Inactive [A] Internet speed will drop drastically or disconnect constantly

[fjosh79]

i believe i downloaded something i shouldn't have and now my internet disconnects alot and i have already done everything i could to see if its a problem with my router or any other outside source


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Josh :: JOSH-PC [administrator]

Protection: Enabled

2/2/2012 7:40:43 PM
mbam-log-2012-02-02 (19-40-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195668
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted

successfully.
HKCR\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Quarantined and deleted

successfully.
HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Quarantined and deleted

successfully.
HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Quarantined and deleted

successfully.
HKCR\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.FBApi (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-

B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397}

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397}

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) ->

Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 29
C:\Program Files (x86)\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted

successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted

successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted

successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and

deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade)

-> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and

deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and

deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined

and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and

deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and

deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and

deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox

\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade)

-> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) ->

Quarantined and deleted successfully.

Files Detected: 106
C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (PUP.RewardsArcade) -> Quarantined and deleted

successfully.
C:\Users\Josh\Downloads\bitzipper_513.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted

successfully.
C:\Users\Josh\Downloads\DownloadSetup (13).exe (Affiliate.Downloader) -> Quarantined and deleted

successfully.
C:\Program Files (x86)\RewardsArcade\fb.js (PUP.RewardsArcade) -> Quarantined and deleted

successfully.
C:\Program Files (x86)\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) -> Quarantined and

deleted successfully.
C:\Program Files (x86)\RewardsArcade\jquery.js (PUP.RewardsArcade) -> Quarantined and deleted

successfully.
C:\Program Files (x86)\RewardsArcade\json.js (PUP.RewardsArcade) -> Quarantined and deleted

successfully.
C:\Program Files (x86)\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> Quarantined and deleted

successfully.
C:\Program Files (x86)\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> Quarantined and deleted

successfully.
C:\Program Files (x86)\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> Quarantined and

deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and

deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined

and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade)

-> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade)

-> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade)

-> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade)

-> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade)

-> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade)

-> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade)

-> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined

and deleted successfully.
C:\Users\Josh\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) ->

Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content

\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-

style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-

apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content

\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content

\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-

browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-

1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox

\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox

\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox

\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox

\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox

\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox

\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox

\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox

\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox

\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css

(PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css

(PUP.RewardsArcade) -> Quarantined and deleted successfully.

(end)

 

[fjosh79]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-02 20:13:32
Windows 6.1.7601 Service Pack 1
Running: jt5nu7u3.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\Temp\TMP0000004126F8533C73CB4958 0 bytes

---- EOF - GMER 1.0.15 ----





.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Josh at 20:21:51 on 2012-02-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6052.2070 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files (x86)\ToolKitService\ToolkitService.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
uDefault_Page_URL = hxxp://start.toshiba.com
uURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
mURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: ToolKit IE Helper: {70ea269e-56df-49c2-86b2-1a1924ed88b4} - C:\Program Files (x86)\ToolKitService\splash.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
TB: eToolKit Toolbar: {d3b22a92-87a2-47b6-b3e6-a64877b5c242} - C:\Program Files (x86)\ToolKitService\toolbar_v2.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized
uRunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --enable-print-preview --flag-switches-end --restore-last-session -- http://www.winzip.com/wzgate.cgi?la...i&param=dsi=37&nid=-&ver=16.0.9686.0&bnc=nkln
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{11CBEEE9-36A5-4E24-866F-E2D4DC3C1188} : DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{7680275B-D787-4FD4-AADB-CF8047FB33CB} : DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{7680275B-D787-4FD4-AADB-CF8047FB33CB}\4586567596C64624F616270516E647865627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7680275B-D787-4FD4-AADB-CF8047FB33CB}\94E6475627E656471313 : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7680275B-D787-4FD4-AADB-CF8047FB33CB}\94E6475627E6564743 : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7680275B-D787-4FD4-AADB-CF8047FB33CB}\94E6475627E6564793 : DhcpNameServer = 24.158.63.8 24.197.97.132
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
BHO-X64: WinZipBar - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: ToolKit IE Helper: {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files (x86)\ToolKitService\splash.dll
BHO-X64: ToolKit IE Helper - No File
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
TB-X64: eToolKit Toolbar: {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar_v2.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-23 1157240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120201.002\IDSviA64.sys [2012-2-1 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe [2012-1-30 130008]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-10-18 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-10-18 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 ToolkitSvc;Toolkit Service;C:\Program Files (x86)\ToolKitService\toolkitservice.exe [2011-11-27 683664]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-18 2656280]
R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-21 138360]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\windows\system32\DRIVERS\iwdbus.sys --> C:\windows\system32\DRIVERS\iwdbus.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-18 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 136176]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\system32\drivers\intelaud.sys --> C:\windows\system32\drivers\intelaud.sys [?]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-1 340240]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-03 00:51:00 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA37BC41-A95D-4109-87F0-03AD6330EE1C}\offreg.dll
2012-02-03 00:40:10 -------- d-----w- C:\Users\Josh\AppData\Roaming\Malwarebytes
2012-02-03 00:40:02 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-02-03 00:40:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-03 00:40:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-03 00:17:05 -------- d-----w- C:\Users\Josh\AppData\Roaming\EurekaLog
2012-02-02 01:31:35 -------- d-----w- C:\Users\Josh\AppData\Local\NPE
2012-01-31 04:50:33 912504 ----a-w- C:\windows\System32\drivers\N360x64\0502000.00D\symefa64.sys
2012-01-31 04:50:33 744568 ----a-w- C:\windows\System32\drivers\N360x64\0502000.00D\srtsp64.sys
2012-01-31 04:50:33 450680 ----a-w- C:\windows\System32\drivers\N360x64\0502000.00D\symds64.sys
2012-01-31 04:50:33 40568 ----a-w- C:\windows\System32\drivers\N360x64\0502000.00D\srtspx64.sys
2012-01-31 04:50:33 386168 ----a-w- C:\windows\System32\drivers\N360x64\0502000.00D\symnets.sys
2012-01-31 04:50:33 171128 ----a-r- C:\windows\System32\drivers\N360x64\0502000.00D\ironx64.sys
2012-01-31 04:50:12 -------- d-----w- C:\windows\System32\drivers\N360x64\0502000.00D
2012-01-28 04:20:58 -------- d-----w- C:\Users\Josh\AppData\Roaming\.Nitrous
2012-01-26 01:14:02 -------- d-----w- C:\windows\pss
2012-01-23 01:28:35 -------- d-----w- C:\Users\Josh\AppData\Roaming\BitZipper
2012-01-23 01:28:32 -------- d-----w- C:\Program Files (x86)\BitZipper
2012-01-22 23:57:24 -------- d-----w- C:\Program Files (x86)\System
2012-01-21 21:03:49 -------- d-----w- C:\Users\Josh\AppData\Local\Symantec
2012-01-21 20:24:53 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-01-21 20:24:53 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-01-21 20:24:53 1572864 ----a-w- C:\windows\System32\quartz.dll
2012-01-21 20:24:53 1328128 ----a-w- C:\windows\SysWow64\quartz.dll
2012-01-21 20:24:51 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-01-21 20:24:51 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-01-21 20:24:50 77312 ----a-w- C:\windows\System32\packager.dll
2012-01-21 20:24:50 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-01-21 18:26:55 34288 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-01-21 18:26:50 174200 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-21 18:26:49 -------- d-----w- C:\Program Files\Symantec
2012-01-21 18:26:49 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-01-21 18:26:09 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-01-21 18:26:09 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-01-21 18:25:55 -------- d-----w- C:\windows\System32\drivers\N360x64
2012-01-21 18:25:53 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-01-20 01:52:18 -------- d-----w- C:\Users\Josh\AppData\Local\ElevatedDiagnostics
2012-01-18 23:45:05 750488 ----a-w- C:\windows\System32\npdeployJava1.dll
2012-01-18 23:45:05 660368 ----a-w- C:\windows\System32\deployJava1.dll
2012-01-15 01:08:06 -------- d-----w- C:\Users\Josh\AppData\Local\PMB Files
2012-01-15 01:08:04 -------- d-----w- C:\ProgramData\PMB Files
2012-01-15 01:07:55 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-01-15 01:00:40 281656 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr
2012-01-15 01:00:37 -------- d-----w- C:\Users\Josh\AppData\Local\PunkBuster
2012-01-15 00:56:15 75136 ----a-w- C:\windows\SysWow64\PnkBstrA.exe
2012-01-15 00:56:15 281656 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2012-01-15 00:56:15 281656 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
2012-01-13 18:43:36 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-01-13 18:43:31 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-01-08 21:20:23 -------- d-----w- C:\ProgramData\Age of Empires 3
.
==================== Find3M ====================
.
2012-01-15 15:35:49 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-27 20:21:36 279616 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2011-12-21 01:32:20 21712 ----a-w- C:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-11-27 06:18:39 62552 ----a-w- C:\windows\System32\drivers\toolkitdisk.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2011-11-15 19:29:56 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-11-10 10:54:13 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-11-05 05:32:50 2048 ----a-w- C:\windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\windows\SysWow64\tzres.dll
.
============= FINISH: 20:22:19.48 ===============

 

[fjosh79]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/23/2011 10:15:55 AM
System Uptime: 2/2/2012 7:48:06 PM (1 hours ago)
.
Motherboard: TOSHIBA | | PEQAA
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU 1 | 2401/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 580 GiB total, 440.302 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe FE Family Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FC301179&REV_05\4&1068A457&0&00E0
Manufacturer: Realtek
Name: Realtek PCIe FE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FC301179&REV_05\4&1068A457&0&00E0
Service: RTL8167
.
==== System Restore Points ===================
.
RP62: 1/30/2012 6:59:12 PM - Scheduled Checkpoint
RP63: 2/2/2012 7:26:23 PM - Removed AVG 2012
RP64: 2/2/2012 7:28:29 PM - Removed AVG 2012
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Age of Empires® III: Complete Collection
Bejeweled 3
BitZipper 2010
Chuzzle Deluxe
D3DX10
DAEMON Tools Lite
Empire: Total War
eToolKit
FATE - The Traitor Soul
File Type Assistant
Fishdom (TM) 2
Game Booster 3
Garry's Mod
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) WiDi
JMicron Flash Media Controller Driver
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Miro
MSVCRT
MSVCRT_amd64
Napoleon: Total War
Nation Red
Need for Speed Underground 2
Norton 360
NVIDIA PhysX
Pando Media Booster
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Polar Bowler
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Saints Row: The Third
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.7
Steam
System - Driver - System update
System Requirements Lab CYRI
System Requirements Lab for Intel
The Elder Scrolls V: Skyrim
Tom Clancy's Splinter Cell
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
TOSHIBA Wireless Display Monitor
TOSHIBA Wireless LAN Indicator
TOSHIBARegistration
Tropico 3 - Steam Special Edition
Tropico 3: Absolute Power
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update Installer for WildTangent Games App
Utility Common Driver
Virtual Villagers 5 - New Believers
Visual Studio 2008 x64 Redistributables
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZipBar Toolbar
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/1/2012 6:19:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
2/1/2012 6:19:07 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/30/2012 5:04:45 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
1/29/2012 5:21:37 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/27/2012 9:37:27 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/27/2012 9:36:29 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

Please disable "word wrap" in Notepad as your logs are hard to read.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[fjosh79]

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-02 21:58:19
-----------------------------
21:58:19.787 OS Version: Windows x64 6.1.7601 Service Pack 1
21:58:19.787 Number of processors: 4 586 0x2A07
21:58:19.787 ComputerName: JOSH-PC UserName: Josh
21:58:21.019 Initialize success
21:59:36.618 AVAST engine defs: 12020202
21:59:41.057 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:59:41.058 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
21:59:41.069 Disk 0 MBR read successfully
21:59:41.071 Disk 0 MBR scan
21:59:41.074 Disk 0 Windows VISTA default MBR code
21:59:41.082 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:59:41.093 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 593519 MB offset 3074048
21:59:41.124 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15460 MB offset 1218600960
21:59:41.129 Service scanning
21:59:42.599 Modules scanning
21:59:42.601 Disk 0 trace - called modules:
21:59:42.635 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
21:59:42.638 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bdd060]
21:59:42.966 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8007bd8710]
21:59:42.969 5 thpdrv.sys[fffff88001dad2b0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005d35050]
21:59:45.802 AVAST engine scan C:\windows
21:59:47.206 AVAST engine scan C:\windows\system32
22:02:05.524 AVAST engine scan C:\windows\system32\drivers
22:02:22.169 AVAST engine scan C:\Users\Josh
22:04:06.918 Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
22:04:06.918 The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBR.txt"

 

[fjosh79]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

 

[Broni]

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.
Post it in your next reply.

 

[fjosh79]

thank you for your time, and semper fidelis

ListParts by Farbar
Ran by Josh on 02-02-2012 at 22:24:11
Windows 7 (X64)
Running From: C:\Users\Josh\Desktop
************************************************************

========================= Memory info ======================

Percentage of memory in use: 66%
Total physical RAM: 6051.77 MB
Available physical RAM: 2045.85 MB
Total Pagefile: 12101.73 MB
Available Pagefile: 7488.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106230W0C) (Fixed) (Total:579.61 GB) (Free:439.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 579 GB 1501 MB
Partition 3 Primary 15 GB 581 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 System NTFS Partition 1500 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C TI106230W0C NTFS Partition 579 GB Healthy Boot

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.



****** End Of Log ******

 

[Broni]

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

 

[fjosh79]

ok it said no infections were found.

 

[Broni]

It looks like we have the newest TDL rootkit there.

Download GETxPUD.exe to the desktop of your clean computer

• Double click on GETxPUD.exe
• A new folder will appear on the desktop.
• Open the GETxPUD folder and click on the get&burn.bat
• The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
• Insert blank CD into your CD drive.
• Click on Start and follow the prompts to burn the image to a CD.
• Boot bad computer from the CD
• Press Tool at the top
• Choose Open Terminal
• Type parted /dev/sda set 2 boot on
• Press Enter
• Type parted /dev/sda rm 3
• Press Enter
• Remove xPUD CD, reboot, run aswMBR and post the log

 

[fjosh79]

I dont have a blank cd at the moment but i shall get one tomorrow and do it. and the internet is running better now thank you. i am still going to do that though.

 

[fjosh79]

i tried to download GETxPUD and windows said it might not have installed correctly so it gave me two options: 1)reinstall with recommended settings 2) yes this program installed correctly. i tried both options with a new download and it doesn't do anything after i click it, even if i run as administrator.

 

[Broni]

Nothing installs there.
Maybe bad download.
Try to download and create the CD on another healthy computer.