Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Suspicious Internet Data usage

Started by LANCE_1313 , Mar 29 2013 07:47 AM

Please log in to reply

#1
LANCE_1313

Posted 29 March 2013 - 07:47 AM

Member

Member
159 posts

Over the past week my internet data usage has skyrocketed. I'm now over on my monthly quota. I have not been downloading anything and thought someone might have cracked my wireless password. I changed it two days ago but my data usage for yesterday was still over 2 gigs when I didn't use it. I'm thinking there may be a virus using my data. I haven't noticed any odd behavior from my computer other than Noscript wasn't running right but I thought that was an issue with the most recent update. I realize now this was most likely an error in judgement.

Protection I'm running: Avast Free, Malware bytes scans periodically (most recent not since last weekend - pre problems), NoScript, updated Hosts file and Spyware Blaster.

Any help would be greatly appreciated.

OTL logfile created on: 3/29/2013 9:34:43 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LANCE\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.93 Gb Total Physical Memory | 3.12 Gb Available Physical Memory | 52.60% Memory free
11.87 Gb Paging File | 8.55 Gb Available in Paging File | 72.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 29.04 Gb Free Space | 24.94% Space Free | Partition Type: NTFS
Drive D: | 329.79 Gb Total Space | 208.46 Gb Free Space | 63.21% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: LANCE-PC | User Name: LANCE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/29 09:19:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LANCE\Downloads\OTL.exe
PRC - [2013/03/18 08:23:58 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/03/12 13:20:20 | 001,099,608 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/03/11 17:11:23 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013/03/07 21:35:36 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/09 23:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/02/09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 12:08:52 | 002,255,360 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/10/10 20:55:32 | 000,336,304 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2009/11/12 14:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/02 18:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/26 14:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/10/09 14:27:44 | 006,937,216 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/09/30 23:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 23:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/24 17:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/08/20 00:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/07/01 22:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/06/24 16:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 14:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 14:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/18 19:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/12/29 20:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
PRC - [2008/12/22 21:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 01:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 15:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/18 08:23:58 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/11 17:11:23 | 002,243,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013/03/11 17:11:23 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2013/03/11 17:11:23 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2013/03/07 21:35:35 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/02/14 04:11:43 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\3b1d7952215bc34df472d77057fb9a95\System.WorkflowServices.ni.dll
MOD - [2013/02/14 04:04:55 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\806c4ba7d696ab586ffd774a31f1a66b\System.Windows.Forms.ni.dll
MOD - [2013/01/09 21:35:24 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28ec5c157703b1816451954d6c52d5a4\System.ServiceModel.Discovery.ni.dll
MOD - [2013/01/09 21:35:24 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\83596232d0f20049567d6cc181b83fcf\System.ServiceModel.Routing.ni.dll
MOD - [2013/01/09 21:35:23 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\cc4f8731475c522e454265d5b1da958d\System.ServiceModel.Channels.ni.dll
MOD - [2013/01/09 21:35:12 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e8488b8ed53ddd598c6d7d799ca54f28\System.ServiceModel.Activities.ni.dll
MOD - [2013/01/09 21:35:12 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\2024a7339aa5ad2712d239d454d3c355\System.Management.ni.dll
MOD - [2013/01/09 21:35:09 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8e092d89921648308ac103bb08bfd370\System.IdentityModel.ni.dll
MOD - [2013/01/09 21:35:08 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e464dc608a88955a0edccba917d207de\System.ServiceModel.ni.dll
MOD - [2013/01/09 21:34:55 | 001,085,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\edf6ed0d469ab0053a56ec64be932f7d\System.ServiceModel.Web.ni.dll
MOD - [2013/01/09 21:33:42 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\92a212ecc0518acff05c1719236b9302\UIAutomationProvider.ni.dll
MOD - [2013/01/09 21:33:29 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\22c60ca3c2b18e041ebff2578c90cba3\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/01/09 21:33:29 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9253eb314ef2f5adada0d5fdf1d4a839\System.Transactions.ni.dll
MOD - [2013/01/09 21:33:28 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll
MOD - [2013/01/09 21:33:27 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll
MOD - [2013/01/09 21:33:26 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\84068bac0b3859c94652214e0b90dfc6\System.Xml.Linq.ni.dll
MOD - [2013/01/09 21:33:03 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll
MOD - [2013/01/09 21:32:57 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\2be03dd49bc35a9286858479e0433449\Accessibility.ni.dll
MOD - [2013/01/09 20:00:14 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f28a346ae10e2eec581608f591cf7116\PresentationFramework.ni.dll
MOD - [2013/01/09 20:00:02 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8983c040161b34c64474f195bff5e2de\PresentationCore.ni.dll
MOD - [2013/01/09 19:59:54 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll
MOD - [2013/01/09 19:59:50 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
MOD - [2013/01/09 19:59:48 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5dbabea688adfc665e3453561736699a\WindowsBase.ni.dll
MOD - [2013/01/09 19:59:47 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
MOD - [2013/01/09 19:59:47 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7d6b122bee0977d953ee2409d74c3c25\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 19:59:45 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb72ac8478a5ea7e2d570bb710ecb1c1\System.Configuration.ni.dll
MOD - [2013/01/09 19:59:43 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
MOD - [2013/01/09 19:59:38 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/12 14:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/02 18:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 18:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/09/24 17:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/06/02 22:09:06 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2009/03/26 18:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 22:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2007/11/30 15:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/06/15 14:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 21:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/09/17 15:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2013/03/18 08:23:58 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/12 13:19:38 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Stopped] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/03/07 21:35:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/09 23:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 12:08:50 | 002,466,304 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/23 14:43:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/01/23 14:43:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/09/30 23:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 23:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/18 07:45:35 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/03/06 18:33:21 | 000,178,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/06 18:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/12/19 01:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/08/20 23:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/17 03:01:22 | 000,110,592 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/08 00:43:54 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/01/23 14:40:55 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/10/02 00:58:57 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/17 00:15:43 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/20 05:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/04 23:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 12:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 00:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 00:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 00:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/28 23:53:45 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 04:11:05 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/05/12 21:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/07 03:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/05/23 21:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 15:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.ca"
FF - prefs.js..extensions.enabledAddons: SkipScreen%40SkipScreen:0.7.0
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7Bc36177c0-224a-11da-8cd6-0800200c9a91%7D:3.9.81
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/18 07:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 21:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/03/11 17:11:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 21:35:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/03/11 17:11:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/07/12 22:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LANCE\AppData\Roaming\Mozilla\Extensions
[2013/03/20 22:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LANCE\AppData\Roaming\Mozilla\Firefox\Profiles\ix7sdir3.default\extensions
[2013/03/15 16:50:16 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\LANCE\AppData\Roaming\Mozilla\Firefox\Profiles\ix7sdir3.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/12/29 18:49:01 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\LANCE\AppData\Roaming\Mozilla\Firefox\Profiles\ix7sdir3.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/01/30 14:00:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\LANCE\AppData\Roaming\Mozilla\Firefox\Profiles\ix7sdir3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/03/20 22:20:19 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\LANCE\AppData\Roaming\Mozilla\Firefox\Profiles\ix7sdir3.default\extensions\[email protected]
[2013/01/23 09:54:18 | 000,012,140 | ---- | M] () (No name found) -- C:\Users\LANCE\AppData\Roaming\Mozilla\Firefox\Profiles\ix7sdir3.default\extensions\[email protected]
[2012/10/17 16:18:36 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\LANCE\AppData\Roaming\Mozilla\Firefox\Profiles\ix7sdir3.default\extensions\[email protected]
[2012/07/13 06:39:21 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\LANCE\AppData\Roaming\Mozilla\Firefox\Profiles\ix7sdir3.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/03/04 10:29:45 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\LANCE\AppData\Roaming\Mozilla\Firefox\Profiles\ix7sdir3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/07/13 05:27:51 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\LANCE\AppData\Roaming\Mozilla\Firefox\Profiles\ix7sdir3.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2013/02/14 17:35:13 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\LANCE\AppData\Roaming\Mozilla\Firefox\Profiles\ix7sdir3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/13 05:27:51 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\LANCE\AppData\Roaming\Mozilla\Firefox\Profiles\ix7sdir3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/03/07 21:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 21:35:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/23 03:31:52 | 000,003,546 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/02/27 01:09:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 01:09:34 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{193F5FC8-40DA-47C3-9992-D94342833366}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20A798F7-CB28-4820-93CF-D57A056109A0}: DhcpNameServer = 172.16.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{335fc2e7-29e4-11e2-9b68-002243cadd13}\Shell - "" = AutoRun
O33 - MountPoints2\{335fc2e7-29e4-11e2-9b68-002243cadd13}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{842ebc7b-da88-11e1-bd86-002243cadd13}\Shell - "" = AutoRun
O33 - MountPoints2\{842ebc7b-da88-11e1-bd86-002243cadd13}\Shell\AutoRun\command - "" = F:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/19 00:10:10 | 000,000,000 | ---D | C] -- C:\Users\LANCE\AppData\Local\Garmin
[2013/03/19 00:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2013/03/19 00:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/03/18 07:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013/03/18 07:45:35 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/03/18 07:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013/03/18 07:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/12 21:59:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/03/11 17:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/03/11 15:45:58 | 000,000,000 | ---D | C] -- C:\Users\LANCE\Documents\Might & Magic Heroes VI
[2013/03/11 15:45:58 | 000,000,000 | ---D | C] -- C:\Users\LANCE\AppData\Roaming\Might & Magic Heroes VI
[2013/03/11 14:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013/03/11 14:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repack by Fenixx
[2013/03/11 14:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Might And Magic.Heroes 6.v 1.5.2.0
[2013/03/10 14:06:31 | 000,000,000 | ---D | C] -- C:\Users\LANCE\Documents\Wizards of the Coast
[2013/03/07 21:35:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/05 11:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/03/05 10:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses

========== Files - Modified Within 30 Days ==========

[2013/03/29 08:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/28 07:36:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/28 07:36:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/28 07:28:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/28 07:27:28 | 484,315,135 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/27 12:16:03 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/27 12:16:03 | 000,664,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/27 12:16:03 | 000,125,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/25 14:03:42 | 000,947,400 | ---- | M] () -- C:\Users\LANCE\Desktop\3242013192649.gif
[2013/03/23 07:47:40 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013/03/19 22:13:10 | 000,001,858 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/03/19 22:13:10 | 000,001,741 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/03/18 07:45:35 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/03/18 07:43:03 | 000,000,969 | ---- | M] () -- C:\Users\LANCE\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/03/18 07:43:03 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/03/18 07:39:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/03/14 02:12:32 | 000,002,112 | ---- | M] () -- C:\Users\LANCE\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/03/14 00:28:31 | 671,853,688 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/11 14:48:26 | 000,002,238 | ---- | M] () -- C:\Users\Public\Desktop\Might And Magic.Heroes 6.v 1.5.2.0.lnk
[2013/03/11 14:48:26 | 000,002,237 | ---- | M] () -- C:\Users\Public\Desktop\Might And Magic.Heroes 6.(Àêòèâèðîâàòü Ðóññêóþ âåðñèþ).lnk
[2013/03/11 14:48:26 | 000,002,237 | ---- | M] () -- C:\Users\Public\Desktop\Might And Magic.Heroes 6.(Àêòèâèðîâàòü Àíãëèéñêóþ âåðñèþ).lnk
[2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/03/06 18:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/03/06 18:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/03/06 18:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/03/06 18:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2013/03/25 14:03:41 | 000,947,400 | ---- | C] () -- C:\Users\LANCE\Desktop\3242013192649.gif
[2013/03/18 07:43:03 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/03/12 21:59:39 | 671,853,688 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/11 14:48:26 | 000,002,238 | ---- | C] () -- C:\Users\Public\Desktop\Might And Magic.Heroes 6.v 1.5.2.0.lnk
[2013/03/11 14:48:26 | 000,002,237 | ---- | C] () -- C:\Users\Public\Desktop\Might And Magic.Heroes 6.(Àêòèâèðîâàòü Ðóññêóþ âåðñèþ).lnk
[2013/03/11 14:48:26 | 000,002,237 | ---- | C] () -- C:\Users\Public\Desktop\Might And Magic.Heroes 6.(Àêòèâèðîâàòü Àíãëèéñêóþ âåðñèþ).lnk
[2013/03/05 11:01:19 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/03/05 11:01:19 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/01/21 10:25:19 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2012/11/12 06:56:40 | 000,005,120 | ---- | C] () -- C:\Users\LANCE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/20 16:03:15 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/12 22:49:33 | 000,000,000 | ---- | C] () -- C:\Users\LANCE\AppData\Roaming\Stardockfences_debug_snapshot.dat
[2010/01/23 14:27:16 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/13 06:26:39 | 000,000,000 | ---D | M] -- C:\Users\LANCE\AppData\Roaming\Asus WebStorage
[2012/12/19 12:21:15 | 000,000,000 | ---D | M] -- C:\Users\LANCE\AppData\Roaming\calibre
[2013/03/05 11:14:36 | 000,000,000 | ---D | M] -- C:\Users\LANCE\AppData\Roaming\DAEMON Tools Lite
[2013/03/19 00:09:48 | 000,000,000 | ---D | M] -- C:\Users\LANCE\AppData\Roaming\Garmin
[2012/11/22 22:05:30 | 000,000,000 | ---D | M] -- C:\Users\LANCE\AppData\Roaming\Hive Cluster
[2012/11/01 03:36:02 | 000,000,000 | ---D | M] -- C:\Users\LANCE\AppData\Roaming\JAM Software
[2012/07/21 00:59:17 | 000,000,000 | ---D | M] -- C:\Users\LANCE\AppData\Roaming\LolClient
[2013/03/28 15:48:17 | 000,000,000 | ---D | M] -- C:\Users\LANCE\AppData\Roaming\Might & Magic Heroes VI
[2012/12/19 11:33:38 | 000,000,000 | ---D | M] -- C:\Users\LANCE\AppData\Roaming\mjusbsp
[2012/12/19 11:42:13 | 000,000,000 | ---D | M] -- C:\Users\LANCE\AppData\Roaming\Stardock
[2012/07/20 15:23:53 | 000,000,000 | ---D | M] -- C:\Users\LANCE\AppData\Roaming\Thunderbird
[2012/11/01 04:53:10 | 000,000,000 | ---D | M] -- C:\Users\LANCE\AppData\Roaming\TS3Client
[2013/03/22 18:43:46 | 000,000,000 | ---D | M] -- C:\Users\LANCE\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

#2
RKinner

Posted 29 March 2013 - 09:43 AM

Malware Expert

Expert
24,625 posts

Did you get an Extras log at the same time as the OTL? If so please copy and paste it.

I don't see an obvious infection. You have Logmein on your PC. Could someone have hacked that password and be using your PC that way? I also see ASUS WebStorage which might be using the internet. Also do you have the version of Garmin that automatically downloads new maps? That could generate a lot of traffic.

There is a program called tcpview. http://live.sysinter...com/Tcpview.exe Download, Save and then run it by right clicking and Run As Admin.

Then File, Save As (to your desktop), tcp , OK. This should createa file tcp.txt on your desktop. Attach or copy and paste it to a reply.

Let's also try ESET tho I don't expect it to find anything. (I think the instructions may be a bit out of date but you should be able to figure out how to get it to run at least. It takes several hours to complete.)

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Ron

#3
LANCE_1313

Posted 29 March 2013 - 01:30 PM

Member

Topic Starter
Member
159 posts

I didn't get an Extra's Log. Is there a way that I should rescan to get one?

I use logmein to play portal cooperatively. I'll make sure that it's turned off if I'm not using it. I hadn't considered that as an issue.

Garmin automatic updates have been turned off.

I've never used ASUS webstorage and don't' have a login or account so I don't think that could be doing anything.

ESET did not find any threats and therefore I didn't see an option to print off a log.

Here is the TCPView log:

[System Process] 0 TCP LANCE-PC 2559 localhost 51390 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51391 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51392 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51393 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51394 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51395 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51396 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51397 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51401 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51402 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51403 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51404 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51405 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51406 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51407 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 51408 TIME_WAIT
[System Process] 0 TCP LANCE-PC 51370 localhost 12080 TIME_WAIT
[System Process] 0 TCP lance-pc 51372 172.16.0.1 5000 TIME_WAIT
[System Process] 0 TCP lance-pc 51373 172.16.0.1 5000 TIME_WAIT
[System Process] 0 TCP lance-pc 51374 172.16.0.1 5000 TIME_WAIT
[System Process] 0 TCP lance-pc 51385 172.16.0.1 5000 TIME_WAIT
[System Process] 0 TCP lance-pc 51386 172.16.0.1 5000 TIME_WAIT
[System Process] 0 TCP lance-pc 51387 172.16.0.1 5000 TIME_WAIT
[System Process] 0 TCP lance-pc 51388 77.234.41.68 http TIME_WAIT
[System Process] 0 TCP lance-pc 51398 172.16.0.1 5000 TIME_WAIT
[System Process] 0 TCP lance-pc 51399 172.16.0.1 5000 TIME_WAIT
[System Process] 0 TCP lance-pc 51400 172.16.0.1 5000 TIME_WAIT
[System Process] 0 TCPV6 [0:0:0:0:0:0:0:1] icslap [0:0:0:0:0:0:0:1] 51381 TIME_WAIT
AppleMobileDeviceService.exe 2152 TCP LANCE-PC 27015 LANCE-PC 0 LISTENING
AppleMobileDeviceService.exe 2152 TCP LANCE-PC 27015 localhost 49166 ESTABLISHED
AppleMobileDeviceService.exe 2152 TCP LANCE-PC 49156 localhost 5354 ESTABLISHED
AppleMobileDeviceService.exe 2152 UDP LANCE-PC 50423 * *
AppleMobileDeviceService.exe 2152 UDP LANCE-PC 50424 * *
AvastSvc.exe 1472 TCP LANCE-PC 12080 LANCE-PC 0 LISTENING
AvastSvc.exe 1472 TCP LANCE-PC 12080 localhost 51375 ESTABLISHED
AvastSvc.exe 1472 TCP LANCE-PC 12080 localhost 51409 ESTABLISHED 2 231 1 285
AvastSvc.exe 1472 TCP LANCE-PC 12080 localhost 51378 ESTABLISHED 13 393,677 3 1,011
AvastSvc.exe 1472 TCP LANCE-PC 27275 LANCE-PC 0 LISTENING
AvastSvc.exe 1472 TCP lance-pc 50613 r-051-041-234-077.ff.avast.com http ESTABLISHED
AvastSvc.exe 1472 TCP lance-pc 51379 67.159.60.18 http ESTABLISHED 3 1,011 26 412,105 337 1,460 1 1
AvastSvc.exe 1472 TCP lance-pc 51380 5.153.13.126-static.reverse.softlayer.com http ESTABLISHED
AvastSvc.exe 1472 TCP LANCE-PC 27275 LANCE-PC 0 LISTENING
AvastSvc.exe 1472 TCPV6 [0:0:0:0:0:0:0:1] 27275 [0:0:0:0:0:0:0:0] 0 LISTENING
AvastSvc.exe 1472 TCP LANCE-PC 12080 localhost 51376 ESTABLISHED
AvastSvc.exe 1472 TCP lance-pc 51410 24.156.130.154 http ESTABLISHED 1 285 1 231
daemonu.exe 6848 TCP LANCE-PC 2559 LANCE-PC 0 LISTENING
daemonu.exe 6848 UDP LANCE-PC 48000 * *
firefox.exe 3872 TCP LANCE-PC 49205 localhost 49206 ESTABLISHED
firefox.exe 3872 TCP LANCE-PC 49206 localhost 49205 ESTABLISHED
iexplore.exe 3128 TCP LANCE-PC 51375 localhost 12080 ESTABLISHED
iexplore.exe 3128 TCP LANCE-PC 51376 localhost 12080 ESTABLISHED
iexplore.exe 6416 UDP LANCE-PC 55303 * *
iexplore.exe 3128 UDP LANCE-PC 60721 * *
iTunesHelper.exe 2324 TCP LANCE-PC 49166 localhost 27015 ESTABLISHED
iTunesHelper.exe 2324 UDP LANCE-PC 59646 * *
iTunesHelper.exe 2324 UDP LANCE-PC 59647 * *
lsass.exe 848 TCP LANCE-PC 49154 LANCE-PC 0 LISTENING
lsass.exe 848 TCPV6 [0:0:0:0:0:0:0:0] 49154 [0:0:0:0:0:0:0:0] 0 LISTENING
mDNSResponder.exe 2376 TCP LANCE-PC 5354 LANCE-PC 0 LISTENING
mDNSResponder.exe 2376 TCP LANCE-PC 5354 localhost 49156 ESTABLISHED
mDNSResponder.exe 2376 UDP lance-pc 5353 * *
mDNSResponder.exe 2376 UDP lance-pc 5353 * *
mDNSResponder.exe 2376 UDP LANCE-PC 50425 * *
mDNSResponder.exe 2376 UDPV6 [0:0:0:0:0:0:0:1] 5353 * *
mDNSResponder.exe 2376 UDPV6 [0:0:0:0:0:0:0:0] 50426 * *
nvtray.exe 2832 UDP LANCE-PC 48001 * *
services.exe 840 TCP LANCE-PC 49200 LANCE-PC 0 LISTENING
services.exe 840 TCPV6 [0:0:0:0:0:0:0:0] 49200 [0:0:0:0:0:0:0:0] 0 LISTENING
Skype.exe 2820 TCP LANCE-PC http LANCE-PC 0 LISTENING
Skype.exe 2820 TCP LANCE-PC https LANCE-PC 0 LISTENING
Skype.exe 2820 TCP LANCE-PC 27549 LANCE-PC 0 LISTENING 12 369 12 246
Skype.exe 2820 TCP lance-pc 27549 3-3.4-85.cust.bluewin.ch 49836 ESTABLISHED
Skype.exe 2820 TCP lance-pc 27549 199.116.221.23 55484 ESTABLISHED
Skype.exe 2820 TCP lance-pc 49208 65.55.223.29 40028 ESTABLISHED 2 6 2 13
Skype.exe 2820 TCP lance-pc 49210 78.141.179.18 12350 ESTABLISHED
Skype.exe 2820 TCP lance-pc 49213 baymsgr2012220.gateway.edge.messenger.live.com https ESTABLISHED
Skype.exe 2820 UDP LANCE-PC https * *
Skype.exe 2820 UDP LANCE-PC 27549 * *
Skype.exe 2820 UDP LANCE-PC 49666 * *
Skype.exe 2820 UDP LANCE-PC 59648 * * 9 9 9 9
Skype.exe 2820 TCP lance-pc 27549 199.116.221.23 55484 ESTABLISHED
Skype.exe 2820 TCP lance-pc 27549 99.238.85.63 58931 ESTABLISHED
spoolsv.exe 1876 TCP LANCE-PC 49214 LANCE-PC 0 LISTENING
spoolsv.exe 1876 TCPV6 [0:0:0:0:0:0:0:0] 49214 [0:0:0:0:0:0:0:0] 0 LISTENING
svchost.exe 384 TCP LANCE-PC epmap LANCE-PC 0 LISTENING
svchost.exe 484 TCP LANCE-PC 49153 LANCE-PC 0 LISTENING
svchost.exe 1048 TCP LANCE-PC 49155 LANCE-PC 0 LISTENING
svchost.exe 1048 TCP LANCE-PC 51378 localhost 12080 ESTABLISHED 3 1,011 205 566,557
svchost.exe 2444 UDP lance-pc ssdp * * 28 4,939
svchost.exe 2444 UDP LANCE-PC ssdp * *
svchost.exe 2444 UDP lance-pc ssdp * *
svchost.exe 1048 UDP LANCE-PC teredo * *
svchost.exe 2444 UDP LANCE-PC ws-discovery * *
svchost.exe 1172 UDP LANCE-PC ws-discovery * *
svchost.exe 2444 UDP LANCE-PC ws-discovery * *
svchost.exe 1172 UDP LANCE-PC ws-discovery * *
svchost.exe 1256 UDP LANCE-PC llmnr * * 6 246
svchost.exe 2444 UDP lance-pc 53283 * *
svchost.exe 2444 UDP LANCE-PC 53284 * *
svchost.exe 1172 UDP LANCE-PC 53285 * *
svchost.exe 1048 UDP lance-pc 63164 * *
svchost.exe 2444 UDP LANCE-PC 63666 * *
svchost.exe 384 TCPV6 [0:0:0:0:0:0:0:0] epmap [0:0:0:0:0:0:0:0] 0 LISTENING
svchost.exe 1688 TCPV6 [0:0:0:0:0:0:0:0] 3587 [0:0:0:0:0:0:0:0] 0 LISTENING
svchost.exe 484 TCPV6 [0:0:0:0:0:0:0:0] 49153 [0:0:0:0:0:0:0:0] 0 LISTENING
svchost.exe 1048 TCPV6 [0:0:0:0:0:0:0:0] 49155 [0:0:0:0:0:0:0:0] 0 LISTENING
svchost.exe 484 UDPV6 [fe80:0:0:0:4d00:688f:2606:2543] 546 * *
svchost.exe 2444 UDPV6 [0:0:0:0:0:0:0:1] 1900 * *
svchost.exe 2444 UDPV6 [fe80:0:0:0:2062:69be:60f0:d66f] 1900 * *
svchost.exe 2444 UDPV6 [fe80:0:0:0:4d00:688f:2606:2543] 1900 * *
svchost.exe 1688 UDPV6 [0:0:0:0:0:0:0:0] 3540 * * 12 6,630
svchost.exe 2444 UDPV6 [0:0:0:0:0:0:0:0] 3702 * *
svchost.exe 1172 UDPV6 [0:0:0:0:0:0:0:0] 3702 * *
svchost.exe 1172 UDPV6 [0:0:0:0:0:0:0:0] 3702 * *
svchost.exe 2444 UDPV6 [0:0:0:0:0:0:0:0] 3702 * *
svchost.exe 1256 UDPV6 [0:0:0:0:0:0:0:0] 5355 * *
svchost.exe 2444 UDPV6 [fe80:0:0:0:2062:69be:60f0:d66f] 53281 * *
svchost.exe 2444 UDPV6 [0:0:0:0:0:0:0:1] 53282 * * 16 5,952
svchost.exe 1172 UDPV6 [0:0:0:0:0:0:0:0] 53286 * *
svchost.exe 2444 UDPV6 [0:0:0:0:0:0:0:0] 63667 * *
svchost.exe 484 UDPV6 [fe80:0:0:0:2062:69be:60f0:d66f] 546 * *
svchost.exe 1256 TCP LANCE-PC 51409 localhost 12080 ESTABLISHED 1 285 2 231
System 4 TCP lance-pc netbios-ssn LANCE-PC 0 LISTENING
System 4 TCP lance-pc netbios-ssn LANCE-PC 0 LISTENING
System 4 TCP LANCE-PC microsoft-ds LANCE-PC 0 LISTENING
System 4 TCP LANCE-PC icslap LANCE-PC 0 LISTENING
System 4 TCP LANCE-PC wsd LANCE-PC 0 LISTENING
System 4 TCP LANCE-PC 10243 LANCE-PC 0 LISTENING
System 4 UDP lance-pc netbios-ns * * 45 2,250 13 1,026 200 383 4 3
System 4 UDP lance-pc netbios-ns * *
System 4 UDP lance-pc netbios-dgm * *
System 4 UDP lance-pc netbios-dgm * *
System 4 TCPV6 [0:0:0:0:0:0:0:0] microsoft-ds [0:0:0:0:0:0:0:0] 0 LISTENING
System 4 TCPV6 [0:0:0:0:0:0:0:0] icslap [0:0:0:0:0:0:0:0] 0 LISTENING
System 4 TCPV6 [0:0:0:0:0:0:0:0] wsd [0:0:0:0:0:0:0:0] 0 LISTENING
System 4 TCPV6 [0:0:0:0:0:0:0:0] 10243 [0:0:0:0:0:0:0:0] 0 LISTENING
UNS.exe 6468 TCP LANCE-PC 49772 LANCE-PC 0 LISTENING
UpdateChecker.exe 2724 TCP LANCE-PC 49177 LANCE-PC 0 LISTENING
wininit.exe 744 TCP LANCE-PC 49152 LANCE-PC 0 LISTENING
wininit.exe 744 TCPV6 [0:0:0:0:0:0:0:0] 49152 [0:0:0:0:0:0:0:0] 0 LISTENING
wmpnetwk.exe 4564 TCP LANCE-PC rtsp LANCE-PC 0 LISTENING
wmpnetwk.exe 4564 UDP LANCE-PC 5004 * *
wmpnetwk.exe 4564 UDP LANCE-PC 5005 * *
wmpnetwk.exe 4564 TCPV6 [0:0:0:0:0:0:0:0] rtsp [0:0:0:0:0:0:0:0] 0 LISTENING
wmpnetwk.exe 4564 UDPV6 [0:0:0:0:0:0:0:0] 5004 * *
wmpnetwk.exe 4564 UDPV6 [0:0:0:0:0:0:0:0] 5005 * *

#4
RKinner

Posted 29 March 2013 - 07:04 PM

Malware Expert

Expert
24,625 posts

Something funny going on with Skype:

This is yours:

Skype.exe 2820 TCP lance-pc 27549 3-3.4-85.cust.bluewin.ch 49836 ESTABLISHED
Skype.exe 2820 TCP lance-pc 27549 199.116.221.23 55484 ESTABLISHED
Skype.exe 2820 TCP lance-pc 49208 65.55.223.29 40028 ESTABLISHED 2 6 2 13
Skype.exe 2820 TCP lance-pc 49210 78.141.179.18 12350 ESTABLISHED
Skype.exe 2820 TCP lance-pc 49213 baymsgr2012220.gateway.edge.messenger.live.com https ESTABLISHED
Skype.exe 2820 TCP lance-pc 27549 199.116.221.23 55484 ESTABLISHED
Skype.exe 2820 TCP lance-pc 27549 99.238.85.63 58931 ESTABLISHED

This is mine:

Skype.exe 3932 TCP shelly-hp.myhome.westell.com 56202 64.4.23.151 40036 ESTABLISHED
Skype.exe 3932 TCP shelly-hp.myhome.westell.com 56203 sn1msg3020310.sn1.gateway.edge.messenger.live.com https ESTABLISHED
Skype.exe 3932 TCP shelly-hp.myhome.westell.com 56204 91.190.216.51 12350 ESTABLISHED

Could you have left a skype connection up? Right click on the skype icon on your tool bar and Quit Skype.

You can turn off IPv6. It's not anything you need and I do see it trying to connect.

http://support.microsoft.com/kb/929852

Click on Disable IPv6 and follow the instructions. You will need to reboot when it finishes.

Then run tcpview again and let's see if the extra connections are still there.

#5
LANCE_1313

Posted 01 April 2013 - 07:16 PM

Member

Topic Starter
Member
159 posts

Here's the log post disable

[System Process] 0 TCP lance-pc 49249 a405fs.avast.com http TIME_WAIT
[System Process] 0 TCP lance-pc 49262 ddos1.us.santrex.net http TIME_WAIT
[System Process] 0 TCP lance-pc 49283 a401fs.avast.com http TIME_WAIT
[System Process] 0 TCP LANCE-PC 49289 localhost 12080 TIME_WAIT
[System Process] 0 TCPV6 [0:0:0:0:0:0:0:1] wsd [0:0:0:0:0:0:0:1] 49309 TIME_WAIT
[System Process] 0 TCPV6 [0:0:0:0:0:0:0:1] icslap [0:0:0:0:0:0:0:1] 49312 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49315 TIME_WAIT
[System Process] 0 TCP LANCE-PC 49324 localhost 12080 TIME_WAIT
[System Process] 0 TCP LANCE-PC 49321 localhost 12080 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49330 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49343 TIME_WAIT
[System Process] 0 TCP LANCE-PC 49331 localhost 12080 TIME_WAIT
[System Process] 0 TCP LANCE-PC 49344 localhost 12080 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49367 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49345 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49358 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49371 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49375 TIME_WAIT
[System Process] 0 TCP LANCE-PC 49364 localhost 12080 TIME_WAIT
[System Process] 0 TCP lance-pc 49369 noscript.net http TIME_WAIT
[System Process] 0 TCP LANCE-PC 49374 localhost 12080 TIME_WAIT
[System Process] 0 TCP lance-pc 49378 noscript.net http TIME_WAIT
[System Process] 0 TCP lance-pc 49379 noscript.net http TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49331 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49349 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49370 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49374 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49377 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49380 TIME_WAIT
[System Process] 0 TCP lance-pc 49342 mozorg-engagement.zlb.phx.mozilla.net http TIME_WAIT
[System Process] 0 TCP LANCE-PC 49405 localhost 12080 TIME_WAIT
[System Process] 0 TCP LANCE-PC 12080 localhost 49417 TIME_WAIT 5 64,616
[System Process] 0 TCP LANCE-PC 12080 localhost 49425 TIME_WAIT
[System Process] 0 TCP LANCE-PC wsd localhost 49436 TIME_WAIT
[System Process] 0 TCP lance-pc 49235 84.f7.364a.static.theplanet.com http TIME_WAIT
[System Process] 0 TCP lance-pc 49447 r-068-041-234-077.ff.avast.com http TIME_WAIT
[System Process] 0 TCP LANCE-PC wsd localhost 49449 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 49474 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 49474 TIME_WAIT
[System Process] 0 TCP LANCE-PC 2559 localhost 49472 TIME_WAIT 5 405
[System Process] 0 TCP LANCE-PC 2559 localhost 49473 TIME_WAIT
[System Process] 0 TCP lance-pc 49485 r-068-041-234-077.ff.avast.com http TIME_WAIT
AppleMobileDeviceService.exe 2152 TCP LANCE-PC 27015 LANCE-PC 0 LISTENING
AppleMobileDeviceService.exe 2152 TCP LANCE-PC 27015 localhost 49163 ESTABLISHED
AppleMobileDeviceService.exe 2152 TCP LANCE-PC 49156 localhost 5354 ESTABLISHED
AppleMobileDeviceService.exe 2152 UDP LANCE-PC 57205 * *
AppleMobileDeviceService.exe 2152 UDP LANCE-PC 57206 * *
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49338 ESTABLISHED
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49388 ESTABLISHED 6 62,551 2 1,284
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49483 ESTABLISHED 2 804 2 387
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49387 ESTABLISHED 2 235 1 422
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49385 ESTABLISHED 4 1,655 2 981
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49273 ESTABLISHED 4 212,281 33,000 2
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49365 ESTABLISHED 2 1,512 1 384
AvastSvc.exe 1460 TCP LANCE-PC 12080 LANCE-PC 0 LISTENING
AvastSvc.exe 1460 TCP LANCE-PC 27275 LANCE-PC 0 LISTENING
AvastSvc.exe 1460 TCP lance-pc 49251 r-055-042-234-077.ff.avast.com http ESTABLISHED
AvastSvc.exe 1460 TCP LANCE-PC 27275 LANCE-PC 0 LISTENING
AvastSvc.exe 1460 TCPV6 [0:0:0:0:0:0:0:1] 27275 lance-pc 0 LISTENING
AvastSvc.exe 1460 TCP lance-pc 49274 ddos1.us.santrex.net http ESTABLISHED 9 2,982 97 776,116 34,460 2
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49359 ESTABLISHED 6 1,553 4 5,451
AvastSvc.exe 1460 TCP LANCE-PC 12080 LANCE-PC 0 LISTENING
AvastSvc.exe 1460 TCP lance-pc 49339 api.flattr.com http CLOSE_WAIT 1 330 3 3,378
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49355 ESTABLISHED 2 604 2 3,389
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49454 ESTABLISHED 3 721 2 949
AvastSvc.exe 1460 TCP lance-pc 49354 64.4.21.39 http ESTABLISHED 1 782 1 422
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49480 ESTABLISHED 6 4,375 3 1,329
AvastSvc.exe 1460 TCP lance-pc 49360 157.56.56.139 http ESTABLISHED 3 3,991 3 1,553
AvastSvc.exe 1460 TCP lance-pc 49362 65.55.58.199 http ESTABLISHED 1 1,929 1 604
AvastSvc.exe 1460 TCP lance-pc 49368 166.78.35.121 http CLOSE_WAIT 1 384 2 2,972
AvastSvc.exe 1460 TCP lance-pc 49386 ec2-54-243-81-17.compute-1.amazonaws.com http CLOSE_WAIT 1 422 1 235
AvastSvc.exe 1460 TCP lance-pc 49390 64.71.251.169 http ESTABLISHED 2 719 3 3,755
AvastSvc.exe 1460 TCP lance-pc 49392 64.71.251.169 http ESTABLISHED 1 362 1 804
AvastSvc.exe 1460 TCP lance-pc 49394 64.71.251.169 http ESTABLISHED 2 732 3 5,093
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49389 ESTABLISHED 4 3,633 2 732
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49478 ESTABLISHED 4 2,295 3 1,052
AvastSvc.exe 1460 TCP lance-pc 49419 yyz06s05-in-f7.1e100.net http ESTABLISHED 1 951 1 376
AvastSvc.exe 1460 TCP lance-pc 49421 yyz06s06-in-f25.1e100.net http ESTABLISHED 2 981 2 1,655
AvastSvc.exe 1460 TCP lance-pc 49424 24.156.130.161 http ESTABLISHED 1 531 1 248
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49420 ESTABLISHED 2 21,900
AvastSvc.exe 1460 TCP LANCE-PC 12080 localhost 49422 ESTABLISHED
AvastSvc.exe 1460 TCP lance-pc 49479 ocsp.iad3.verisign.com http ESTABLISHED 1 468 2 2,562
AvastSvc.exe 1460 TCP lance-pc 49481 ocsp.iad3.verisign.com http ESTABLISHED 1 468 2 2,562
AvastSvc.exe 1460 TCP lance-pc 49482 cpe0024b20d3d3d-cm0011ae922d02.cpe.net.cable.rogers.com http SYN_SENT
AvastSvc.exe 1460 TCP lance-pc 49484 u619203.xgsfmg1.imtp.tachikawa.mopera.net http SYN_SENT
AvastSvc.exe 1460 TCP LANCE-PC 12080 LANCE-PC 0 LISTENING
daemonu.exe 5144 UDP LANCE-PC 48000 * * 9 216
firefox.exe 4500 TCP LANCE-PC 49231 localhost 49232 ESTABLISHED 744 744 21 21
firefox.exe 4500 TCP LANCE-PC 49232 localhost 49231 ESTABLISHED 745 745 21 21
firefox.exe 4500 TCP LANCE-PC 49338 localhost 12080 ESTABLISHED 1 330 3 3,378
firefox.exe 4500 TCP lance-pc 49347 65.55.57.27 https ESTABLISHED 3 1,245 8 8,478
firefox.exe 4500 TCP LANCE-PC 49353 localhost 12080 ESTABLISHED 1 782 2 422
firefox.exe 4500 TCP LANCE-PC 49355 localhost 12080 ESTABLISHED 1 1,929 2 604
firefox.exe 4500 TCP LANCE-PC 49359 localhost 12080 ESTABLISHED 3 3,991 6 1,553
firefox.exe 4500 TCP LANCE-PC 49365 localhost 12080 ESTABLISHED 1 384 2 1,512
firefox.exe 4500 TCP LANCE-PC 49385 localhost 12080 ESTABLISHED 1 422 2 235
firefox.exe 4500 TCP LANCE-PC 49387 localhost 12080 ESTABLISHED 2 719 4 2,295
firefox.exe 4500 TCP LANCE-PC 49388 localhost 12080 ESTABLISHED 1 362 2 804
firefox.exe 4500 TCP LANCE-PC 49389 localhost 12080 ESTABLISHED 2 732 5 5,093
firefox.exe 4500 TCP LANCE-PC 49416 localhost 12080 ESTABLISHED 1 951 2 376
firefox.exe 4500 TCP LANCE-PC 49420 localhost 12080 ESTABLISHED 2 981 4 1,655
firefox.exe 4500 TCP LANCE-PC 49422 localhost 12080 ESTABLISHED 1 531 2 248
firefox.exe 4500 TCP LANCE-PC 49454 localhost 12080 ESTABLISHED 1 167
firefox.exe 4500 TCP lance-pc 49475 getpersonas-zlb.vips.scl3.mozilla.com https ESTABLISHED 3 833 5 8,531
firefox.exe 4500 TCP lance-pc 49476 addons-versioncheck-single3.zlb.phx.mozilla.net https ESTABLISHED 3 1,220 6 7,567
firefox.exe 4500 TCP lance-pc 49477 addons-star.zlb.phx.mozilla.net https ESTABLISHED 3 1,481 67 137,712
firefox.exe 4500 TCP LANCE-PC 49478 localhost 12080 ESTABLISHED 1 468 3 3,669
firefox.exe 4500 TCP LANCE-PC 49480 localhost 12080 ESTABLISHED 1 468 3 3,669
firefox.exe 4500 TCP lance-pc 49486 addons-versioncheck-single3.zlb.phx.mozilla.net https ESTABLISHED
firefox.exe 4500 TCP lance-pc 49487 addons-versioncheck-single3.zlb.phx.mozilla.net https ESTABLISHED
firefox.exe 4500 TCP lance-pc 49488 addons-versioncheck-single3.zlb.phx.mozilla.net https ESTABLISHED
firefox.exe 4500 TCP lance-pc 49489 addons-versioncheck-single3.zlb.phx.mozilla.net https ESTABLISHED
firefox.exe 4500 TCP lance-pc 49490 addons-versioncheck-single3.zlb.phx.mozilla.net https ESTABLISHED
firefox.exe 4500 TCP lance-pc 49491 addons-versioncheck-single3.zlb.phx.mozilla.net https ESTABLISHED
firefox.exe 4500 TCP lance-pc 49492 addons-versioncheck-single3.zlb.phx.mozilla.net https ESTABLISHED
iTunesHelper.exe 1608 TCP LANCE-PC 49163 localhost 27015 ESTABLISHED
iTunesHelper.exe 1608 UDP LANCE-PC 57211 * *
iTunesHelper.exe 1608 UDP LANCE-PC 57212 * *
lsass.exe 848 TCP LANCE-PC 49154 LANCE-PC 0 LISTENING
lsass.exe 848 TCPV6 lance-pc 49154 lance-pc 0 LISTENING
mDNSResponder.exe 2336 TCP LANCE-PC 5354 LANCE-PC 0 LISTENING
mDNSResponder.exe 2336 TCP LANCE-PC 5354 localhost 49156 ESTABLISHED
mDNSResponder.exe 2336 UDP lance-pc 5353 * * 4 335 8 775
mDNSResponder.exe 2336 UDP lance-pc 5353 * *
mDNSResponder.exe 2336 UDP LANCE-PC 57207 * *
mDNSResponder.exe 2336 UDPV6 [0:0:0:0:0:0:0:1] 5353 * *
mDNSResponder.exe 2336 UDPV6 lance-pc 57208 * *
nvtray.exe 2816 UDP LANCE-PC 48001 * *
RzSynapse.exe 1872 TCP lance-pc 49493 ec2-184-72-230-116.compute-1.amazonaws.com https ESTABLISHED
services.exe 840 TCP LANCE-PC 49189 LANCE-PC 0 LISTENING
services.exe 840 TCPV6 lance-pc 49189 lance-pc 0 LISTENING
Skype.exe 2732 TCP LANCE-PC http LANCE-PC 0 LISTENING
Skype.exe 2732 TCP LANCE-PC https LANCE-PC 0 LISTENING
Skype.exe 2732 TCP LANCE-PC 27549 LANCE-PC 0 LISTENING 3 149 1 18
Skype.exe 2732 TCP lance-pc 49198 111.221.77.165 40016 ESTABLISHED 4 364 5 35
Skype.exe 2732 TCP lance-pc 49200 91.190.218.57 12350 ESTABLISHED
Skype.exe 2732 TCP lance-pc 49204 baymsg1020114.gateway.edge.messenger.live.com https ESTABLISHED
Skype.exe 2732 UDP LANCE-PC https * *
Skype.exe 2732 UDP LANCE-PC 27549 * *
Skype.exe 2732 UDP LANCE-PC 57213 * * 6 6 6 6
Skype.exe 2732 UDP LANCE-PC 63288 * *
Skype.exe 2732 TCP LANCE-PC 49483 localhost 12080 ESTABLISHED 1 25
spoolsv.exe 1912 TCP LANCE-PC 49201 LANCE-PC 0 LISTENING
spoolsv.exe 1912 TCPV6 lance-pc 49201 lance-pc 0 LISTENING
svchost.exe 472 TCP LANCE-PC epmap LANCE-PC 0 LISTENING
svchost.exe 500 TCP LANCE-PC 49153 LANCE-PC 0 LISTENING
svchost.exe 1052 TCP LANCE-PC 49155 LANCE-PC 0 LISTENING
svchost.exe 2404 UDP lance-pc ssdp * * 74 35,136 182 59,822
svchost.exe 2404 UDP lance-pc ssdp * *
svchost.exe 2404 UDP LANCE-PC ssdp * *
svchost.exe 2404 UDP LANCE-PC ws-discovery * * 4 4,918 36 31,394
svchost.exe 2404 UDP LANCE-PC ws-discovery * *
svchost.exe 1268 UDP LANCE-PC llmnr * *
svchost.exe 2404 UDP LANCE-PC 57209 * * 12 11,890
svchost.exe 472 TCPV6 lance-pc epmap lance-pc 0 LISTENING
svchost.exe 500 TCPV6 lance-pc 49153 lance-pc 0 LISTENING
svchost.exe 1052 TCPV6 lance-pc 49155 lance-pc 0 LISTENING
svchost.exe 2404 UDPV6 [0:0:0:0:0:0:0:1] 1900 * *
svchost.exe 2404 UDPV6 lance-pc 3702 * *
svchost.exe 2404 UDPV6 lance-pc 3702 * *
svchost.exe 2404 UDPV6 lance-pc 57210 * *
svchost.exe 1052 TCP LANCE-PC 49273 localhost 12080 ESTABLISHED 9 2,982 323 942,207 45,248 16
svchost.exe 1176 UDP LANCE-PC ws-discovery * * 6 3,744
svchost.exe 2404 UDP lance-pc 52823 * * 17 2,155
svchost.exe 2404 UDP LANCE-PC 52824 * * 17 2,155 2 888
svchost.exe 1176 UDP LANCE-PC 52825 * * 4 2,496 2 2,450
svchost.exe 2404 UDPV6 lance-pc 3702 * *
svchost.exe 2404 UDPV6 [0:0:0:0:0:0:0:1] 52822 * * 6 1,762
svchost.exe 1176 UDPV6 lance-pc 52826 * *
svchost.exe 2404 UDP LANCE-PC ws-discovery * *
svchost.exe 1176 UDPV6 lance-pc 3702 * *
System 4 TCP lance-pc netbios-ssn LANCE-PC 0 LISTENING
System 4 TCP lance-pc netbios-ssn LANCE-PC 0 LISTENING
System 4 TCP LANCE-PC microsoft-ds LANCE-PC 0 LISTENING
System 4 TCP LANCE-PC wsd LANCE-PC 0 LISTENING
System 4 UDP lance-pc netbios-ns * * 104 5,200 8 400
System 4 UDP lance-pc netbios-ns * *
System 4 UDP lance-pc netbios-dgm * * 8 1,550 8 1,550 209 209 1 1
System 4 UDP lance-pc netbios-dgm * *
System 4 TCPV6 lance-pc microsoft-ds lance-pc 0 LISTENING
System 4 TCPV6 lance-pc wsd lance-pc 0 LISTENING
System 4 TCP LANCE-PC 10243 LANCE-PC 0 LISTENING
System 4 TCPV6 lance-pc 10243 lance-pc 0 LISTENING
System 4 TCP LANCE-PC icslap LANCE-PC 0 LISTENING
System 4 TCPV6 lance-pc icslap lance-pc 0 LISTENING
System 4 TCPV6 [0:0:0:0:0:0:0:1] icslap [0:0:0:0:0:0:0:1] 49313 ESTABLISHED 2 5,615 1 185
UNS.exe 5128 TCP LANCE-PC 49494 LANCE-PC 0 LISTENING
UpdateChecker.exe 2644 TCP LANCE-PC 49183 LANCE-PC 0 LISTENING
UpdateChecker.exe 2644 TCP lance-pc 49234 85.f7.364a.static.theplanet.com http ESTABLISHED 2 22,814 1 1,035
wininit.exe 744 TCP LANCE-PC 49152 LANCE-PC 0 LISTENING
wininit.exe 744 TCPV6 lance-pc 49152 lance-pc 0 LISTENING
wmpnetwk.exe 5148 UDPV6 lance-pc 5004 * *
wmpnetwk.exe 5148 UDPV6 lance-pc 5005 * *
wmpnetwk.exe 5148 TCP LANCE-PC rtsp LANCE-PC 0 LISTENING
wmpnetwk.exe 5148 UDP LANCE-PC 5004 * *
wmpnetwk.exe 5148 UDP LANCE-PC 5005 * *
wmpnetwk.exe 5148 TCPV6 lance-pc rtsp lance-pc 0 LISTENING
wmpnetwk.exe 5148 TCPV6 [0:0:0:0:0:0:0:1] 49313 [0:0:0:0:0:0:0:1] icslap ESTABLISHED 1 185 5 7,903

#6
RKinner

Posted 02 April 2013 - 12:37 AM

Malware Expert

Expert
24,625 posts

Right click on the clock and select Task Manager. Then click on Networking. Close your browser. If you let it run for a while you will see two green lines creeping along. These should be fairly flat and stay near the bottom. Do they? % Utilization should be 0. Is it?

#7
LANCE_1313

Posted 02 April 2013 - 07:58 AM

Member

Topic Starter
Member
159 posts

Sitting with FireFox off, Thunderbird off, and Skype off and the Wireless green line is still oscillating between 0 - 1% at a regular pace constantly.

#8
RKinner

Posted 02 April 2013 - 08:41 AM

Malware Expert

Expert
24,625 posts

Get the free version of Online Armor: http://www.online-armor.com/. Download, Save and then install by right clicking and Run As Admin. This is a two way firewall. It will ask you for permission before allowing a program to use the Internet. Watch the task manager's networking chart before and after allowing something to use the Internet. That may allow us to isolate the bad guy.

#9
LANCE_1313

Posted 03 April 2013 - 11:23 AM

Member

Topic Starter
Member
159 posts

so Online Armor seems to keep track of a running total of inbound and outbound usage on the firewall status page. After about 30 minutes it seems that Avastsvc has used over 50mb and one of the svchost has used about 15mb.

Suggestions?

#10
RKinner

Posted 03 April 2013 - 11:49 AM

Malware Expert

Expert
24,625 posts

Probably a database update for Avast. It's hard to tell with svchost but neither seem to be really excessive. Keep watching and see if they get worse.

#11
LANCE_1313

Posted 03 April 2013 - 01:13 PM

Member

Topic Starter
Member
159 posts

avast is up to 450mb and continues to climb at a constant rate. the scvhost has stopped at 15mb.

#12
RKinner

Posted 03 April 2013 - 01:35 PM

Malware Expert

Expert
24,625 posts

Looks like you have found the culprit. You can download a new version of Avast and then uninstall the old, reboot, and reinstall or you can switch to MSSE
http://windows.micro...ntials-download

#13
LANCE_1313

Posted 03 April 2013 - 02:04 PM

Member

Topic Starter
Member
159 posts

As I look at the uninstall menu I see that this update was installed on the 18th. The exact same day that the issue started... If only I'd noticed that earlier I'd have my 20 gig of bandwidth back. I'll continue to monitor the situation.

I see you've suggested microsoft essentials. I've heard some poor reviews about that one including one from AV-test institute. Has this changed recently? Do you feel it's superior to Avast? Is there one standout in the free market right now?

#14
RKinner

Posted 03 April 2013 - 03:50 PM

Malware Expert

Expert
24,625 posts

Avast is what I use but some of the guys here like MSSE. Avira used to be one of the best but they have started installing foistware. And there is always AVG but judging by how many I see on the forum it's not all that good. I would try reinstalling Avast because it's not supposed to cause so much traffic and mine doesn't.

#15
LANCE_1313

Posted 04 April 2013 - 05:22 AM

Member

Topic Starter
Member
159 posts

I uninstalled Avast yesterday but didn't get around to reinstalling a fresh download. Left my comp on as I went to work a nightshift. Just returned home to find that scvhost used 2 gig of bandwidth over night...