Google Redirect?

March 26, 2010 at 12:17:00
Specs: Windows XP
Hi, I think i've got some sort of virus on my computer, because when I search something in google, it comes up with the results page, except missing the usual adverts on the right. Also, it says that I am not signed in, but when I go on Google Docs, it shows that I am. Furthermore, when I try to go on the Firefox google, it says "Firefox has detected that the server is redirecting the request for this address in a way that will never complete."

Also, when I click one of the results, it opens in a new tab and redirects me to random pages and search engines. I've also go the same problem on my PS3 as well, even though I haven't transferred any files recently.

I've tried McAfee, Hitman Pro 3.5, malwarebytes, and SpywareTerminator, but with no results. McAfee picked up a trogan called 'Artemis', but I've still got the redirect problem.

Please can somebody help?

Thanks


See More: Google Redirect?

Report •


#1
March 26, 2010 at 14:10:45
Give Trojan Remover a try:

http://www.simplysup.com/tremover/d...

also, you may want to try combofix then if Trojan Remover won't clean it up. Be sure to follow the site instructions carefully:
http://www.bleepingcomputer.com/com...

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#2
March 26, 2010 at 14:14:12
Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.

Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your McAfee antivirus, SpywareTerminator and any other realtime antispyware that you may have must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#3
March 27, 2010 at 11:01:43
It won't let me post the message fopr some reason.

Report •

Related Solutions

#4
March 27, 2010 at 11:03:41

Report •

#5
March 27, 2010 at 11:10:05
Make the post in two segments, sound like the log is to large for one post. Some of the DDS logs a huge,

Report •

#6
March 27, 2010 at 11:58:41
DDS Log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Alex Zhang FBI at 10:51:58.59 on 27/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.127 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Documents and Settings\Alex Zhang FBI\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.youtube.com/index?gl=GB
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [MWLExe] c:\program files\mcafee\mwl\MWLGui.exe /Start
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HPUsageTracking] c:\program files\hp\hp ut\bin\hppusg.exe "c:\program files\hp\hp ut\"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alexzh~2\applic~1\mozilla\firefox\profiles\iq2jud8v.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-16 214664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-16 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-8-16 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-16 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-16 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-16 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-16 40552]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-16 606736]

=============== Created Last 30 ================

2010-03-26 21:19:26 0 d--h--w- c:\windows\PIF
2010-03-26 21:19:24 0 d-----w- c:\windows\SxsCaPendDel
2010-03-26 21:18:58 0 d-----w- c:\program files\Hitman Pro 3.5
2010-03-24 17:25:45 0 d-----w- c:\docume~1\alexzh~2\applic~1\JAM Software
2010-03-24 17:25:37 0 d-----w- c:\program files\JAM Software
2010-03-23 20:28:40 0 d-----w- c:\program files\Xiph.Org
2010-03-23 20:27:16 0 d-----w- c:\program files\Bonjour
2010-03-23 18:15:37 0 d-----w- c:\docume~1\alexzh~2\applic~1\Malwarebytes
2010-03-23 18:15:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-23 18:15:24 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 18:04:38 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-23 18:04:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-03-22 22:45:28 0 d-----w- C:\Combo-Fix
2010-03-22 20:07:11 0 d-sha-r- C:\cmdcons
2010-03-22 20:05:53 98816 ----a-w- c:\windows\sed.exe
2010-03-22 20:05:53 77312 ----a-w- c:\windows\MBR.exe
2010-03-22 20:05:53 261632 ----a-w- c:\windows\PEV.exe
2010-03-22 20:05:53 161792 ----a-w- c:\windows\SWREG.exe
2010-03-22 17:38:20 123 ----a-w- c:\windows\rootkitno.ini
2010-03-22 17:38:08 0 d-----w- C:\RootkitNO
2010-03-22 17:35:26 2 --shatr- c:\windows\winstart.bat
2010-03-22 17:34:07 0 d-----w- c:\program files\UnHackMe
2010-03-21 11:36:02 2493 ----a-w- c:\windows\system32\COMCTL32.DEP
2010-03-21 11:36:01 40960 ----a-w- c:\windows\system32\FXDV1to2.dll
2010-03-21 11:36:00 36734 ----a-w- c:\windows\system32\OggDSuninst.exe
2010-03-21 11:35:59 27136 ----a-w- c:\windows\system32\Dbgwproc.dll
2010-03-21 11:35:59 155648 ----a-w- c:\windows\system32\ExplorerTreeView.ocx
2010-03-21 11:35:58 36864 ----a-w- c:\windows\system32\FxPanel.ocx
2010-03-21 11:35:58 176128 ----a-w- c:\windows\system32\FxAniGif.ocx
2010-03-21 11:35:57 224016 ----a-w- c:\windows\system32\TabCtl32.ocx
2010-03-21 11:35:56 86016 ----a-w- c:\windows\system32\FxB11Ax1.ocx
2010-03-11 17:44:49 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-27 15:26:22 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-26 19:51:57 0 d-----w- c:\windows\pss
2010-02-26 19:32:29 0 d-----w- c:\docume~1\alexzh~2\applic~1\IObit
2010-02-26 19:32:24 0 d-----w- c:\program files\IObit
2010-02-26 19:15:31 0 d-----w- c:\docume~1\alexzh~2\applic~1\Youtube Downloader HD
2010-02-26 19:14:28 0 d-----w- c:\program files\Youtube Downloader HD
2010-02-26 17:36:59 0 d-----w- c:\program files\Audacity

==================== Find3M ====================

2010-03-22 20:08:42 47440 ----a-w- c:\docume~1\alexzh~2\applic~1\GDIPFONTCACHEV1.DAT
2010-02-18 11:35:50 42732 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-14 18:42:39 38780 ----a-w- c:\windows\fonts\carolingia.ttf
2010-02-14 11:05:48 60716 ----a-w- c:\windows\fonts\apple_boy_btn.ttf

============= FINISH: 10:52:27.89 ===============


Report •

#7
March 27, 2010 at 11:59:17
Attach Log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 16/08/2009 00:25:15
System Uptime: 27/03/2010 10:49:41 (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6577
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | Socket 478 | 2600/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 69 GiB total, 7.13 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is FIXED (FAT32) - 5 GiB total, 0.491 GiB free.
I: is CDROM ()
J: is CDROM ()
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_57701462&REV_02\3&13C0B0C5&0&EF
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_57701462&REV_02\3&13C0B0C5&0&EF
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_1797&DEV_6800&SUBSYS_00000000&REV_11\4&1A671D0C&0&50F0
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_1797&DEV_6800&SUBSYS_00000000&REV_11\4&1A671D0C&0&50F0
Service:

==== System Restore Points ===================

RP196: 08/03/2010 20:52:46 - System Checkpoint
RP197: 10/03/2010 18:57:25 - System Checkpoint
RP198: 11/03/2010 22:12:39 - Software Distribution Service 3.0
RP199: 13/03/2010 19:47:59 - System Checkpoint
RP200: 14/03/2010 20:08:19 - System Checkpoint
RP201: 15/03/2010 20:20:13 - System Checkpoint
RP202: 18/03/2010 21:02:48 - System Checkpoint
RP203: 19/03/2010 21:18:47 - System Checkpoint
RP204: 21/03/2010 11:14:32 - System Checkpoint
RP205: 22/03/2010 20:02:42 - System Checkpoint
RP206: 22/03/2010 20:21:41 - Removed Bonjour
RP207: 23/03/2010 19:46:01 - Removed QuickTime
RP208: 23/03/2010 20:22:33 - Installed QuickTime
RP209: 23/03/2010 20:27:11 - Installed Bonjour
RP210: 23/03/2010 23:05:44 - Installed AVG Free 9.0
RP211: 23/03/2010 23:46:02 - Restore Operation
RP212: 25/03/2010 18:25:33 - System Checkpoint
RP213: 26/03/2010 19:37:34 - System Checkpoint
RP214: 26/03/2010 21:21:26 - Restore Operation

==== Installed Programs ======================

ĀµTorrent
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Bonjour
Codec Pack - All In 1 6.0.3.0
Combined Community Codec Pack 2008-09-21 16:18
EPSON Printer Software
EPSON Scan
Free Video Converter V 1.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP LaserJet P1500 series
HP Proactive Services
HP Update
hppMSRedist
hppusgP1500
HPSSupply
HyperCam 2
iTunes
Java(TM) 6 Update 17
Macromedia Flash Player 8
MarketResearch
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.6.2pre)
MrvlUsgTracking
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Premium
NETGEAR WG311v3 802.11g Wireless PCI Adapter
Operating System Communication Components
QuickTime
Realtek AC'97 Audio
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Smart Defrag
Spelling Dictionaries Support For Adobe Reader 9
Synthesia (remove only)
TreeSize Free V2.4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Service Pack 2
WinRAR archiver
Xilisoft Video Converter Ultimate
Xiph.Org Ogg Codecs 0.82.16930 32-bit
Youtube Downloader HD v. 1.8.1

==== Event Viewer Messages From Past Week ========

27/03/2010 10:33:24, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
27/03/2010 10:33:24, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 000FB5858FEC has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
26/03/2010 21:09:18, error: Print [19] - Sharing printer failed + 1722, Printer HP LaserJet P1505 share name HP LaserJet P1505.
26/03/2010 21:08:54, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 000FB5858FEC has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
26/03/2010 20:12:07, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000FB5858FEC has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
26/03/2010 18:37:41, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000FB5858FEC. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
26/03/2010 18:31:52, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================


Report •

#8
March 27, 2010 at 11:59:56
ComboFix Log:

ComboFix 10-03-26.02 - Alex Zhang FBI 27/03/2010 10:56:44.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.198 [GMT 0:00]
Running from: c:\documents and settings\Alex Zhang FBI\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-26 21:19 . 2010-03-26 21:19 -------- d--h--w- c:\windows\PIF
2010-03-26 21:19 . 2010-03-26 21:19 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-26 21:18 . 2010-03-26 21:18 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-03-24 17:25 . 2010-03-24 17:25 -------- d-----w- c:\documents and settings\Alex Zhang FBI\Application Data\JAM Software
2010-03-24 17:25 . 2010-03-24 17:25 -------- d-----w- c:\program files\JAM Software
2010-03-23 20:28 . 2010-03-23 20:28 -------- d-----w- c:\program files\Xiph.Org
2010-03-23 20:27 . 2010-03-26 21:19 -------- d-----w- c:\program files\Bonjour
2010-03-23 20:22 . 2010-03-26 21:19 -------- d-----w- c:\program files\QuickTime
2010-03-23 18:15 . 2010-03-23 18:15 -------- d-----w- c:\documents and settings\Alex Zhang FBI\Application Data\Malwarebytes
2010-03-23 18:15 . 2010-03-23 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-23 18:15 . 2010-03-27 10:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 18:04 . 2010-03-26 18:30 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-23 18:04 . 2010-03-23 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-03-22 17:38 . 2010-03-22 17:38 -------- d-----w- C:\RootkitNO
2010-03-22 17:35 . 2010-03-22 17:35 2 --shatr- c:\windows\winstart.bat
2010-03-22 17:34 . 2010-03-26 21:18 -------- d-----w- c:\program files\UnHackMe
2010-03-21 11:36 . 2003-08-04 00:34 40960 ----a-w- c:\windows\system32\FXDV1to2.dll
2010-03-21 11:36 . 2005-01-12 19:34 36734 ----a-w- c:\windows\system32\OggDSuninst.exe
2010-03-21 11:35 . 1997-06-10 20:10 27136 ----a-w- c:\windows\system32\Dbgwproc.dll
2010-03-11 17:44 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-27 15:26 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-26 19:32 . 2010-02-26 19:32 -------- d-----w- c:\documents and settings\Alex Zhang FBI\Application Data\IObit
2010-02-26 19:32 . 2010-02-26 19:32 -------- d-----w- c:\program files\IObit
2010-02-26 19:15 . 2010-03-01 19:07 -------- d-----w- c:\documents and settings\Alex Zhang FBI\Application Data\Youtube Downloader HD
2010-02-26 19:14 . 2010-02-26 19:15 -------- d-----w- c:\program files\Youtube Downloader HD
2010-02-26 18:40 . 2010-02-26 18:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-02-26 17:36 . 2010-02-26 17:37 -------- d-----w- c:\program files\Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 21:18 . 2009-10-29 12:45 -------- d-----w- c:\program files\DivX
2010-03-26 21:18 . 2009-08-16 17:19 -------- d-----w- c:\program files\GetGo Software
2010-03-26 21:17 . 2009-08-16 18:14 -------- d-----w- c:\documents and settings\Alex Zhang FBI\Application Data\uTorrent
2010-03-23 19:37 . 2009-08-27 20:13 -------- d-----w- c:\documents and settings\Alex Zhang FBI\Application Data\vlc
2010-03-23 16:46 . 2009-08-16 00:27 -------- d-----w- c:\program files\McAfee
2010-03-22 19:35 . 2009-08-16 07:47 47840 ----a-w- c:\documents and settings\Alex Zhang FBI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-21 11:37 . 2010-01-31 10:54 -------- d-----w- c:\documents and settings\Alex Zhang FBI\Application Data\GetRightToGo
2010-03-12 16:15 . 2009-08-16 18:14 -------- d-----w- c:\program files\uTorrent
2010-02-18 11:59 . 2010-02-18 10:20 -------- d-----w- c:\documents and settings\Alex Zhang FBI\Application Data\Apple Computer
2010-02-18 11:35 . 2010-02-18 11:35 42732 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-18 11:23 . 2010-02-18 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-18 10:19 . 2010-02-18 10:16 -------- d-----w- c:\program files\iTunes
2010-02-18 10:19 . 2010-02-18 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-18 10:17 . 2010-02-18 10:17 -------- d-----w- c:\program files\iPod
2010-02-18 10:17 . 2010-02-18 10:09 -------- d-----w- c:\program files\Common Files\Apple
2010-02-18 10:16 . 2010-02-18 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-18 10:12 . 2010-02-18 10:12 -------- d-----w- c:\program files\Apple Software Update
2010-02-14 20:03 . 2010-02-14 20:03 -------- d-----w- c:\documents and settings\Alex Zhang FBI\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-02-14 20:02 . 2010-02-14 20:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-14 20:00 . 2010-02-14 20:02 38784 ----a-w- c:\documents and settings\Alex Zhang FBI\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-14 20:00 . 2010-02-14 20:02 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-31 11:44 . 2010-01-31 11:04 -------- d-----w- c:\documents and settings\Alex Zhang FBI\Application Data\Xilisoft Corporation
2010-01-31 11:43 . 2010-01-31 11:43 -------- d-----w- c:\program files\Xilisoft
2010-01-31 10:58 . 2009-12-02 20:57 -------- d-----w- c:\program files\Pcsx2
2010-01-22 19:51 . 2010-01-22 19:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2009-12-31 16:14 . 2001-08-23 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-22_20.14.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 20:54 . 2009-07-11 20:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 20:32 . 2009-07-11 20:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 20:32 . 2009-07-11 20:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 20:32 . 2009-07-11 20:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 20:32 . 2009-07-11 20:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 20:32 . 2009-07-11 20:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 20:32 . 2009-07-11 20:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 20:32 . 2009-07-11 20:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 20:32 . 2009-07-11 20:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 20:32 . 2009-07-11 20:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 01:07 . 2009-07-12 01:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 01:19 . 2009-07-12 01:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2010-03-27 10:50 . 2010-03-27 10:50 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat
+ 2008-12-12 11:11 . 2008-12-12 11:11 65536 c:\windows\system32\jdns_sd.dll
+ 2009-08-15 23:25 . 2010-03-27 09:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-15 23:25 . 2010-03-22 16:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-15 23:25 . 2010-03-22 16:24 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-03-22 21:19 . 2010-03-27 09:56 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-02-18 10:15 . 2010-02-18 10:15 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2010-03-23 20:27 . 2010-03-23 20:27 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2010-03-23 23:05 . 2010-03-23 23:05 424448 c:\windows\Installer\15ac1ef.msi
+ 2009-07-11 20:46 . 2009-07-11 20:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 20:46 . 2009-07-11 20:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2010-03-23 20:27 . 2010-03-23 20:27 1659392 c:\windows\Installer\c67fb4.msi
+ 2010-03-23 20:23 . 2010-03-23 20:24 9473024 c:\windows\Installer\c67faf.msi
+ 2010-03-23 23:37 . 2010-03-26 21:19 11140940 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"MWLExe"="c:\program files\Mcafee\MWL\MWLGui.exe" [2007-07-28 1279336]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [16/08/2009 17:18 93320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-08-16 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2001-08-23 23:56]

2009-08-16 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-08-16 11:22]

2010-03-22 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-02-26 15:30]

2010-03-27 c:\windows\Tasks\User_Feed_Synchronization-{375D2D95-65BE-4121-A268-49987DBEDDF5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/index?gl=GB
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alex Zhang FBI\Application Data\Mozilla\Firefox\Profiles\iq2jud8v.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 11:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-27 11:05:41
ComboFix-quarantined-files.txt 2010-03-27 11:05
ComboFix2.txt 2010-03-22 20:16

Pre-Run: 9,405,120,512 bytes free
Post-Run: 9,625,165,824 bytes free

- - End Of File - - 5979990816443AC373D9E317B463E0B1


Report •

#9
March 27, 2010 at 12:28:49
That log is clean, do you have a windows or reinstall cd. Do you have more than one way of getting online?

Report •

#10
March 27, 2010 at 12:59:04
I can reinstall windows, but I don't want to because of all the files that i've got to back up. This problem has been on my PC, PS3 and iPod Touch as well. Do you think it could be something to do with the network? Some sort of Virus maybe? Sorry, I'm a bit nooby so i'm not sure about this kind of stuff.

Report •

#11
March 27, 2010 at 13:36:14
It may just be the router but could be a driver for a bus that the nic network card operates on. If possible unplug from your router if you have one and run straight from the computer to the modem, if it runs ok that will let you know if it is an infected router. If the router is infected it will need to be reset to wipe it clean. Get the mfg name and model and get online and look for reset instructions.

If do not

If that is not the prob we may need to reload some files from a cd.


Report •

#12
March 27, 2010 at 13:59:14
Ok thanks for your time and help. I might just have to reinstall windows or get a new internet thingy (sorry i'm not too good with technical terms).

Report •

#13
March 27, 2010 at 16:42:59
What I am saying is that reinstalling windows may not help. If it is the router it will have nothing to do with the computer. A router can be infected and cause the same symptoms then reinfect the computer over a short period of time.

So if all your gadgets, PC, PS3 and iPod Touch, are going through the infected router they would appear infected.

The simplest way to find out is to reset the router as mentioned earlier.


Report •

#14
March 28, 2010 at 11:04:30
How do you reset the router? Sorry, I know You've said it before but i'm not sure how. (I'm using a wireless network)

Report •

#15
March 28, 2010 at 11:06:11
Also, it's become worse, because now, when I go onto the Youtube home page, it comes up, then disappears again and seems to be loading another page that takes forever and never comes up. This is also happening on google sites as well. I keep having to click cancel at the right moment after the page loads and before it redirects. It's really frustrating.

Report •

#16
March 28, 2010 at 14:20:20
Your router is the box that transmit the signal to your computers. Get the mfg name and model and get online and look for reset instructions.

Who set up all the equipment you have...computer, ipod and PS3 ...they should be able to help you reset the router.


Report •

#17
March 29, 2010 at 08:27:43
Ok, I'll get them to help. I've also noticed that if you type http://www.google.com/search?q= and the search object, it comes up normally. Thanks for your time and help anyway, it was really appreciated.

Report •


Ask Question