Jump to content


Photo

Unusual Traffic from your computer network


  • This topic is locked This topic is locked
2 replies to this topic

#1 szotl

szotl

    Member

  • New Member
  • Pip
  • 1 posts

Posted 25 June 2012 - 03:00 PM

Problem surfaced on Friday, June 22, 2012 and all 3 home network computers seem to be affected. The problem is that when I attempt to use the Google Keyword Tool I receive a "Our systems have detected unusual traffic from your computer network." message. HOWEVER no other browser searches are affected!

I have run Spy-bot and malwarebytes on all 3 home computers and removed all malware found. Malwarebytes found the desktop had 3 'objects' of "PUP.FCTPlugin, the PS laptop had a "PUP.BundleInstaller.OI" and "RootKit.Agent". the LS laptop was clean.

I would be extremely grateful if someone could assist me in resolving this issue. The situation is pressing for me because my wife & I leave for a training conference on Wednesday that requires us to use our laptops extensively during this training


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Pat at 11:49:47 on 2012-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1968 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files (x86)\MindMovies\Subliminal\Mind Movie Subliminal\Subliminal\SubVid.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\Pat\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\Pat\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\CONNECTION SERVICE\Bin\ACDaemon.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\ArcSoft\CONNECTION SERVICE\Bin\ArcCon.ac
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\igfxext.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80291&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80291
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Toolbar BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Assistant BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: AlxHelper Class: {f443a627-5009-4323-9c1d-7fd598d0d712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No File
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [SubVid] "C:\Program Files (x86)\MindMovies\Subliminal\Mind Movie Subliminal\Subliminal\SubVid.exe" /startup
uRun: [Google Update] "C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
mRun: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\Pat\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{AC11BFD7-6760-4A4E-AB6A-E09DE51001DE} : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{AC11BFD7-6760-4A4E-AB6A-E09DE51001DE}\378656271647F6E6 : DhcpNameServer = 12.235.80.195
TCP: Interfaces\{AC11BFD7-6760-4A4E-AB6A-E09DE51001DE}\D697177756374773631313 : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Toolbar BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Assistant BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: ToolbarBHO Class: {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO-X64: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: AlxHelper Class: {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
BHO-X64: AlxHelper - No File
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No File
TB-X64: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
TB-X64: RAW Thumbnail Viewer: {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
mRun-x64: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe
mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\n48dm0vs.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Pat\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-6-16 386344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-25 1153368]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-29 2320920]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MapsGalaxy_39Service;MapsGalaxyService;C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe --> C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-06-25 15:20:49 -------- d-----w- C:\Users\Pat\AppData\Roaming\Malwarebytes
2012-06-25 15:20:44 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-25 15:20:43 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-25 15:20:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-25 05:06:39 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-06-25 05:05:35 -------- d-----w- C:\Program Files (x86)\Amazon
2012-06-25 05:05:26 -------- d-----w- C:\Program Files (x86)\Amazon Browser Bar
2012-06-24 16:10:01 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-24 16:09:54 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-24 16:09:43 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-24 16:09:43 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-24 02:00:08 -------- d-----w- C:\Users\Pat\AppData\Local\adaware
2012-06-24 01:59:32 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-24 01:59:04 -------- d-----w- C:\Users\Pat\AppData\Local\adawarebp
2012-06-24 01:59:01 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-06-24 01:58:57 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-06-24 01:58:50 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-06-24 01:57:46 -------- d-----w- C:\Users\Pat\AppData\Roaming\Ad-Aware Antivirus
2012-06-24 01:42:12 -------- d-----w- C:\Users\Pat\AppData\Local\eProximy
2012-06-23 03:54:05 -------- d-----w- C:\Users\Pat\AppData\Local\Nikon
2012-06-23 03:17:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-23 03:17:37 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-22 22:36:36 -------- d-----w- C:\ProgramData\Trend Micro
2012-06-22 22:18:44 -------- d-----w- C:\Users\Pat\AppData\Local\Browser Guard
2012-06-22 19:31:53 -------- d-----w- C:\ProgramData\PC Tools
2012-06-22 19:31:52 -------- d-----w- C:\Users\Pat\AppData\Roaming\TestApp
2012-06-19 15:15:06 -------- d-----w- C:\Users\Pat\AppData\Roaming\TechSmith
2012-06-16 19:42:39 72192 ----a-w- C:\windows\SysWow64\ArcSoft Photo Book Screen Saver.scr
2012-06-16 19:38:50 -------- d-----w- C:\Users\Pat\AppData\Local\Programs
2012-06-16 19:38:34 -------- d-----w- C:\Users\Pat\AppData\Local\ArcSoft
2012-06-16 19:38:33 -------- d-----w- C:\ProgramData\ArcSoft
2012-06-16 19:25:56 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-06-16 19:25:56 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-06-16 19:25:56 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-06-16 19:25:56 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-06-16 19:25:01 61440 ----a-r- C:\Users\Pat\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe
2012-06-16 19:24:39 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon
2012-06-16 19:24:09 -------- d-----w- C:\Program Files\Common Files\Nikon
2012-06-16 19:24:08 -------- d-----w- C:\Program Files (x86)\Nikon
2012-06-16 19:24:07 -------- d-----w- C:\Program Files\Nikon
2012-06-16 19:24:06 106496 ----a-w- C:\windows\SysWow64\ATL71.DLL
2012-06-16 19:23:48 -------- d-----w- C:\Users\Pat\AppData\Local\Downloaded Installations
2012-06-14 03:20:46 -------- d-----w- C:\Users\Pat\AppData\Local\Macromedia
2012-06-13 22:50:02 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-06-13 22:50:02 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-06-13 22:50:02 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
.
==================== Find3M ====================
.
2012-06-25 05:06:07 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-06-25 05:06:07 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-06-25 01:30:23 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 01:30:23 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 23:59:37 60304 ----a-w- C:\Users\Pat\g2mdlhlpx.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-16 17:47:44 258560 ----a-w- C:\windows\SysWow64\tsc2_codec64.dll
2012-04-16 17:47:44 222208 ----a-w- C:\windows\SysWow64\tsc2_codec32.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-04-06 00:39:41 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 11:51:15.16 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/22/2010 7:04:27 PM
System Uptime: 6/25/2012 9:29:49 AM (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | CPU | 2399/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 258.439 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP156: 6/22/2012 8:34:50 PM - Restore Operation
RP157: 6/22/2012 8:51:50 PM - Windows Update
RP158: 6/22/2012 9:01:21 PM - Revo Uninstaller's restore point - Best Buy pc app
RP159: 6/22/2012 9:07:07 PM - Removed AVG 2012
RP160: 6/22/2012 9:08:11 PM - Removed AVG 2012
RP161: 6/22/2012 9:18:29 PM - Windows Update
RP162: 6/22/2012 9:36:50 PM - Revo Uninstaller's restore point - Coupon Printer for Windows
RP163: 6/22/2012 9:40:17 PM - Revo Uninstaller's restore point - Skype Click to Call
RP164: 6/22/2012 9:41:34 PM - Revo Uninstaller's restore point - ShopAtHome.com Toolbar
RP165: 6/22/2012 9:45:35 PM - Revo Uninstaller's restore point - MapsGalaxy Toolbar
RP166: 6/22/2012 9:47:30 PM - Revo Uninstaller's restore point - MapsGalaxy Toolbar
RP167: 6/22/2012 9:48:51 PM - Revo Uninstaller's restore point - RebateInformer
RP168: 6/22/2012 10:08:30 PM - Installed HiJackThis
RP169: 6/23/2012 3:36:28 PM - Revo Uninstaller's restore point - Babylon toolbar on IE
RP170: 6/23/2012 3:37:59 PM - Revo Uninstaller's restore point - BabylonObjectInstaller
RP171: 6/23/2012 3:39:03 PM - Revo Uninstaller's restore point - PDFCreator
RP172: 6/23/2012 3:40:39 PM - Revo Uninstaller's restore point - VideoFileDownload
RP173: 6/23/2012 3:48:54 PM - Revo Uninstaller's restore point - PDFCreator
RP174: 6/23/2012 8:38:52 PM - Restore Operation
RP175: 6/23/2012 9:26:39 PM - Revo Uninstaller's restore point - AppGraffiti
RP176: 6/23/2012 9:28:33 PM - Revo Uninstaller's restore point - Best Buy pc app
RP177: 6/23/2012 9:30:48 PM - Revo Uninstaller's restore point - Coupon Printer for Windows
RP178: 6/23/2012 9:32:50 PM - Revo Uninstaller's restore point - MapsGalaxy Toolbar
RP179: 6/23/2012 9:34:03 PM - Revo Uninstaller's restore point - RebateInformer
RP180: 6/23/2012 9:35:36 PM - Revo Uninstaller's restore point - ShopAtHome.com Toolbar
RP181: 6/23/2012 9:37:35 PM - Revo Uninstaller's restore point - Skype Click to Call
RP182: 6/24/2012 10:09:14 AM - Windows Update
RP183: 6/24/2012 7:38:09 PM - Revo Uninstaller's restore point - Mozilla Firefox 13.0.1 (x86 en-US)
RP184: 6/24/2012 7:41:25 PM - Revo Uninstaller's restore point - Google Chrome
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Amazon Kindle
Apple Application Support
Apple Software Update
ArcSoft MediaImpression 2
ArcSoft Panorama Maker 6
ArcSoft Photo Book Screen Saver
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations Print Service
ArcSoft RAW Thumbnail Viewer
ArcSoft Video Downloader
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
BlueVoda Website Builder SV2d
Camtasia Studio 7
Camtasia Studio 8
CloudBerry Explorer for Amazon S3 3.2.4
CyberLink PowerDirector 10
CyberLink WaveEditor
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Chrome
GoToMeeting 5.2.0.952
HandBrake 0.9.6
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 31
Jing
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Picture It! Express 7.0
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
Nikon Message Center 2
Nikon Movie Editor
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Revo Uninstaller 1.94
RoboForm 7-7-8-8 (All Users)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 5.8
SmartSound Quicktracks 5
Spybot - Search & Destroy
Subliminal $SUBLIMINAL_VERSION
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Visual Studio 2008 x64 Redistributables
WD Link
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/25/2012 9:30:19 AM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.
6/25/2012 9:30:16 AM, Error: Service Control Manager [7000] - The MapsGalaxyService service failed to start due to the following error: The system cannot find the file specified.
6/22/2012 4:44:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/22/2012 3:13:25 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/22/2012 3:13:16 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pat :: PAT-PC [administrator]

6/25/2012 9:21:10 AM
mbam-log-2012-06-25 (09-21-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217850
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Pat\Downloads\ccsetup312.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\Pat\Local Settings\Temporary Internet Files\Content.IE5\4MBWJIPP\vfd-adk[1] (Rootkit.Agent) -> Quarantined and deleted successfully.

(end)

#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,279 posts

Posted 27 June 2012 - 03:37 PM

Hello szotl. Sorry none of us got to you in time for your trip. I hope that perhaps Malwarebytes Anti-Malware (MBAM) has at least partly fixed the problem.

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Also:
Please download Security Check by screen317 from here or here. Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,279 posts

Posted 08 July 2012 - 07:55 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button