Vincent infection thread

V

Vincent

New Member
Hey, I managed to get my computer infected with something very similar to the infection described in the "My HDD is failing as we speak? urgent help required" thread a little less than 4 hours ago.

By the time I found the thread, I had no desktop icons anymore, the start menu and tray were respectively empty and not working (icons were blank sheets and gave error messages when clicked), and more or less my entire hard drive was inaccessible.

I downloaded MalwareBytes, found 28 infections, removed them. Downloaded HiJackThis, but didn't edit anything with it. Downloaded combofix, and ran it successfully.

I now have recovered my desktop icons, my hard drive is accessible, and things seem to have been returned to normal except for what seems to be just one thing: only 2.84 Gb out of my 4 Gb of RAM appears to be usable.

Any help you could offer would be very much appreciated, as I really have no idea how to go about correcting this.

System:

Manufacturer: TOSHIBA
Model: Notebook
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.2GHz and 2.2GHz
Installed Memory (RAM): 4.00Gb (2.84 Gb usable)
Sytem Type: 32-bit Operating System
Platform: Windows 7 SP1 (WinNT 6.00.3505)

P.s. I'm running MalwareBytes again, I'll post the log when it's done.
 
Last edited:
I need all three logs to be posted with making sure hijackthis is ran after malwarebytes and combofix.
 
The MalwareBytes full scan has been taking forever, but I think it should be done pretty soon. In the meantime here's the log from when I ran combofix before:

ComboFix 11-06-06.01 - Megatron 06/06/2011 11:45:55.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2909.1600 [GMT -6:00]
Running from: c:\users\Megatron\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Solid YouTube Downloader and Converter DB Toolbar\tbHElper.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Megatron\AppData\Local\.#
c:\users\Megatron\AppData\Roaming\Local
c:\users\Megatron\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Megatron\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\Megatron\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\users\Megatron\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Megatron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\users\Megatron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk
c:\users\Megatron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk
c:\users\Megatron\Desktop\Windows 7 Recovery.lnk
c:\windows\system32\launcher.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-06 to 2011-06-06 )))))))))))))))))))))))))))))))
.
.
2011-06-06 18:00 . 2011-06-06 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-06 16:18 . 2011-06-06 16:18 388096 ----a-r- c:\users\Megatron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-06 16:18 . 2011-06-06 16:18 -------- d-----w- c:\program files\Trend Micro
2011-06-06 16:01 . 2011-06-06 16:01 -------- d-----w- c:\users\Megatron\AppData\Roaming\Malwarebytes
2011-06-06 16:01 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-06 16:01 . 2011-06-06 16:01 -------- d-----w- c:\programdata\Malwarebytes
2011-06-06 16:01 . 2011-05-29 15:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 16:01 . 2011-06-06 16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-06 15:35 . 2011-06-06 15:35 -------- d--h--w- c:\users\Megatron\AppData\Local\{EA874D7E-1211-41D6-843B-3285139D7E7E}
2011-06-04 05:34 . 2011-06-04 05:35 -------- d--h--w- c:\users\Megatron\AppData\Roaming\.minecraft
2011-06-02 23:26 . 2009-11-03 20:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2011-06-02 23:26 . 2009-11-03 20:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2011-06-02 00:44 . 2011-06-02 00:44 -------- d-----w- c:\program files\Firaxis Games
2011-06-02 00:44 . 1997-06-02 18:32 314880 ----a-w- c:\windows\IsUninst.exe
2011-05-26 12:39 . 2011-05-26 12:39 -------- d--h--w- c:\users\Megatron\AppData\Local\{188CB295-CDB2-463F-B4B2-7AF161B52561}
2011-05-24 19:07 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-23 08:00 . 2011-05-23 08:00 -------- d-----w- C:\_data
2011-05-23 07:41 . 2011-05-23 07:41 -------- d-----w- c:\program files\Totally Free Converter
2011-05-23 07:23 . 2011-05-23 07:23 -------- d--h--w- c:\users\Megatron\AppData\Roaming\4Media
2011-05-23 07:22 . 2011-05-23 07:22 -------- d-----w- c:\program files\4Media
2011-05-23 07:05 . 2011-06-06 17:58 -------- d-----w- c:\program files\Solid YouTube Downloader and Converter DB Toolbar
2011-05-23 06:59 . 2011-05-23 06:59 -------- d--h--w- c:\programdata\Emicsoft Studio
2011-05-19 04:56 . 2011-05-19 04:57 -------- d--h--w- c:\programdata\Skype Extras
2011-05-19 04:55 . 2011-05-19 04:55 -------- d-----w- c:\program files\Common Files\Skype
2011-05-19 02:43 . 2011-05-19 02:44 -------- d--h--w- c:\users\Megatron\AppData\Local\{57DB0C86-4BD8-4E5D-B500-3128116F90EC}
2011-05-19 00:12 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-18 05:51 . 2011-05-18 05:51 -------- d--h--w- c:\users\Megatron\AppData\Local\{B92C59BA-E090-499D-BD6E-7BE7A7AC9DE0}
2011-05-16 20:45 . 2011-05-16 20:45 -------- d--h--w- c:\users\Megatron\AppData\Local\{7C7B20C3-69E0-4CE3-B979-6D34574AB3C3}
2011-05-16 20:45 . 2011-05-16 20:45 -------- d--h--w- c:\users\Megatron\AppData\Local\Windows Live Writer
2011-05-16 20:45 . 2011-05-16 20:45 -------- d--h--w- c:\users\Megatron\AppData\Roaming\Windows Live Writer
2011-05-16 02:30 . 2011-05-16 02:30 -------- d--h--w- c:\users\Megatron\AppData\Local\{D1A81876-CDC8-4214-89A4-E41EF48C5CBC}
2011-05-12 19:47 . 2011-05-12 19:47 -------- d--h--w- c:\users\Megatron\AppData\Roaming\Tonido
2011-05-11 11:59 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 11:59 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 06:49 . 2011-05-11 06:49 -------- d--h--w- c:\users\Megatron\AppData\Local\{C7EADB7A-368B-45AB-BE98-F1DCA77811C3}
2011-05-10 20:37 . 2011-05-10 20:38 -------- d--h--w- c:\users\Megatron\AppData\Local\CutePDF Writer
2011-05-10 20:36 . 2011-05-10 20:36 -------- d-----w- c:\program files\Acro Software
2011-05-10 20:34 . 2011-05-11 06:46 -------- d-----w- c:\program files\GPLGS
2011-05-09 22:57 . 2011-05-09 22:57 -------- d--h--w- c:\users\Megatron\AppData\Local\{5E6058DB-4EDF-4089-9E66-69CC42C04E2B}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 13:58 . 2011-04-14 06:53 152064 ----a-w- c:\windows\system32\xvid.ax
2011-03-19 15:06 . 2011-04-14 06:53 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-19 15:04 . 2011-04-14 06:53 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-17 08:19 . 2011-03-17 08:19 249856 ------w- c:\windows\Setup1.exe
2011-03-17 08:19 . 2011-03-17 08:19 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-17 08:12 . 2011-03-17 08:11 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-03-14 01:55 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-12 11:23 . 2011-04-27 07:56 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:39 . 2011-04-27 07:56 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:39 . 2011-04-27 07:56 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:39 . 2011-04-27 07:56 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:39 . 2011-04-27 07:56 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:38 . 2011-04-27 07:56 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:38 . 2011-04-27 07:56 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:38 . 2011-04-27 07:56 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:33 . 2011-04-14 07:35 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 07:35 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-27 07:56 1699328 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:31 . 2011-04-27 07:56 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-05-02 09:02 . 2011-03-29 22:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-07-14 01:14 20992 --sh--r- c:\windows\System32\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo1.dll" [2010-09-09 2735200]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Vuze_Remote\tbVuz0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
2010-09-09 21:37 2735200 ----a-w- c:\program files\Veoh_Web_Player\tbVeo1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo1.dll" [2010-09-09 2735200]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\tbVeo1.dll" [2010-09-09 2735200]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Megatron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Megatron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Megatron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-17 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SansaDispatch"="c:\users\Megatron\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-06-05 79872]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2011-05-25 53160]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Tonido"="c:\users\Megatron\AppData\Roaming\Tonido\launcher.exe" [2011-04-12 100864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\users\Megatron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Megatron\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2009-01-14 05:33 34088 ----a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 MotuMidi;MOTU MIDI Device;c:\windows\system32\drivers\MotuMidi.sys [2010-07-12 36912]
R3 MotuUsb;MotuUsb;c:\windows\system32\Drivers\MotuUsb.sys [2010-07-12 49712]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-23 3724760]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-12 1343400]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 XDva309;XDva309;c:\windows\system32\XDva309.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-17 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [2010-02-05 13952]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus.sys [2010-07-12 23600]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1011232]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7XZVG-2E18SYK-0V7LG-HU9X7G-4Z1KY4A38}]
2009-07-14 01:14 20992 --sh--r- c:\windows\System32\svchost.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 00:16]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 00:16]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1885654428-2098203781-4062814211-1000Core.job
- c:\users\Megatron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-07 08:26]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1885654428-2098203781-4062814211-1000UA.job
- c:\users\Megatron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-07 08:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://obsidiansnow.newgrounds.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: freechal.com\downgame
TCP: DhcpNameServer = 192.168.1.254 199.185.220.254
DPF: {640044E9-92A3-4B89-A615-1F65354D3A65} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
FF - ProfilePath - c:\users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\dphvj1pp.default\
FF - prefs.js: browser.startup.homepage - hxxp://obsidiansnow.newgrounds.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1885654428-2098203781-4062814211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1885654428-2098203781-4062814211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1885654428-2098203781-4062814211-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-06 12:12:25
ComboFix-quarantined-files.txt 2011-06-06 18:12
.
Pre-Run: 221,646,856,192 bytes free
Post-Run: 226,149,031,936 bytes free
.
- - End Of File - - 77A27C4CD3F5DED01F8989E3072FEDEA
 
I was right about MalwareBytes nearly being done, it finished just moments after I posted this last. Looks like it missed a couple things last time, all of which appear to be things my brother downloaded when I loaned him the computer for a couple months. Go figure. Anyways, here's the log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6788

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

06/06/2011 7:08:43 PM
mbam-log-2011-06-06 (19-08-30).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 398138
Time elapsed: 4 hour(s), 51 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Megatron\Desktop\desktop junk\brutus-aet2\BrutusA2.exe (HackTool.Brutus) -> No action taken.
c:\Users\Megatron\Desktop\Ian\Stuff\REASON 4\reason 4 + keygen + patch rps\KEYGEN.doc (RiskWare.Tool.CK) -> No action taken.
c:\Users\Megatron\Desktop\Ian\Stuff\REASON 4\reason 4 + keygen + patch rps\KEYGEN.EXE (RiskWare.Tool.CK) -> No action taken.


***Note that the items were all successfully quarantined and deleted after I saved the log***
 
First of all, if you have any keygen software(illegal, not purchased) installed, please uninstall them and obtain them legally by purchasing them. A lot of keygen software is full of malware.

Please move the combofix file to your desktop so you can perform the following procedure.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Folder::
c:\users\Megatron\AppData\Local\{EA874D7E-1211-41D6-843B-3285139D7E7E}
c:\users\Megatron\AppData\Local\{188CB295-CDB2-463F-B4B2-7AF161B52561}
c:\users\Megatron\AppData\Local\{57DB0C86-4BD8-4E5D-B500-3128116F90EC}
c:\users\Megatron\AppData\Local\{B92C59BA-E090-499D-BD6E-7BE7A7AC9DE0}
c:\users\Megatron\AppData\Local\{7C7B20C3-69E0-4CE3-B979-6D34574AB3C3}
c:\users\Megatron\AppData\Local\{D1A81876-CDC8-4214-89A4-E41EF48C5CBC}
c:\users\Megatron\AppData\Local\{C7EADB7A-368B-45AB-BE98-F1DCA77811C3}
c:\users\Megatron\AppData\Local\{5E6058DB-4EDF-4089-9E66-69CC42C04E2B}


Driver::
XDva309

Reglock::
[HKEY_USERS\S-1-5-21-1885654428-2098203781-4062814211-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-1885654428-2098203781-4062814211-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.vcf\UserChoice]
[HKEY_USERS\S-1-5-21-1885654428-2098203781-4062814211-1000\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
Aaaand here's the log:

ComboFix 11-06-06.02 - Megatron 06/06/2011 20:03:39.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2909.1794 [GMT -6:00]
Running from: c:\users\Megatron\Desktop\ComboFix.exe
Command switches used :: c:\users\Megatron\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Megatron\AppData\Local\{188CB295-CDB2-463F-B4B2-7AF161B52561}
c:\users\Megatron\AppData\Local\{57DB0C86-4BD8-4E5D-B500-3128116F90EC}
c:\users\Megatron\AppData\Local\{5E6058DB-4EDF-4089-9E66-69CC42C04E2B}
c:\users\Megatron\AppData\Local\{7C7B20C3-69E0-4CE3-B979-6D34574AB3C3}
c:\users\Megatron\AppData\Local\{B92C59BA-E090-499D-BD6E-7BE7A7AC9DE0}
c:\users\Megatron\AppData\Local\{C7EADB7A-368B-45AB-BE98-F1DCA77811C3}
c:\users\Megatron\AppData\Local\{D1A81876-CDC8-4214-89A4-E41EF48C5CBC}
c:\users\Megatron\AppData\Local\{EA874D7E-1211-41D6-843B-3285139D7E7E}
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA309
-------\Service_XDva309
.
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-07 02:09 . 2011-06-07 02:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-06 16:18 . 2011-06-06 16:18 388096 ----a-r- c:\users\Megatron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-06 16:18 . 2011-06-06 16:18 -------- d-----w- c:\program files\Trend Micro
2011-06-06 16:01 . 2011-06-06 16:01 -------- d-----w- c:\users\Megatron\AppData\Roaming\Malwarebytes
2011-06-06 16:01 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-06 16:01 . 2011-06-06 16:01 -------- d-----w- c:\programdata\Malwarebytes
2011-06-06 16:01 . 2011-05-29 15:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 16:01 . 2011-06-06 16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-04 05:34 . 2011-06-04 05:35 -------- d-----w- c:\users\Megatron\AppData\Roaming\.minecraft
2011-06-02 23:26 . 2009-11-03 20:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2011-06-02 23:26 . 2009-11-03 20:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2011-06-02 00:44 . 2011-06-02 00:44 -------- d-----w- c:\program files\Firaxis Games
2011-06-02 00:44 . 1997-06-02 18:32 314880 ----a-w- c:\windows\IsUninst.exe
2011-05-24 19:07 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-23 08:00 . 2011-05-23 08:00 -------- d-----w- C:\_data
2011-05-23 07:41 . 2011-05-23 07:41 -------- d-----w- c:\program files\Totally Free Converter
2011-05-23 07:23 . 2011-05-23 07:23 -------- d-----w- c:\users\Megatron\AppData\Roaming\4Media
2011-05-23 07:22 . 2011-05-23 07:22 -------- d-----w- c:\program files\4Media
2011-05-23 07:05 . 2011-06-06 17:58 -------- d-----w- c:\program files\Solid YouTube Downloader and Converter DB Toolbar
2011-05-23 06:59 . 2011-05-23 06:59 -------- d-----w- c:\programdata\Emicsoft Studio
2011-05-19 04:56 . 2011-05-19 04:57 -------- d-----w- c:\programdata\Skype Extras
2011-05-19 04:55 . 2011-05-19 04:55 -------- d-----w- c:\program files\Common Files\Skype
2011-05-19 00:12 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-16 20:45 . 2011-05-16 20:45 -------- d-----w- c:\users\Megatron\AppData\Local\Windows Live Writer
2011-05-16 20:45 . 2011-05-16 20:45 -------- d-----w- c:\users\Megatron\AppData\Roaming\Windows Live Writer
2011-05-12 19:47 . 2011-05-12 19:47 -------- d-----w- c:\users\Megatron\AppData\Roaming\Tonido
2011-05-11 11:59 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 11:59 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-10 20:37 . 2011-05-10 20:38 -------- d-----w- c:\users\Megatron\AppData\Local\CutePDF Writer
2011-05-10 20:36 . 2011-05-10 20:36 -------- d-----w- c:\program files\Acro Software
2011-05-10 20:34 . 2011-05-11 06:46 -------- d-----w- c:\program files\GPLGS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 13:58 . 2011-04-14 06:53 152064 ----a-w- c:\windows\system32\xvid.ax
2011-03-19 15:06 . 2011-04-14 06:53 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-19 15:04 . 2011-04-14 06:53 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-17 08:19 . 2011-03-17 08:19 249856 ------w- c:\windows\Setup1.exe
2011-03-17 08:19 . 2011-03-17 08:19 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-17 08:12 . 2011-03-17 08:11 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-03-14 01:55 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-12 11:23 . 2011-04-27 07:56 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:39 . 2011-04-27 07:56 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:39 . 2011-04-27 07:56 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:39 . 2011-04-27 07:56 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:39 . 2011-04-27 07:56 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:38 . 2011-04-27 07:56 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:38 . 2011-04-27 07:56 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:38 . 2011-04-27 07:56 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:33 . 2011-04-14 07:35 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 07:35 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-27 07:56 1699328 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:31 . 2011-04-27 07:56 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-05-02 09:02 . 2011-03-29 22:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-07-14 01:14 20992 --sh--r- c:\windows\System32\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo1.dll" [2010-09-09 2735200]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Vuze_Remote\tbVuz0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
2010-09-09 21:37 2735200 ----a-w- c:\program files\Veoh_Web_Player\tbVeo1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo1.dll" [2010-09-09 2735200]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\tbVeo1.dll" [2010-09-09 2735200]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Megatron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Megatron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Megatron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-17 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SansaDispatch"="c:\users\Megatron\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-06-05 79872]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2011-05-25 53160]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Tonido"="c:\users\Megatron\AppData\Roaming\Tonido\launcher.exe" [2011-04-12 100864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\users\Megatron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Megatron\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2009-01-14 05:33 34088 ----a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 MotuMidi;MOTU MIDI Device;c:\windows\system32\drivers\MotuMidi.sys [2010-07-12 36912]
R3 MotuUsb;MotuUsb;c:\windows\system32\Drivers\MotuUsb.sys [2010-07-12 49712]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-23 3724760]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-12 1343400]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-17 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [2010-02-05 13952]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus.sys [2010-07-12 23600]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1011232]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7XZVG-2E18SYK-0V7LG-HU9X7G-4Z1KY4A38}]
2009-07-14 01:14 20992 --sh--r- c:\windows\System32\svchost.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 00:16]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 00:16]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1885654428-2098203781-4062814211-1000Core.job
- c:\users\Megatron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-07 08:26]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1885654428-2098203781-4062814211-1000UA.job
- c:\users\Megatron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-07 08:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://obsidiansnow.newgrounds.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: freechal.com\downgame
TCP: DhcpNameServer = 192.168.1.254 199.185.220.254
DPF: {640044E9-92A3-4B89-A615-1F65354D3A65} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
FF - ProfilePath - c:\users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\dphvj1pp.default\
FF - prefs.js: browser.startup.homepage - hxxp://obsidiansnow.newgrounds.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1885654428-2098203781-4062814211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1885654428-2098203781-4062814211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1885654428-2098203781-4062814211-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2584)
c:\users\Megatron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Game Booster\gbtray.exe
c:\windows\system32\conhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\DllHost.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2011-06-06 20:15:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-07 02:15
ComboFix2.txt 2011-06-07 01:58
ComboFix3.txt 2011-06-06 18:12
.
Pre-Run: 225,622,691,840 bytes free
Post-Run: 225,463,943,168 bytes free
.
- - End Of File - - 4345681B5DABB1A5946D826857EB2CAB


***EDIT: The RAM is still saying that only 2.84GB is usable***
 
Last edited:
That all depends on the hardware you have. With a 32bit operating system you may only see up to 3.25gb of memory, but may be less. Get a 64bit OS and you can use all 4gb.
 
I've never had this issue before, though. The "2.84GB usable" is a new item that's only appeared after the infection this morning.

***EDIT: Is there any way I could check to make certain whether this is just a result of hardware versus some other, correctable issue?***
 
Last edited:
I've never heard of infections messing with memory useable. This could be a bios setting called "memory remapping". This usually can change the amount of memory available.
 
Should I perhaps be looking at that, then? I'm sure that at the very least it wasn't below 3GB before, as I've checked the system properties in the past and never saw a "2" next to RAM (I have an uncanny memory for numbers sometimes). If you're right about it just being a hardware thing, then I'd like to make absolutely sure if I can, instead of just giving up and assuming that the RAM in question was never usable.
 
You may want to. There is a also a max mem option in msconfig under the boot.ini tab. not sure if that will help either. But like i said earlier, if you really want to be able to use all 4 gb of memory then you will need to get a 64bit OS.
 
Whoa, whoa. So the boot.ini tab setting wasn't set to any maximum, but just for the sake of being thorough I tried setting it to 4GB, which didn't change anything. No big surprise, I think.

But then I had the idea to check the resource monitor. As it turns out, 1188MB of memory is unusable because it's under "Hardware Reserved". I have no idea what it's getting reserved for, because frankly I have suspicions about whether BIOS and drivers and whatever else would actually require such a large amount of RAM to be reserved, but there it is. If I can just figure out how to find what it's being reserved for, and how to fix it so it doesn't reserve more than it needs...

***EDIT Just tried looking into the "Memory Remapping", but it doesn't seem like my BIOS supports it, because I'm not seeing it.***
 
Last edited:
You must log in or register to reply here.
Back
Top