Jump to content

Recommended Posts

Hello lizear! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Please follow the intsructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

When you are ready, please post the log files in your next reply.

Link to post
Share on other sites

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_02

Run by User at 20:05:15 on 2011-11-18

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.308 [GMT 10:00]

.

FW: *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [NativePathUI] rundll32.exe "c:\documents and settings\user\local settings\application data\syswebpnp\NativePathUI.dll",HandlerCommslib BthNetspl

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [nwiz] nwiz.exe /install

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm

IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{05D7C269-3FCB-47F5-86BA-AAA88BFCB1F3} : DhcpNameServer = 192.168.1.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\vi6t6yip.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/cgi-bin/webcm?var%3Amain=menu&var%3Astyle=style5&getpage=%2Fusr%2Fwww_safe%2Fhtml%2Fdefs%2Fstyle5%2Fmenus%2Fmenu.html&errorpage=%2Fusr%2Fwww_safe%2Fhtml%2Fdefs%2Fstyle5%2Fmenus%2Fmenu.html&var%3Apagename=fwan&var%3Agetpagenext=&var%3Aerrorpagename=&var%3Amenu=advanced&var%3Amenutitle=Advanced&var%3Apagetitle=Port+Forwarding&var%3Apagemaster=fwan&var%3Aconid=connection0&var%3Alanip=192.168.1.3&var%3Anew=&var%3Arule=&var%3Acategory=categoryU&connection1%3Afwan%3Asettings%2Fping%2Fstate=&var%3Alangrp=lan0

FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\vi6t6yip.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\vi6t6yip.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

.

============= SERVICES / DRIVERS ===============

.

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-6-29 11264]

.

=============== Created Last 30 ================

.

2011-11-14 03:42:21 2 --shatr- c:\windows\winstart.bat

2011-11-12 05:54:25 -------- d-----w- c:\documents and settings\user\local settings\application data\SysWebpnp

2011-11-10 07:07:45 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc1A.tmp

2011-11-10 06:52:26 -------- d-----w- c:\program files\MozBackup

2011-11-10 06:14:04 -------- d-----w- c:\program files\Combined Community Codec Pack

2011-11-10 06:11:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

.

============= FINISH: 20:05:44.82 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 29-Jun-07 6:53:53 PM

System Uptime: 17-Nov-11 7:51:10 AM (37 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | VM900M

Processor: Intel® Pentium® D CPU 3.20GHz | Socket 775 | 3215/200mhz

Processor: Intel® Pentium® D CPU 3.20GHz | Socket 775 | 3215/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 99 GiB total, 84.625 GiB free.

D: is FIXED (NTFS) - 50 GiB total, 28.228 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: System Interrupt Controller

Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05

Manufacturer:

Name: System Interrupt Controller

PNP Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Beep

Device ID: ROOT\LEGACY_BEEP\0000

Manufacturer:

Name: Beep

PNP Device ID: ROOT\LEGACY_BEEP\0000

Service: Beep

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

ACDSee 8

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.0

Adobe Shockwave Player 11.5

ASUS Enhanced Display Driver

ASUS nVIDIA Driver

AutoUpdate

Combined Community Codec Pack 2011-07-30

ContentSAFER for Wizmax

DivX

EmoDio

EmoDio TTS Engine for AustralianEnglish-Karen

FlashGet 1.9.2.1028

Google Earth

High Definition Audio Driver Package - KB888111

iTunes

Java 6 Update 2

Microsoft .NET Framework 2.0

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office Professional Edition 2003

Microsoft Visual C++ 2005 Redistributable

MozBackup 1.5.1

Mozilla Firefox (3.0.17)

MSVCRT

MSXML 6.0 Parser

Nero 7 Essentials

NVIDIA Drivers

Platform

QuickTime

RealPlayer

Segoe UI

Update for Windows XP (KB911164)

Update for Windows XP (KB932823-v3)

VIA Platform Device Manager

VLC media player 1.0.0

WebFldrs XP

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format Runtime

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

14-Nov-11 12:00:35 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\Shockwave3dAsset\Shockwave 3d Asset.x32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:33 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\TextXtra\TextXtra.x32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:32 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\FontXtra\Font Xtra.x32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:30 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\SWA\SWASTRM.X32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:30 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\MacroMix\MacroMix.x32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:29 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\TextAsset\Text Asset.x32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:29 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\SWA\swadcmpr.x32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:29 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\AnimatedGIFAsset\Animated GIF Asset.X32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:28 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\PNGImportExport\PNG Import Export.x32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:28 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\MixServices\Mix Services.x32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:27 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\SoundImportExport\Sound Import Export.x32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:27 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\SoundControl\Sound Control.x32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:27 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\FontAsset\Font Asset.x32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:26 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .

14-Nov-11 12:00:26 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\DirectSound\DirectSound.x32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:26 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\User\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\BitmapFilters\BitmapFilters.x32. Reference error message: The operation completed successfully. .

14-Nov-11 12:00:26 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

.

==== End Of File ===========================

Link to post
Share on other sites

ComboFix 11-11-18.02 - User 19-Nov-11 10:13:21.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.766 [GMT 10:00]

Running from: c:\documents and settings\User\My Documents\My Received Files\ComboFix.exe

FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\User\Local Settings\Application Data\SysWebpnp\NativePathUI.dll

c:\windows\system32\muzapp.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))

.

.

2011-11-14 03:42 . 2011-11-14 03:42 2 --shatr- c:\windows\winstart.bat

2011-11-12 05:54 . 2011-11-19 00:15 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\SysWebpnp

2011-11-12 05:54 . 2011-11-12 05:54 -------- d-----w- c:\windows\Sun

2011-11-10 07:07 . 2011-11-10 07:07 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc1A.tmp

2011-11-10 06:52 . 2011-11-10 06:52 -------- d-----w- c:\program files\MozBackup

2011-11-10 06:14 . 2011-11-10 06:14 -------- d-----w- c:\program files\Combined Community Codec Pack

2011-11-10 06:11 . 2011-11-10 06:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]

"nwiz"="nwiz.exe" [2005-12-14 1519616]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-14 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-05-10 17:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2006-02-28 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2006-11-22 03:50 704512 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-09-10 07:40 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-07-11 18:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2007-06-29 10:48 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"iPod Service"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FlashGet\\FlashGet.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\vi6t6yip.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/cgi-bin/webcm?var%3Amain=menu&var%3Astyle=style5&getpage=%2Fusr%2Fwww_safe%2Fhtml%2Fdefs%2Fstyle5%2Fmenus%2Fmenu.html&errorpage=%2Fusr%2Fwww_safe%2Fhtml%2Fdefs%2Fstyle5%2Fmenus%2Fmenu.html&var%3Apagename=fwan&var%3Agetpagenext=&var%3Aerrorpagename=&var%3Amenu=advanced&var%3Amenutitle=Advanced&var%3Apagetitle=Port+Forwarding&var%3Apagemaster=fwan&var%3Aconid=connection0&var%3Alanip=192.168.1.3&var%3Anew=&var%3Arule=&var%3Acategory=categoryU&connection1%3Afwan%3Asettings%2Fping%2Fstate=&var%3Alangrp=lan0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-NativePathUI - c:\documents and settings\User\Local Settings\Application Data\SysWebpnp\NativePathUI.dll

MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe

MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-19 10:16

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-11-19 10:17:15

ComboFix-quarantined-files.txt 2011-11-19 00:17

.

Pre-Run: 91,384,274,944 bytes free

Post-Run: 91,550,363,648 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 9D6A8A5E86D4CCAD08DA9229C6F6B10A

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.