Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

laptop hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

laptop hijacked

Unread postby szotl » June 25th, 2012, 2:01 pm

Problem surfaced on Friday, June 22, 2012 and all 3 computers seem to be affected. The problem is that when I attempt to use the Google Keyword Tool I receive a "Our systems have detected unusual traffic from your computer network." message. HOWEVER no other browser searches are affected!

I have run Spy-bot and malwarebytes on all 3 home network computers and removed all malware found. Malwarebytes found the desktop had 3 'objects' of "PUP.FCTPlugin, the PS laptop had a "PUP.BundleInstaller.OI" and "RootKit.Agent". the LS laptop was clean.

The information below is from the PS Laptop.

I would be extremely grateful if someone could assist me in resolving this issue. The situation is pressing for me because my wife & I leave for a training conference on Wednesday that requires us to use our laptops extensively during this training

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Pat at 11:49:47 on 2012-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1968 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files (x86)\MindMovies\Subliminal\Mind Movie Subliminal\Subliminal\SubVid.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\Pat\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\Pat\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\CONNECTION SERVICE\Bin\ACDaemon.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\ArcSoft\CONNECTION SERVICE\Bin\ArcCon.ac
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\igfxext.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSND
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx ... 291&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_custom ... tbid=80291
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Toolbar BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Assistant BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: AlxHelper Class: {f443a627-5009-4323-9c1d-7fd598d0d712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No File
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [SubVid] "C:\Program Files (x86)\MindMovies\Subliminal\Mind Movie Subliminal\Subliminal\SubVid.exe" /startup
uRun: [Google Update] "C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
mRun: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\Pat\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{AC11BFD7-6760-4A4E-AB6A-E09DE51001DE} : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{AC11BFD7-6760-4A4E-AB6A-E09DE51001DE}\378656271647F6E6 : DhcpNameServer = 12.235.80.195
TCP: Interfaces\{AC11BFD7-6760-4A4E-AB6A-E09DE51001DE}\D697177756374773631313 : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Toolbar BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Assistant BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: ToolbarBHO Class: {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO-X64: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: AlxHelper Class: {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
BHO-X64: AlxHelper - No File
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No File
TB-X64: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
TB-X64: RAW Thumbnail Viewer: {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
mRun-x64: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe
mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\n48dm0vs.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Pat\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-6-16 386344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-25 1153368]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-29 2320920]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MapsGalaxy_39Service;MapsGalaxyService;C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe --> C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-06-25 15:20:49 -------- d-----w- C:\Users\Pat\AppData\Roaming\Malwarebytes
2012-06-25 15:20:44 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-25 15:20:43 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-25 15:20:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-25 05:06:39 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-06-25 05:05:35 -------- d-----w- C:\Program Files (x86)\Amazon
2012-06-25 05:05:26 -------- d-----w- C:\Program Files (x86)\Amazon Browser Bar
2012-06-24 16:10:01 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-24 16:09:54 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-24 16:09:43 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-24 16:09:43 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-24 02:00:08 -------- d-----w- C:\Users\Pat\AppData\Local\adaware
2012-06-24 01:59:32 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-24 01:59:04 -------- d-----w- C:\Users\Pat\AppData\Local\adawarebp
2012-06-24 01:59:01 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-06-24 01:58:57 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-06-24 01:58:50 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-06-24 01:57:46 -------- d-----w- C:\Users\Pat\AppData\Roaming\Ad-Aware Antivirus
2012-06-24 01:42:12 -------- d-----w- C:\Users\Pat\AppData\Local\eProximy
2012-06-23 03:54:05 -------- d-----w- C:\Users\Pat\AppData\Local\Nikon
2012-06-23 03:17:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-23 03:17:37 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-22 22:36:36 -------- d-----w- C:\ProgramData\Trend Micro
2012-06-22 22:18:44 -------- d-----w- C:\Users\Pat\AppData\Local\Browser Guard
2012-06-22 19:31:53 -------- d-----w- C:\ProgramData\PC Tools
2012-06-22 19:31:52 -------- d-----w- C:\Users\Pat\AppData\Roaming\TestApp
2012-06-19 15:15:06 -------- d-----w- C:\Users\Pat\AppData\Roaming\TechSmith
2012-06-16 19:42:39 72192 ----a-w- C:\windows\SysWow64\ArcSoft Photo Book Screen Saver.scr
2012-06-16 19:38:50 -------- d-----w- C:\Users\Pat\AppData\Local\Programs
2012-06-16 19:38:34 -------- d-----w- C:\Users\Pat\AppData\Local\ArcSoft
2012-06-16 19:38:33 -------- d-----w- C:\ProgramData\ArcSoft
2012-06-16 19:25:56 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-06-16 19:25:56 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-06-16 19:25:56 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-06-16 19:25:56 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-06-16 19:25:01 61440 ----a-r- C:\Users\Pat\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe
2012-06-16 19:24:39 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon
2012-06-16 19:24:09 -------- d-----w- C:\Program Files\Common Files\Nikon
2012-06-16 19:24:08 -------- d-----w- C:\Program Files (x86)\Nikon
2012-06-16 19:24:07 -------- d-----w- C:\Program Files\Nikon
2012-06-16 19:24:06 106496 ----a-w- C:\windows\SysWow64\ATL71.DLL
2012-06-16 19:23:48 -------- d-----w- C:\Users\Pat\AppData\Local\Downloaded Installations
2012-06-14 03:20:46 -------- d-----w- C:\Users\Pat\AppData\Local\Macromedia
2012-06-13 22:50:02 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-06-13 22:50:02 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-06-13 22:50:02 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
.
==================== Find3M ====================
.
2012-06-25 05:06:07 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-06-25 05:06:07 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-06-25 01:30:23 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 01:30:23 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 23:59:37 60304 ----a-w- C:\Users\Pat\g2mdlhlpx.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-16 17:47:44 258560 ----a-w- C:\windows\SysWow64\tsc2_codec64.dll
2012-04-16 17:47:44 222208 ----a-w- C:\windows\SysWow64\tsc2_codec32.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-04-06 00:39:41 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 11:51:15.16 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/22/2010 7:04:27 PM
System Uptime: 6/25/2012 9:29:49 AM (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 2399/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 258.439 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP156: 6/22/2012 8:34:50 PM - Restore Operation
RP157: 6/22/2012 8:51:50 PM - Windows Update
RP158: 6/22/2012 9:01:21 PM - Revo Uninstaller's restore point - Best Buy pc app
RP159: 6/22/2012 9:07:07 PM - Removed AVG 2012
RP160: 6/22/2012 9:08:11 PM - Removed AVG 2012
RP161: 6/22/2012 9:18:29 PM - Windows Update
RP162: 6/22/2012 9:36:50 PM - Revo Uninstaller's restore point - Coupon Printer for Windows
RP163: 6/22/2012 9:40:17 PM - Revo Uninstaller's restore point - Skype Click to Call
RP164: 6/22/2012 9:41:34 PM - Revo Uninstaller's restore point - ShopAtHome.com Toolbar
RP165: 6/22/2012 9:45:35 PM - Revo Uninstaller's restore point - MapsGalaxy Toolbar
RP166: 6/22/2012 9:47:30 PM - Revo Uninstaller's restore point - MapsGalaxy Toolbar
RP167: 6/22/2012 9:48:51 PM - Revo Uninstaller's restore point - RebateInformer
RP168: 6/22/2012 10:08:30 PM - Installed HiJackThis
RP169: 6/23/2012 3:36:28 PM - Revo Uninstaller's restore point - Babylon toolbar on IE
RP170: 6/23/2012 3:37:59 PM - Revo Uninstaller's restore point - BabylonObjectInstaller
RP171: 6/23/2012 3:39:03 PM - Revo Uninstaller's restore point - PDFCreator
RP172: 6/23/2012 3:40:39 PM - Revo Uninstaller's restore point - VideoFileDownload
RP173: 6/23/2012 3:48:54 PM - Revo Uninstaller's restore point - PDFCreator
RP174: 6/23/2012 8:38:52 PM - Restore Operation
RP175: 6/23/2012 9:26:39 PM - Revo Uninstaller's restore point - AppGraffiti
RP176: 6/23/2012 9:28:33 PM - Revo Uninstaller's restore point - Best Buy pc app
RP177: 6/23/2012 9:30:48 PM - Revo Uninstaller's restore point - Coupon Printer for Windows
RP178: 6/23/2012 9:32:50 PM - Revo Uninstaller's restore point - MapsGalaxy Toolbar
RP179: 6/23/2012 9:34:03 PM - Revo Uninstaller's restore point - RebateInformer
RP180: 6/23/2012 9:35:36 PM - Revo Uninstaller's restore point - ShopAtHome.com Toolbar
RP181: 6/23/2012 9:37:35 PM - Revo Uninstaller's restore point - Skype Click to Call
RP182: 6/24/2012 10:09:14 AM - Windows Update
RP183: 6/24/2012 7:38:09 PM - Revo Uninstaller's restore point - Mozilla Firefox 13.0.1 (x86 en-US)
RP184: 6/24/2012 7:41:25 PM - Revo Uninstaller's restore point - Google Chrome
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Amazon Kindle
Apple Application Support
Apple Software Update
ArcSoft MediaImpression 2
ArcSoft Panorama Maker 6
ArcSoft Photo Book Screen Saver
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations Print Service
ArcSoft RAW Thumbnail Viewer
ArcSoft Video Downloader
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
BlueVoda Website Builder SV2d
Camtasia Studio 7
Camtasia Studio 8
CloudBerry Explorer for Amazon S3 3.2.4
CyberLink PowerDirector 10
CyberLink WaveEditor
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Chrome
GoToMeeting 5.2.0.952
HandBrake 0.9.6
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 31
Jing
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Picture It! Express 7.0
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
Nikon Message Center 2
Nikon Movie Editor
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Revo Uninstaller 1.94
RoboForm 7-7-8-8 (All Users)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 5.8
SmartSound Quicktracks 5
Spybot - Search & Destroy
Subliminal $SUBLIMINAL_VERSION
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Visual Studio 2008 x64 Redistributables
WD Link
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/25/2012 9:30:19 AM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.
6/25/2012 9:30:16 AM, Error: Service Control Manager [7000] - The MapsGalaxyService service failed to start due to the following error: The system cannot find the file specified.
6/22/2012 4:44:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/22/2012 3:13:25 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/22/2012 3:13:16 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
szotl
Active Member
 
Posts: 2
Joined: June 25th, 2012, 12:51 pm
Advertisement
Register to Remove

Re: laptop hijacked

Unread postby deltalima » June 25th, 2012, 3:58 pm

The situation is pressing for me because my wife & I leave for a training conference on Wednesday that requires us to use our laptops extensively during this training


The malware removal process cannot be rushed.
This site is staffed by volunteers who freely provide their time as and when they can, the average time taken to fully clean a computer is around 1 to 2 weeks,

As you have pressing needs for your computer you will need to seek professional help to resolve the issue in such a short time period.

This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 117 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware