Inactive Websites being redirected at random

DONGS · 2010/07/16

[Inactive] Websites being redirected at random

Hello there. I've been having an utterly infuriating problem. Whenever I type in random website addresses, I get redirected to a variety of websites; the latest one being ultrabestportal.com. I am also unable to update Windows. I've tried everything; even formatted my HD. I'm at my wits end. Here's my logfile:

DDS (Ver_10-03-17.01) - NTFSx86
Run by DONGS at 22:53:04.76 on Thu 07/15/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1670 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Steam\Steam.exe
C:\Users\DONGS\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\DONGS\Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Google Update] "c:\users\dongs\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\windows\system32\avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dongs\appdata\roaming\mozilla\firefox\profiles\04n9lkkk.default\
FF - prefs.js: browser.search.selectedEngine - Swagbucks.com
FF - prefs.js: browser.startup.homepage - hxxp://www.4chan.org/frames/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dongs\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-19 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-19 242896]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2010-6-19 20384]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-19 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-19 308064]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-19 38224]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-21 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2010-6-19 954368]

=============== Created Last 30 ================

2010-07-16 05:04:22 0 d-sh--w- C:\$RECYCLE.BIN
2010-07-16 04:48:54 98816 ----a-w- c:\windows\sed.exe
2010-07-16 04:48:54 77312 ----a-w- c:\windows\MBR.exe
2010-07-16 04:48:54 256512 ----a-w- c:\windows\PEV.exe
2010-07-16 04:48:54 161792 ----a-w- c:\windows\SWREG.exe
2010-07-07 02:50:58 5849808 ----a-w- c:\users\dongs\EBOOT.BIN
2010-07-06 17:37:58 426 ----a-w- c:\users\dongs\NDS.lnk
2010-07-02 06:21:21 4 ----a-w- c:\windows\system32\wnsm2i.rdb
2010-07-02 06:21:15 0 d-----w- c:\users\dongs\appdata\roaming\SpaceMonger
2010-07-02 06:21:14 0 d-----w- c:\program files\SpaceMonger
2010-06-30 02:03:02 0 d-----w- c:\program files\common files\Steam
2010-06-30 02:03:00 0 d-----w- c:\program files\Steam
2010-06-27 01:32:12 0 d-----w- c:\users\dongs\appdata\roaming\.minecraft
2010-06-23 05:58:39 0 d-----w- c:\users\dongs\NDS
2010-06-21 07:07:17 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-21 07:07:16 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-21 07:06:41 0 d-----w- c:\program files\iPod
2010-06-21 07:06:35 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-21 07:06:35 0 d-----w- c:\program files\iTunes
2010-06-21 07:03:01 0 d-----w- c:\programdata\Apple Computer
2010-06-21 06:59:59 0 d-----w- c:\program files\Bonjour
2010-06-21 06:59:45 0 d-----w- c:\programdata\Apple
2010-06-21 06:57:05 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-21 06:51:49 0 d-----w- c:\program files\Combined Community Codec Pack
2010-06-21 06:51:02 0 d-----r- c:\program files\Skype
2010-06-21 06:50:56 0 d-----w- c:\programdata\Skype
2010-06-20 17:03:10 0 d-----w- c:\program files\uTorrent
2010-06-20 17:02:47 0 d-----w- c:\users\dongs\appdata\roaming\uTorrent
2010-06-20 16:59:57 0 d-----w- c:\users\dongs\appdata\roaming\WinBatch
2010-06-20 05:36:25 0 d-----w- c:\programdata\F-Secure
2010-06-20 05:35:48 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-20 05:35:33 0 d-----w- c:\programdata\Hitman Pro
2010-06-20 05:35:26 0 d-----w- c:\program files\Hitman Pro 3.5
2010-06-20 05:20:31 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-20 05:20:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-20 05:20:22 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-20 05:20:15 0 d-----w- c:\windows\system32\drivers\Avg
2010-06-20 05:20:08 0 d-----w- c:\program files\AVG
2010-06-20 05:20:07 0 d-----w- c:\programdata\avg9
2010-06-20 05:10:44 0 d-----w- c:\programdata\Sun
2010-06-20 05:10:34 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-20 05:05:28 0 d-----w- c:\program files\CCleaner
2010-06-20 05:04:27 0 d-----w- c:\users\dongs\appdata\roaming\Malwarebytes
2010-06-20 05:04:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 05:04:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 05:04:18 0 d-----w- c:\programdata\Malwarebytes
2010-06-20 05:04:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-20 05:02:23 147368 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-20 04:41:05 0 d-----w- c:\users\dongs\appdata\roaming\foobar2000
2010-06-20 04:40:55 0 d-----w- c:\program files\foobar2000
2010-06-20 04:38:24 0 d-----w- c:\program files\sysreset
2010-06-20 04:31:35 0 d-----w- c:\users\dongs\appdata\roaming\Symantec
2010-06-20 04:31:05 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2010-06-20 04:18:56 0 d-----w- C:\DOCS
2010-06-20 04:11:58 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2010-06-20 04:11:56 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-06-20 04:10:55 0 d-----w- c:\program files\common files\Toshiba Shared
2010-06-20 04:05:59 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2010-06-20 04:05:49 0 d-----w- c:\program files\Jumpstart
2010-06-20 04:03:15 919552 ----a-w- c:\windows\system32\drivers\athr.sys
2010-06-20 04:03:14 53248 ----a-w- c:\windows\system32\athihvui.dll
2010-06-20 04:03:14 516096 ----a-w- c:\windows\system32\S64CPA.exe
2010-06-20 04:03:14 393216 ----a-w- c:\windows\system32\athihvs.dll
2010-06-20 04:03:14 0 d-----w- c:\windows\system32\nn-NO
2010-06-20 04:02:58 0 d-----w- c:\program files\Atheros
2010-06-20 04:02:57 0 d-----w- c:\program files\Cisco
2010-06-20 04:02:54 0 d-----w- c:\programdata\Atheros
2010-06-20 04:01:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-06-20 04:01:15 0 d-----w- c:\program files\Synaptics
2010-06-20 03:58:54 0 d-----w- c:\windows\system32\ENU
2010-06-20 03:58:53 1034776 ----a-w- c:\windows\system32\imsmudlg.exe
2010-06-20 03:58:46 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-20 03:54:38 77824 ----a-w- c:\windows\system32\tosmreg.exe
2010-06-20 03:54:38 7671 ----a-w- c:\windows\system32\cseltbl.ini
2010-06-20 03:54:38 491520 ----a-w- c:\windows\system32\cselect.exe
2010-06-20 03:54:38 45056 ----a-w- c:\windows\system32\csellang.dll
2010-06-20 03:54:38 128113 ----a-w- c:\windows\system32\csellang.ini
2010-06-20 03:54:38 10150 ----a-w- c:\windows\system32\tosmreg.ini
2010-06-20 03:54:38 0 d-----w- c:\program files\ltmoh
2010-06-20 03:53:59 0 d-----w- c:\windows\Options
2010-06-20 03:53:28 553 ----a-w- c:\windows\USetup.iss
2010-06-20 03:48:59 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-06-20 03:48:59 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-06-20 03:48:59 0 d-----w- c:\windows\system32\Lang
2010-06-20 03:45:38 0 d-----w- c:\program files\Microsoft Office Suite Activation Assistant
2010-06-20 03:42:54 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-06-20 03:42:03 0 d-----w- c:\windows\PCHEALTH
2010-06-20 03:40:42 0 d-----w- c:\programdata\Microsoft Help
2010-06-20 00:18:52 5 --sh--r- c:\windows\system32\drivers\taishop.sys

==================== Find3M ====================

2010-07-16 05:46:40 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-07-16 05:46:40 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-21 07:01:53 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-20 03:52:11 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-06-20 03:52:07 315392 ----a-w- c:\windows\HideWin.exe
2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 23:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-20 03:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-08-18 18:36:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-01-21 02:23:32 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe

============= FINISH: 22:54:38.71 ===============

DONGS · 2010/07/16

Here are the contents of the second logfile. Thank you in advance.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/19/2010 8:32:12 PM
System Uptime: 7/15/2010 10:43:25 PM (0 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | CPU | 2000/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 148 GiB total, 20.492 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP95: 7/5/2010 10:05:14 PM - Scheduled Checkpoint

==== Installed Programs ======================

µTorrent
7-Zip 4.65
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Amazon Links
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
AVG Free 9.0
Bonjour
CCleaner
CD/DVD Drive Acoustic Silencer
Chromium
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2009-09-09
Compatibility Pack for the 2007 Office system
DVD MovieFactory for TOSHIBA
foobar2000 v1.0.3
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Hitman Pro 3.5
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 6
Malwarebytes' Anti-Malware
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
mIRC
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB941833)
NetZero Internet Access Installer
Picasa 2
QuickBooks Financial Center
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Skype Toolbars
Skypeâ„¢ 4.2
SpaceMonger 2.1.1
Steam
Synaptics Pointing Device Driver
TOSHIBA Application Disc Creator
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Windows Media Encoder 9 Series
WinRAR archiver

==== Event Viewer Messages From Past Week ========

7/8/2010 11:10:00 PM, Error: Application Popup [1] - {Operation Failed} The requested operation was unsuccessful.
7/15/2010 9:51:11 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/15/2010 12:20:27 PM, Error: PlugPlayManager [12] - The device 'Atheros AR5007EG Wireless Network Adapter' (PCI\VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01\4&c8c337f&0&00E1) disappeared from the system without first being prepared for removal.
7/15/2010 10:38:41 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_KFIGQTE\0000 disappeared from the system without first being prepared for removal.
7/15/2010 10:30:49 PM, Error: EventLog [6008] - The previous system shutdown at 10:29:50 PM on 7/15/2010 was unexpected.
7/10/2010 12:42:49 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

==== End Of File ===========================

Admin. · 2010/07/16

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

broni · 2010/07/16

I've tried everything; even formatted my HD
Click to expand...

Interesting....

Your router may be infected, but...
Let's check your computer, first.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=============================================================

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

DONGS · 2010/07/16

Thank you for your help.

MBRCheck, version 1.1.1
(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

Done! Press ENTER to exit...

DONGS · 2010/07/16

And here is the MBAM logfile:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4217

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

7/16/2010 1:06:12 PM
mbam-log-2010-07-16 (13-06-12).txt

Scan type: Quick scan
Objects scanned: 127456
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.14 85.255.112.5 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0a2e6ba9-3b42-4b4c-bbfb-e7d86fd7e9db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.14 85.255.112.5 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0de0ad8b-15bd-48fd-86b8-338f8a7f4431}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.14 85.255.112.5 1.2.3.4 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/07/16

Your MBAM log says "No action taken" after each line.
Please, re-run "Quick Scan" and fix all issues, this time around.

broni · 2010/07/16

One more question...
Was your computer physically connected to the internet (ethernet cable), while reinstalling Windows?

DONGS · 2010/07/16

Sorry about that. I've uninstalled uTorrent as per request. As for whether or not I was connected to the internet during the reinstallation of Windows; I believe I was not.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4217

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

7/16/2010 1:42:03 PM
mbam-log-2010-07-16 (13-42-03).txt

Scan type: Quick scan
Objects scanned: 126811
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.14 85.255.112.5 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0a2e6ba9-3b42-4b4c-bbfb-e7d86fd7e9db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.14 85.255.112.5 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0de0ad8b-15bd-48fd-86b8-338f8a7f4431}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.14 85.255.112.5 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/07/16

How is redirection right now?

Go ahead with GMER...

DONGS · 2010/07/16

I'm still getting redirects. I'm currently running GMER, and it's taking a while...I'll post the log when it's finished.

broni · 2010/07/16

No problem. We just barely started...

DONGS · 2010/07/16

OK; it took a while, but here's my GMER log.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-16 17:35:26
Windows 6.0.6001 Service Pack 1
Running: 6tt98pt1.exe; Driver: C:\Users\DONGS\AppData\Local\Temp\fwrcapod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x89D5C480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x89D9D900, 0x3CA, 0x48000040]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

broni · 2010/07/16

It looks clean...

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

DONGS · 2010/07/16

Here is the combofix log:

ComboFix 10-07-15.05 - DONGS 07/16/2010 18:33:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1955 [GMT -7:00]
Running from: c:\users\DONGS\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
.

2010-07-17 01:41 . 2010-07-17 01:41 -------- d-----w- c:\users\DONGS\AppData\Local\temp
2010-07-17 01:41 . 2010-07-17 01:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-17 01:41 . 2010-07-17 01:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-16 19:05 . 2010-07-16 19:05 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-16 19:05 . 2010-07-16 19:05 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-16 19:05 . 2010-07-16 19:05 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 19:03 . 2010-07-16 19:03 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-07-16 19:03 . 2010-07-16 19:03 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-07-16 19:03 . 2010-07-16 19:03 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-07-16 19:03 . 2010-07-16 19:03 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-07-12 04:57 . 2010-07-12 04:58 -------- d-----w- c:\users\DONGS\AppData\Local\Adobe
2010-07-11 18:02 . 2010-07-16 19:02 65024 ----a-w- c:\users\DONGS\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
2010-07-11 18:02 . 2010-07-16 19:02 62464 ----a-w- c:\users\DONGS\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
2010-07-11 18:02 . 2010-07-16 19:02 61952 ----a-w- c:\users\DONGS\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll
2010-07-11 18:02 . 2010-07-16 19:02 59392 ----a-w- c:\users\DONGS\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll
2010-07-11 18:02 . 2010-07-16 19:02 273920 ----a-w- c:\users\DONGS\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
2010-07-11 18:02 . 2010-07-16 19:02 195072 ----a-w- c:\users\DONGS\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
2010-07-11 18:02 . 2010-07-16 19:02 193024 ----a-w- c:\users\DONGS\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll
2010-07-11 18:02 . 2010-07-16 19:02 108032 ----a-w- c:\users\DONGS\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll
2010-07-07 02:50 . 2010-07-07 02:50 5849808 ----a-w- c:\users\DONGS\EBOOT.BIN
2010-07-02 06:33 . 2010-07-16 05:15 188152 ----a-w- c:\users\DONGS\AppData\Roaming\Mozilla\Firefox\Profiles\04n9lkkk.default\FlashGot.exe
2010-07-02 06:21 . 2010-07-02 06:21 -------- d-----w- c:\users\DONGS\AppData\Roaming\SpaceMonger
2010-07-02 06:21 . 2010-07-02 06:21 -------- d-----w- c:\program files\SpaceMonger
2010-07-02 06:03 . 2010-07-02 06:03 -------- d-----w- c:\users\DONGS\AppData\Roaming\Media Player Classic
2010-06-30 02:03 . 2010-06-30 02:03 -------- d-----w- c:\program files\Common Files\Steam
2010-06-30 02:03 . 2010-07-17 01:20 -------- d-----w- c:\program files\Steam
2010-06-27 01:32 . 2010-07-14 00:35 -------- d-----w- c:\users\DONGS\AppData\Roaming\.minecraft
2010-06-23 05:58 . 2010-07-09 06:07 -------- d-----w- c:\users\DONGS\NDS
2010-06-21 07:08 . 2010-06-21 08:16 -------- d-----w- c:\users\DONGS\AppData\Roaming\Apple Computer
2010-06-21 07:08 . 2010-06-21 07:08 -------- d-----w- c:\users\DONGS\AppData\Local\Apple Computer
2010-06-21 07:07 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-21 07:07 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-21 07:07 . 2010-06-21 07:07 -------- dc----w- c:\windows\system32\DRVSTORE
2010-06-21 07:06 . 2010-06-21 07:06 -------- d-----w- c:\program files\iPod
2010-06-21 07:06 . 2010-06-21 07:07 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-21 07:06 . 2010-06-21 07:07 -------- d-----w- c:\program files\iTunes
2010-06-21 07:03 . 2010-06-21 07:05 -------- d-----w- c:\program files\QuickTime
2010-06-21 07:03 . 2010-06-21 07:06 -------- d-----w- c:\programdata\Apple Computer
2010-06-21 07:02 . 2010-06-21 07:02 -------- d-----w- c:\users\DONGS\AppData\Local\Apple
2010-06-21 07:02 . 2010-06-21 07:02 -------- d-----w- c:\program files\Apple Software Update
2010-06-21 06:59 . 2010-06-21 07:00 -------- d-----w- c:\program files\Bonjour
2010-06-21 06:59 . 2010-06-21 07:06 -------- d-----w- c:\program files\Common Files\Apple
2010-06-21 06:59 . 2010-06-21 06:59 -------- d-----w- c:\programdata\Apple
2010-06-21 06:57 . 2010-06-21 06:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-21 06:57 . 2010-07-16 23:07 -------- d-----w- c:\users\DONGS\AppData\Roaming\skypePM
2010-06-21 06:51 . 2010-06-21 06:51 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-06-21 06:51 . 2010-07-17 01:41 -------- d-----w- c:\users\DONGS\AppData\Roaming\Skype
2010-06-21 06:51 . 2010-06-21 06:51 -------- d-----w- c:\program files\Common Files\Skype
2010-06-21 06:51 . 2010-06-21 06:51 -------- d-----r- c:\program files\Skype
2010-06-21 06:50 . 2010-06-21 06:51 -------- d-----w- c:\programdata\Skype
2010-06-20 17:05 . 2010-06-20 17:05 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-20 17:02 . 2010-07-16 20:01 -------- d-----w- c:\users\DONGS\AppData\Roaming\uTorrent
2010-06-20 17:00 . 2010-06-20 17:00 -------- d-----w- c:\users\DONGS\AppData\Roaming\InstallShield
2010-06-20 16:59 . 2010-06-20 16:59 -------- d-----w- c:\users\DONGS\AppData\Roaming\WinBatch
2010-06-20 16:59 . 2010-06-20 16:59 13007384 ----a-w- c:\programdata\Toshiba\TSS\Plugins\SwUpdates\Packages\51aa01c2-04d6-427e-9632-72511f33aa3a\165710_15.55.50.TC00156800E.exe
2010-06-20 16:58 . 2010-06-20 16:58 1705280 ----a-w- c:\programdata\Toshiba\TSS\Plugins\SwUpdates\Packages\32654c98-02d3-416b-beb1-bb12f053f246\164852_16.10.20.PS10190.exe
2010-06-20 05:46 . 2010-06-20 05:46 -------- d-----w- c:\users\DONGS\AppData\Local\Chromium
2010-06-20 05:36 . 2010-06-20 05:36 -------- d-----w- c:\programdata\F-Secure
2010-06-20 05:35 . 2010-07-16 05:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-20 05:35 . 2010-06-20 05:35 -------- d-----w- c:\programdata\Hitman Pro
2010-06-20 05:35 . 2010-06-20 05:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-20 05:20 . 2010-07-16 19:05 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-20 05:20 . 2010-07-16 19:04 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-20 05:20 . 2010-06-20 17:05 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-20 05:20 . 2010-07-16 19:05 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-20 05:20 . 2010-06-20 05:20 -------- d-----w- c:\program files\AVG
2010-06-20 05:20 . 2010-06-20 05:20 -------- d-----w- c:\programdata\avg9
2010-06-20 05:14 . 2010-06-20 05:14 -------- d-----w- c:\windows\Sun
2010-06-20 05:10 . 2010-06-20 05:10 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-20 05:05 . 2010-06-20 08:26 -------- d-----w- c:\program files\CCleaner
2010-06-20 05:04 . 2010-06-20 05:04 -------- d-----w- c:\users\DONGS\AppData\Roaming\Malwarebytes
2010-06-20 05:04 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 05:04 . 2010-06-20 05:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-20 05:04 . 2010-06-20 05:04 -------- d-----w- c:\programdata\Malwarebytes
2010-06-20 05:04 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 05:02 . 2010-06-20 05:02 147368 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-20 04:52 . 2010-06-20 04:52 -------- d-----w- c:\program files\7-Zip
2010-06-20 04:43 . 2010-06-20 04:43 -------- d-----w- c:\users\DONGS\AppData\Local\Mozilla
2010-06-20 04:41 . 2010-07-16 22:08 -------- d-----w- c:\users\DONGS\AppData\Roaming\foobar2000
2010-06-20 04:40 . 2010-06-20 04:41 -------- d-----w- c:\program files\foobar2000
2010-06-20 04:38 . 2010-07-17 01:19 -------- d-----w- c:\program files\sysreset
2010-06-20 04:31 . 2010-06-20 04:31 -------- d-----w- c:\users\DONGS\AppData\Local\Toshiba
2010-06-20 04:31 . 2010-06-20 05:22 -------- d-----w- c:\users\DONGS\AppData\Local\Google
2010-06-20 04:31 . 2010-06-20 04:31 82720 ----a-w- c:\users\DONGS\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-20 04:31 . 2010-06-20 04:31 -------- d-----w- c:\users\DONGS\AppData\Roaming\Symantec
2010-06-20 04:18 . 2010-06-20 04:18 -------- d-----w- C:\DOCS
2010-06-20 04:11 . 2008-07-19 01:52 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2010-06-20 04:11 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-06-20 04:10 . 2010-06-20 04:12 -------- d-----w- c:\program files\Common Files\Toshiba Shared
2010-06-20 04:05 . 2008-04-28 23:59 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2010-06-20 04:05 . 2010-06-20 04:05 -------- d-----w- c:\program files\Jumpstart
2010-06-20 04:03 . 2008-07-28 22:53 919552 ----a-w- c:\windows\system32\drivers\athr.sys
2010-06-20 04:03 . 2010-06-20 04:03 -------- d-----w- c:\windows\system32\nn-NO
2010-06-20 04:03 . 2008-07-28 21:31 516096 ----a-w- c:\windows\system32\S64CPA.exe
2010-06-20 04:03 . 2008-07-28 21:31 53248 ----a-w- c:\windows\system32\athihvui.dll
2010-06-20 04:03 . 2008-07-28 21:30 393216 ----a-w- c:\windows\system32\athihvs.dll
2010-06-20 04:02 . 2010-06-20 04:04 -------- d-----w- c:\program files\Atheros
2010-06-20 04:02 . 2010-06-20 04:02 -------- d-----w- c:\program files\Cisco
2010-06-20 04:02 . 2010-06-20 04:05 -------- d-----w- c:\programdata\Atheros
2010-06-20 04:01 . 2010-06-20 04:01 -------- d-----w- c:\program files\Synaptics
2010-06-20 03:58 . 2010-06-20 03:58 -------- d-----w- c:\windows\system32\ENU
2010-06-20 03:58 . 2008-05-03 00:53 1034776 ----a-w- c:\windows\system32\imsmudlg.exe
2010-06-20 03:58 . 2008-04-16 00:53 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-20 03:54 . 2010-06-20 03:54 -------- d-----w- c:\program files\ltmoh
2010-06-20 03:54 . 2006-12-26 23:40 491520 ----a-w- c:\windows\system32\cselect.exe
2010-06-20 03:54 . 2003-12-05 16:48 77824 ----a-w- c:\windows\system32\tosmreg.exe
2010-06-20 03:54 . 2003-11-01 10:59 45056 ----a-w- c:\windows\system32\csellang.dll
2010-06-20 03:53 . 2010-06-20 03:53 -------- d-----w- c:\windows\Options
2010-06-20 03:48 . 2010-06-20 03:58 -------- d-----w- c:\windows\system32\Lang
2010-06-20 03:48 . 2008-06-25 22:05 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-06-20 03:48 . 2006-11-10 16:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-06-20 03:45 . 2010-06-20 03:45 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant
2010-06-20 03:42 . 2006-10-27 02:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-06-20 03:42 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-06-20 03:42 . 2010-06-20 03:42 -------- d-----w- c:\windows\PCHEALTH
2010-06-20 03:42 . 2010-06-20 03:42 -------- d-----w- c:\program files\Microsoft.NET
2010-06-20 03:40 . 2010-06-20 03:44 -------- d-----w- c:\programdata\Microsoft Help
2010-06-20 03:39 . 2010-06-20 03:39 -------- d-----r- C:\MSOCache
2010-06-20 03:38 . 2010-06-20 03:38 -------- d-----w- c:\program files\Microsoft Works
2010-06-20 00:18 . 2010-06-20 00:18 5 --sh--r- c:\windows\system32\drivers\taishop.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 07:01 . 2008-08-18 18:18 -------- d-----w- c:\program files\Toshiba Registration
2010-06-20 05:10 . 2008-08-18 18:10 -------- d-----w- c:\program files\Common Files\Java
2010-06-20 05:10 . 2008-08-18 18:10 -------- d-----w- c:\program files\Java
2010-06-20 04:54 . 2008-08-18 18:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-20 04:50 . 2008-08-18 17:52 -------- d-----w- c:\programdata\WildTangent
2010-06-20 04:31 . 2010-06-20 04:31 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2010-06-20 04:23 . 2008-08-18 17:10 -------- d-----w- c:\program files\Toshiba
2010-06-20 04:23 . 2008-08-18 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-20 04:10 . 2008-08-18 17:47 -------- d-----w- c:\programdata\Toshiba
2010-06-20 04:01 . 2010-06-20 04:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-06-20 03:58 . 2008-08-18 17:40 -------- d-----w- c:\program files\Intel
2010-06-20 03:52 . 2010-06-20 03:52 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-06-20 03:52 . 2008-08-18 17:42 -------- d-----w- c:\program files\Realtek
2010-06-20 03:52 . 2010-06-20 03:52 315392 ----a-w- c:\windows\HideWin.exe
2010-06-16 03:01 . 2010-06-16 03:01 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-20 03:47 . 2010-04-20 03:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 03:47 . 2010-04-20 03:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2008-01-21 02:23 . 2008-01-21 02:23 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-07-16_05.01.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-07-17 01:22 38604 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-07-17 01:22 70348 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:25 . 2010-07-16 18:58 86016 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2010-07-15 21:12 86016 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2010-07-16 18:58 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2010-07-15 21:12 51200 c:\windows\inf\infpub.dat
+ 2010-06-20 04:32 . 2010-07-17 01:22 4098 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-321911073-2565416866-1713073674-1000_UserData.bin
+ 2010-07-17 01:20 . 2010-07-17 01:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-20 08:14 . 2010-06-20 08:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-07-17 01:20 . 2010-07-17 01:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-06-20 08:14 . 2010-06-20 08:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-20 16:58 . 2010-07-16 18:57 185884 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2010-07-14 06:43 608136 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-07-17 01:26 608136 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-07-14 06:43 114778 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-07-17 01:26 114778 c:\windows\System32\perfc009.dat
+ 2010-06-20 04:25 . 2010-07-16 20:43 179280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-06-20 04:25 . 2010-06-20 06:34 179280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"Google Update "= "c:\users\DONGS\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-20 136176]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Steam "= "c:\program files\steam\steam.exe" [2010-06-30 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"TPwrMain "= "c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView "= "c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain "= "c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NDSTray.exe "= "NDSTray.exe" [BU]
"ToshibaServiceStation "= "c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-02 1283384]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-21 29744]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

R3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-21 29744]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-16 921440]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-02 62776]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

.
Contents of the 'Scheduled Tasks' folder

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321911073-2565416866-1713073674-1000Core.job
- c:\users\DONGS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 05:21]

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321911073-2565416866-1713073674-1000UA.job
- c:\users\DONGS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 05:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\DONGS\AppData\Roaming\Mozilla\Firefox\Profiles\04n9lkkk.default\
FF - prefs.js: browser.search.selectedEngine - Swagbucks.com
FF - prefs.js: browser.startup.homepage - hxxp://www.4chan.org/frames/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\DONGS\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 18:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????? ?m??h?????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-321911073-2565416866-1713073674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*K*a*m*e*n*_*R*i*d*e*r*_*K*a*b*u*t*o*_*J*A*P*_*P*S*2*C*D*-*G*A*N*T*j^b—…ºN\Q]
@Class= "Shell "
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-321911073-2565416866-1713073674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*K*a*m*e*n*_*R*i*d*e*r*_*K*a*b*u*t*o*_*J*A*P*_*P*S*2*C*D*-*G*A*N*T*j^b—…ºN\Q\OpenWithList]
@Class= "Shell "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
Completion time: 2010-07-16 18:44:37
ComboFix-quarantined-files.txt 2010-07-17 01:44
ComboFix2.txt 2010-07-16 05:05

Pre-Run: 15,973,093,376 bytes free
Post-Run: 15,950,340,096 bytes free

- - End Of File - - 74CAE8278BA592C9A12DEA23D206756B

broni · 2010/07/16

I can see, this is 2nd Combofix run.
I'd like to see ComboFix2.txt log.

DONGS · 2010/07/16

Unfortunately, it looks like I do not have a ComboFix2.txt file.

broni · 2010/07/16

How is redirection?

* Click on Start, then Run.
* Copy and Paste the green bold text below in to the Run Box:

cmd /c dir /a /s C:\QooBox >log.txt&start log.txt

* Then click on OK.
* A Text File will open up, please Copy and Paste the contents in your next reply.

DONGS · 2010/07/16

Still being redirected. Thanks again for your help.

Volume in drive C is SQ004816V03
Volume Serial Number is 667F-F42F

Directory of C:\QooBox

07/16/2010 06:44 PM <DIR> .
07/16/2010 06:44 PM <DIR> ..
07/16/2010 06:43 PM 2,431 Add-Remove Programs.txt
07/16/2010 06:32 PM <DIR> BackEnv
07/16/2010 06:44 PM 363 ComboFix-quarantined-files.txt
07/15/2010 10:05 PM 22,705 ComboFix2.txt
07/15/2010 09:50 PM <DIR> Quarantine
07/15/2010 10:03 PM 1,419,599 SnapShot@2010-07-16_05.01.59.dat
4 File(s) 1,445,098 bytes

Directory of C:\QooBox\BackEnv

07/16/2010 06:32 PM <DIR> .
07/16/2010 06:32 PM <DIR> ..
07/16/2010 06:32 PM 123 appdata.folder.dat
07/16/2010 06:32 PM 228 cache.folder.dat
07/16/2010 06:32 PM 60 Cookies.folder.dat
07/16/2010 06:32 PM 81 desktop.folder.dat
07/16/2010 06:32 PM 114 favorites.folder.dat
07/16/2010 06:32 PM 99 localappdata.folder.dat
07/16/2010 06:32 PM 99 LocalSettings.folder.dat
07/16/2010 06:32 PM 84 mypictures.folder.dat
07/16/2010 06:32 PM 87 personal.folder.dat
07/16/2010 06:31 PM 177 Profiles.Folder.dat
07/16/2010 06:32 PM 201 Profiles.Folder.folder.dat
07/16/2010 06:32 PM 344 programs.folder.dat
07/16/2010 06:31 PM 4,700 SetPath.bat
07/16/2010 06:32 PM 239 startmenu.folder.dat
07/16/2010 06:32 PM 384 startup.folder.dat
07/16/2010 06:31 PM 829 SysPath.dat
07/16/2010 06:32 PM 235 templates.folder.dat
17 File(s) 8,084 bytes

Directory of C:\QooBox\Quarantine

07/15/2010 09:50 PM <DIR> .
07/15/2010 09:50 PM <DIR> ..
07/15/2010 09:50 PM <DIR> C
07/16/2010 06:33 PM 124 catchme.log
07/16/2010 06:43 PM <DIR> Registry_backups
1 File(s) 124 bytes

Directory of C:\QooBox\Quarantine\C

07/15/2010 09:50 PM <DIR> .
07/15/2010 09:50 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\Registry_backups

07/16/2010 06:43 PM <DIR> .
07/16/2010 06:43 PM <DIR> ..
07/15/2010 10:03 PM 119 HKLM-Run-cfFncEnabler.exe.reg.dat
07/16/2010 06:37 PM 5,935 tcpip.reg
2 File(s) 6,054 bytes

Total Files Listed:
24 File(s) 1,459,360 bytes
14 Dir(s) 15,852,949,504 bytes free

broni · 2010/07/16

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

===============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Log in or Sign up

Inactive Websites being redirected at random

DONGS Inactive Thread Starter

DONGS Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Websites being redirected at random

DONGS Inactive Thread Starter

DONGS Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

DONGS Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches