL scan, I will post a new fix once you get the logs from OTL.


OTL Scan
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Unusual traffic from your computer network

Unread postby davidkan » March 11th, 2012, 6:15 pm

Good day,

__________________________________________________________________________________________________________________________

OTL Extras logfile created on: 3/12/2012 2:06:22 AM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\David\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.86 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 50.86% Memory free
7.73 Gb Paging File | 5.18 Gb Available in Paging File | 67.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 392.25 Gb Free Space | 67.35% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Battlelog Web Plugins" = Battlelog Web Plugins
"CameraUserGuide-PSELPH500HS_IXUS310HS" = Canon PowerShot ELPH 500 HS_IXUS 310 HS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"ESN Sonar-0.70.4" = ESN Sonar
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"MSC" = McAfee Internet Security Suite
"MyCamera" = Canon Utilities MyCamera
"Origin" = Origin
"PhotoStitch" = Canon Utilities PhotoStitch
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon Setup" = Roll
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"Steam App 10500" = Empire: Total War
"Steam App 107100" = Bastion
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 20920" = The Witcher 2
"Steam App 2700" = RollerCoaster Tycoon 3: Platinum!
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 440" = Team Fortress 2
"Steam App 4560" = Company of Heroes
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 56460" = Warhammer® 40,000®: Dawn of War® II – Retribution™ Beta
"Steam App 6060" = Star Wars - Battlefront II
"Steam App 620" = Portal 2
"SystemRequirementsLab" = System Requirements Lab
"The Sith Lords Restored Content Mod_is1" = TSLRCM 1.7
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2012 8:44:12 AM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4150

Error - 3/5/2012 8:44:13 AM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/5/2012 8:44:13 AM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5195

Error - 3/5/2012 8:44:13 AM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5195

Error - 3/5/2012 8:49:29 AM | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
stamp: 0x4b97baf1 Faulting module name: mpsmisp.dll, version: 13.0.286.0, time stamp:
0x4d233ea7 Exception code: 0x40000015 Fault offset: 0x000000000001d9e8 Faulting process
id: 0x7ac Faulting application start time: 0x01ccface622934f6 Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: c:\PROGRA~1\mcafee\mps\mpsmisp.dll Report Id: a581ee4e-66c1-11e1-9f6d-206a8a2895b2

Error - 3/5/2012 8:50:38 AM | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
stamp: 0x4b97baf1 Faulting module name: mpsmisp.dll, version: 13.0.286.0, time stamp:
0x4d233ea7 Exception code: 0x40000015 Fault offset: 0x000000000001d9e8 Faulting process
id: 0x1260 Faulting application start time: 0x01ccface900a4898 Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: c:\PROGRA~1\mcafee\mps\mpsmisp.dll Report Id: ce66f94c-66c1-11e1-9f6d-206a8a2895b2

Error - 3/5/2012 8:51:51 AM | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
stamp: 0x4b97baf1 Faulting module name: mpsmisp.dll, version: 13.0.286.0, time stamp:
0x4d233ea7 Exception code: 0x40000015 Fault offset: 0x000000000001d9e8 Faulting process
id: 0x108 Faulting application start time: 0x01ccfaceac1f0453 Faulting application
path: C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe Faulting module
path: c:\PROGRA~1\mcafee\mps\mpsmisp.dll Report Id: fa2da89c-66c1-11e1-9f6d-206a8a2895b2

Error - 3/6/2012 10:40:10 AM | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
stamp: 0x4b97baf1 Faulting module name: mpsmisp.dll, version: 13.0.286.0, time stamp:
0x4d233ea7 Exception code: 0x40000015 Fault offset: 0x000000000001d9e8 Faulting process
id: 0x500 Faulting application start time: 0x01ccfba7002fcbc2 Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: c:\PROGRA~1\mcafee\mps\mpsmisp.dll Report Id: 4646bb0b-679a-11e1-af33-206a8a2895b2

Error - 3/6/2012 10:41:20 AM | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
stamp: 0x4b97baf1 Faulting module name: mpsmisp.dll, version: 13.0.286.0, time stamp:
0x4d233ea7 Exception code: 0x40000015 Fault offset: 0x000000000001d9e8 Faulting process
id: 0x9c0 Faulting application start time: 0x01ccfba731b1862a Faulting application
path: C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe Faulting module
path: c:\PROGRA~1\mcafee\mps\mpsmisp.dll Report Id: 70024ffe-679a-11e1-af33-206a8a2895b2

Error - 3/6/2012 10:42:23 AM | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
stamp: 0x4b97baf1 Faulting module name: mpsmisp.dll, version: 13.0.286.0, time stamp:
0x4d233ea7 Exception code: 0x40000015 Fault offset: 0x000000000001d9e8 Faulting process
id: 0xaa8 Faulting application start time: 0x01ccfba74b1fd9b8 Faulting application
path: C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe Faulting module
path: c:\PROGRA~1\mcafee\mps\mpsmisp.dll Report Id: 958664f6-679a-11e1-af33-206a8a2895b2

[ System Events ]
Error - 3/11/2012 10:12:17 AM | Computer Name = David-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/11/2012 10:12:17 AM | Computer Name = David-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee Anti-Spam Service service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 3/11/2012 10:13:17 AM | Computer Name = David-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee Personal Firewall Service
service, but this action failed with the following error: %%1056

Error - 3/11/2012 10:13:17 AM | Computer Name = David-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee Services service, but
this action failed with the following error: %%1056

Error - 3/11/2012 10:13:27 AM | Computer Name = David-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 3 time(s).

Error - 3/11/2012 10:13:27 AM | Computer Name = David-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Services service terminated unexpectedly. It has done
this 3 time(s).

Error - 3/11/2012 10:13:27 AM | Computer Name = David-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee VirusScan Announcer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 3/11/2012 10:13:27 AM | Computer Name = David-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/11/2012 10:13:27 AM | Computer Name = David-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 3 time(s).

Error - 3/11/2012 10:13:27 AM | Computer Name = David-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Anti-Spam Service service terminated unexpectedly. It
has done this 3 time(s).


< End of report >
________________________________________________________________________________________________________________

Thank you for your kind help,

David Kan
davidkan
Regular Member
 
Posts: 19
Joined: March 4th, 2012, 11:40 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware