|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
||||
|
||||
Trojan.Downloader viruses and more
I have had no luck removing whatever viruses i have. I have AVG Free. I have run adaware, ccleaner, spybot, panda activescan, avg spyware remover, avg antivirus, and i need help. I have included my hijack this logfile.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:27:04 PM, on 3/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe C:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\IMSafer\bin\imsc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Lexmark 2300 Series\lxcgmon.exe C:\Program Files\Lexmark 2300 Series\ezprint.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\GamingSquared\Gaming2\G2.exe C:\WINDOWS\system32\lxcgcoms.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\regedit.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 F2 - REG:system.ini: Shell= O2 - BHO: (no name) - Software - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - C:\Program Files\GamingSquared\Gaming2\G2IE_v1041.dll O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [G2] "C:\Program Files\GamingSquared\Gaming2\G2.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\RunOnce: [avp6_post_install] msiexec.exe /i"c:\kav\kav7\kav.en.msi" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - SOFTWARE - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Baby%20Luv/Images/stg_drm.ocx O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1206509053046 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Baby%20Luv/Images/armhelper.ocx O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47...s/wwspades.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B557CEC6-7D4D-4A1A-8B34-A9D00C0D12A4}: NameServer = 85.255.116.82,85.255.112.88 O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C1B117-3681-43BC-8EA0-E357B07EEE8B}: NameServer = 85.255.116.82,85.255.112.88 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMSafer (ImSaferService) - IMSafer, Inc. - C:\Program Files\IMSafer\bin\imsc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe -- End of file - 11223 bytes |
#2
|
||||
|
||||
Welcome to CTH hstuff112,
There is some serious infeciton activity still showing on this system. I see you have also started a new request for a different computer, but experience tells us it just is not a good idea to work two at once. However that other is not a malware issue, so be sure to place your energies here. First off you have SpyHunter installed. This is little better than rogue software now, well known for what borders on false advertising of suggesting a specific infection's tool download, only to stick the person with a full install of SpyHunter. And then mandating payment for any "cleaning" it might do. And, as many soon find out if they pay the price, that cleaning is not very much at all. You will want to uninstall this through Add/Remove Programs, including any listings for Enigma Software that might show there. Once you have done that follow the steps here to disable SpyBot's TeaTimer, as it will interfere with the repairs. Then To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download ComboFix.exe from here to your desktop. Then temporarily disable your net access (if cable/dsl, disconnect the cable, and for dial-up the phone line), and click the downloaded file to run the repair. When starting ComboFix will cause your computer's internal speakers to produce two beeps, and during the start process display two warnings. These are intended to discourage people who are not getting help in the forum from just experimenting with tools they do not understand. Just to inform you so you will understand that the procedures are expected, and okay. ComboFix will also change the drive autoplay settings there as it's own added security measure. When we have completed all repairs here we will return the default Windows settings. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop, however given the infection there ComboFix will likely cause a reboot in order to complete it's repairs. (ComboFix will also disable any screensaver settings made, so know that at some point when we complete repairs you will need to reset your screensaver) Re-enable net access, and post back the C:\ComboFix.txt log as well as a new HijackThis log please. |
#3
|
||||
|
||||
Thank you for replying here are my logs:
ComboFix 08-03-27.5 - Tami and Nick 2008-03-29 9:47:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.419 [GMT -5:00] Running from: C:\Documents and Settings\Tami and Nick\Local Settings\Temporary Internet Files\Content.IE5\A8V5915Y\ComboFix[1].exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . -- Script messages for sUBs -- VFind "C:\Program Files\Real\????.dll" ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\Documents and Settings\Anyone\err.log C:\Program Files\GamesBar\oberontb.dll D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_npf ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))) . 2008-03-28 17:10 . 2008-03-28 17:10 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Saved Games 2008-03-28 13:52 . 2008-03-28 13:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\GamesBar 2008-03-27 20:27 . 2008-03-29 09:47 <DIR> d----c--- C:\Program Files\GamesBar 2008-03-27 20:26 . 2008-03-27 21:15 <DIR> d----c--- C:\Program Files\Oberon Media 2008-03-27 20:26 . 2008-03-27 20:26 <DIR> d----c--- C:\Program Files\Common Files\Oberon Media 2008-03-27 00:11 . 2008-03-27 00:11 <DIR> d----c--- C:\Program Files\AnalogX 2008-03-26 23:26 . 2008-03-26 23:26 <DIR> d----c--- C:\Program Files\Trend Micro 2008-03-26 22:38 . 2008-03-26 22:38 <DIR> d----c--- C:\kav 2008-03-26 22:37 . 2008-03-29 09:43 <DIR> d----c--- C:\Program Files\Enigma Software Group 2008-03-26 00:22 . 2008-03-26 00:26 <DIR> d----c--- C:\Program Files\Windows Live Safety Center 2008-03-25 08:07 . 2008-03-25 08:07 <DIR> d----c--- C:\Program Files\MyPublisher 2008-03-25 08:07 . 2008-03-25 08:07 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\MyPublisher 2008-03-19 23:27 . 2008-03-19 23:27 <DIR> d----c--- C:\Program Files\Supple 2008-03-19 23:19 . 2008-03-19 23:19 <DIR> d----c--- C:\Program Files\Age or Castles 2008-03-16 22:32 . 2008-03-16 22:32 196,608 --a--c--- C:\6B.tmp 2008-03-16 00:55 . 2008-03-16 00:55 196,608 --a--c--- C:\13E0.tmp 2008-03-15 23:40 . 2008-03-15 23:40 <DIR> d----c--- C:\Program Files\Lavasoft 2008-03-15 23:40 . 2008-03-15 23:41 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-15 23:31 . 2008-03-15 23:31 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\Lavasoft 2008-03-15 23:13 . 2008-03-15 23:11 691,545 --a--c--- C:\WINDOWS\unins000.exe 2008-03-15 23:13 . 2008-03-15 23:13 2,554 --a--c--- C:\WINDOWS\unins000.dat 2008-03-15 22:47 . 2008-03-15 22:47 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\PC Suite 2008-03-15 10:17 . 2008-03-15 10:17 <DIR> d----c--- C:\WINDOWS\PaltalkScene 2008-03-15 10:17 . 2008-03-15 12:35 <DIR> d----c--- C:\Program Files\Paltalk Messenger 2008-03-14 16:00 . 2008-03-14 16:00 156,910 --a--c--- C:\WINDOWS\WMSysPr8.prx 2008-03-14 11:50 . 2008-03-14 11:50 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\Syntrillium 2008-03-14 11:49 . 2001-10-19 14:40 1,683,792 --a--c--- C:\WINDOWS\system32\wmvcore2.dll 2008-03-14 11:49 . 2001-10-19 14:40 665,424 --a--c--- C:\WINDOWS\system32\wmv8dmoe.dll 2008-03-14 11:49 . 2001-10-19 14:39 572,752 --a--c--- C:\WINDOWS\system32\wmvdmoe.dll 2008-03-14 11:49 . 2001-10-19 02:05 285,184 --a--c--- C:\WINDOWS\system32\wmidx2.ocx 2008-03-14 11:43 . 2008-03-14 11:43 <DIR> d----c--- C:\Downloads 2008-03-14 11:43 . 2008-03-14 11:45 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\GetRightToGo 2008-03-14 11:39 . 2008-03-14 11:39 <DIR> d----c--- C:\WINDOWS\Freecorder Toolbar 2008-03-14 11:39 . 2008-03-15 22:34 <DIR> d----c--- C:\Program Files\Freecorder 2008-03-10 18:15 . 2006-10-03 07:58 94 --a--c--- C:\WINDOWS\awshkwv.ini 2008-03-09 17:24 . 2008-03-15 22:32 <DIR> d----c--- C:\Program Files\WestWard 2008-03-09 17:24 . 2008-03-09 17:24 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-03-09 17:21 . 2008-03-19 23:22 <DIR> d----c--- C:\GameFools 2008-03-09 12:19 . 2008-03-09 12:45 <DIR> d----c--- C:\Program Files\Kitty Luv 2008-03-08 16:17 . 2008-03-28 23:36 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-08 15:41 . 2008-03-27 20:48 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\PlayFirst 2008-03-08 15:41 . 2008-03-27 20:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-03-07 23:00 . 2008-03-07 23:00 <DIR> d----c--- C:\Program Files\Gogii Games 2008-03-07 22:56 . 2008-03-07 22:56 <DIR> d----c--- C:\Program Files\ReflexiveArcade 2008-03-06 23:20 . 2008-03-06 23:20 <DIR> d--hsc--- C:\WINDOWS\ftpcache 2008-03-06 23:20 . 2008-03-06 23:20 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\Total Eclipse 2008-03-06 23:18 . 2008-03-14 18:43 <DIR> d----c--- C:\My Games 2008-03-06 23:17 . 2008-03-14 18:43 <DIR> d----c--- C:\My Download Files 2008-03-06 23:15 . 2008-03-06 23:15 774,144 --a--c--- C:\Program Files\RngInterstitial.dll 2008-03-06 23:05 . 2008-03-06 23:05 <DIR> d----c--- C:\Program Files\Free Offers from Freeze.com 2008-03-06 23:05 . 2008-03-06 23:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\GamingSquared 2008-03-06 23:04 . 2008-03-06 23:04 <DIR> d----c--- C:\Program Files\GamingSquared 2008-02-29 18:40 . 2008-02-29 18:40 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\MySpace . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-03-27 04:44 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\MP3Rocket 2008-03-27 03:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-26 20:15 --------- dc----w C:\Program Files\JockerSoft 2008-03-26 15:52 --------- dc----w C:\Program Files\Spybot - Search & Destroy 2008-03-26 15:38 --------- dc----w C:\Program Files\Lexmark 2300 Series 2008-03-26 14:56 --------- dc----w C:\Program Files\Common Files\LightScribe 2008-03-26 13:00 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\AVG7 2008-03-26 01:50 --------- dc----w C:\Program Files\Lx_cats 2008-03-25 01:10 --------- dc----w C:\Program Files\Java 2008-03-22 04:49 --------- dc----w C:\Documents and Settings\Anyone\Application Data\MP3Rocket 2008-03-21 23:54 --------- dc----w C:\Program Files\Ea games 2008-03-17 04:25 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-16 15:58 --------- dc----w C:\Program Files\Common Files\Symantec Shared 2008-03-16 15:52 --------- dc----w C:\Program Files\Norton SystemWorks 2008-03-16 04:40 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-16 04:10 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-16 03:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-03-15 17:35 --------- dc----w C:\Program Files\LimeWire 2008-03-14 19:28 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\LimeWire 2008-03-12 13:00 --------- dc----w C:\Documents and Settings\Anyone\Application Data\AVG7 2008-03-09 14:47 --------- dc----w C:\Program Files\Yahoo! Games 2008-03-08 02:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\Gogii 2008-03-08 01:18 --------- dc----w C:\Program Files\MySpace 2008-03-08 01:16 --------- dc----w C:\Program Files\Common Files\EarthLink 2008-03-07 04:15 --------- dc----w C:\Program Files\Real 2008-03-07 04:15 --------- dc----w C:\Program Files\Common Files\Real 2008-03-07 04:05 --------- dc----w C:\Program Files\Freeze.com 2008-02-29 22:17 --------- dc----w C:\Program Files\Yahoo! 2008-02-29 19:28 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\EarthLink 2008-02-13 06:07 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\AdobeUM 2008-02-13 02:02 --------- dc----w C:\Program Files\MP3 Rocket 2008-02-10 20:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-02-10 20:42 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-02-10 16:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Trymedia 2008-02-07 23:43 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\InterVideo 2008-02-07 08:17 --------- dc-h--r C:\Documents and Settings\Tami and Nick\Application Data\yahoo! 2008-02-05 03:01 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\ScamBlocker 2008-02-01 05:39 --------- dc----w C:\Program Files\FrostWire 2008-01-28 03:15 --------- dc----w C:\Program Files\John Deere American Farmer Deluxe 2007-07-01 04:02 10,073 -c--a-w C:\Program Files\X-RayPc.log 2004-10-26 03:54 332,024 -c--a-w C:\Program Files\x-raypc.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971F630E-AD68-4d6e-B0C3-1C627AAC80F1}] 2008-02-07 16:10 635392 --a--c--- C:\Program Files\GamingSquared\Gaming2\G2IE_v1041.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-27 21:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 18:13 3810544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-09-21 05:20 127036] "LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\LXCGtime.dll" [2005-07-20 12:48 73728] "lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 01:07 200704] "EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 07:05 94208] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCh eck.exe" [2003-11-10 16:06 406016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "G2"="C:\Program Files\GamingSquared\Gaming2\G2.exe" [2008-02-07 16:10 1215152] "QuickTime Task"="C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" [2007-06-29 06:24 286720] C:\Documents and Settings\Anyone\Start Menu\Programs\Startup\ MP3 Rocket (Minimized).lnk - C:\Program Files\MP3 Rocket\MP3Rocket.exe [2007-11-13 12:27:06 116224] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadWaveRun] --a--c--- 2007-07-27 00:27 401412 C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2006-02-27 21:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2007-07-31 18:44 271672 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2007-06-29 06:24 286720 C:\Program Files\Ringz Studio\Storm Codec\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordPadRun] --a--c--- 2007-07-27 00:27 512004 C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymKeepAlive] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Speed Disk service"=2 (0x2) "SNDSrvc"=3 (0x3) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "PCA"=2 (0x2) "navapsvc"=3 (0x3) "iPod Service"=3 (0x3) "dopewars-server"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\IMSafer\\bin\\imsc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support R2 BroadWaveService;BroadWave Service;"C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe" -service [] R2 EarthLinkMonitor;EarthLink Monitor Service;"C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe" [2005-01-26 12:47] R2 ImSaferService;IMSafer;C:\Program Files\IMSafer\bin\imsc.exe [2007-09-21 15:23] R3 WPRO_40_755;WinPcap Packet Driver (WPRO_40_755);C:\WINDOWS\system32\drivers\WPRO_40_ 755.sys [] S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2N DIS5.sys [2004-11-01 15:16] S3 XDva002;XDva002;C:\WINDOWS\system32\XDva002.sys [] S4 dopewars-server;dopewars server;C:\Program Files\dopewars-1.5.12\dopewars.exe [2007-04-05 12:08] . Contents of the 'Scheduled Tasks' folder "2008-03-24 13:36:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-29 14:57:12 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-03-27 08:00:00 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-29 09:58:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\WPRO_40_755woem.tmp 101136 bytes executable scan completed successfully hidden files: 1 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe C:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\lxcgcoms.exe C:\Program Files\Logitech\Video\FxSvr2.exe . ************************************************** ************************ . Completion time: 2008-03-29 10:04:40 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-29 15:04:38 ComboFix2.txt 2007-12-13 02:34:22 Pre-Run: 522,711,040 bytes free Post-Run: 1,767,956,480 bytes free . 2008-03-12 08:02:39 --- E O F --- |
#4
|
||||
|
||||
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:45 AM, on 3/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe C:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\IMSafer\bin\imsc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Lexmark 2300 Series\lxcgmon.exe C:\Program Files\Lexmark 2300 Series\ezprint.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\lxcgcoms.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\GamingSquared\Gaming2\G2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: (no name) - Software - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - C:\Program Files\GamingSquared\Gaming2\G2IE_v1041.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file) O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [G2] "C:\Program Files\GamingSquared\Gaming2\G2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - SOFTWARE - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Baby%20Luv/Images/stg_drm.ocx O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1206509053046 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Baby%20Luv/Images/armhelper.ocx O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47...s/wwspades.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B557CEC6-7D4D-4A1A-8B34-A9D00C0D12A4}: NameServer = 85.255.116.82,85.255.112.88 O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C1B117-3681-43BC-8EA0-E357B07EEE8B}: NameServer = 85.255.116.82,85.255.112.88 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMSafer (ImSaferService) - IMSafer, Inc. - C:\Program Files\IMSafer\bin\imsc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe -- End of file - 9862 bytes |
#5
|
||||
|
||||
I can tell by the log reference to TryMedia and freeze.com that there are quite a few adware bundled game/software installs there, so once we get this next bit of repairs completed, we need to check installed software before our next moves.
Please download FixWareout from here Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin, just follow the prompts. If your firewall sends an alert, please don't let your firewall block it, allow it (this tool will download an additional file from the internet). Note: You must must be online to run this utility Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load, this is normal. Once your desktop loads, notepad will open a report.txt file. Close this, and allow the reboot to complete. On reboot you will also get notified about possible difficulties making a connection after the fix is run. If you do have net access difficulties double click the registry file dnsbak.reg located in the Fixwareout folder on the root of the drive windows is installed (normally c:\ as suggested). Once your desktop loads, please post the contents of the logfile C:\fixwareout\report.txt along with a new ComboFix log and new HijackThis log. Also open Hijackthis. Click Config - Misc Tools - Open Uninstall Manager. A list of the entries in Add/Remove programs will appear. Click on Save List... The list will be saved as 'Uninstall_list.txt' Copy & Paste the contents back here for review. Quite a few log files so use extra posts as needed. |
#6
|
||||
|
||||
ComboFix 08-04-01.2 - Tami and Nick 2008-04-02 15:25:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.489 [GMT -5:00] Running from: C:\Documents and Settings\Tami and Nick\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . TimedOut: progfile.dat ((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))) . 2008-04-02 15:19 . 2008-04-02 15:19 101,136 --a--c--- C:\WINDOWS\system32\WPRO_40_755woem.tmp 2008-04-02 08:36 . 2008-04-02 08:42 <DIR> d----c--- C:\fixwareout 2008-03-29 09:46 . 2008-03-29 10:04 <DIR> d----c--- C:\ComboFix[1] 2008-03-28 17:10 . 2008-03-28 17:10 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Saved Games 2008-03-28 13:52 . 2008-03-28 13:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\GamesBar 2008-03-27 20:27 . 2008-03-29 09:47 <DIR> d----c--- C:\Program Files\GamesBar 2008-03-27 20:26 . 2008-03-27 21:15 <DIR> d----c--- C:\Program Files\Oberon Media 2008-03-27 20:26 . 2008-03-27 20:26 <DIR> d----c--- C:\Program Files\Common Files\Oberon Media 2008-03-27 00:11 . 2008-03-27 00:11 <DIR> d----c--- C:\Program Files\AnalogX 2008-03-26 23:26 . 2008-03-26 23:26 <DIR> d----c--- C:\Program Files\Trend Micro 2008-03-26 22:38 . 2008-03-26 22:38 <DIR> d----c--- C:\kav 2008-03-26 22:37 . 2008-03-29 09:43 <DIR> d----c--- C:\Program Files\Enigma Software Group 2008-03-26 00:22 . 2008-03-26 00:26 <DIR> d----c--- C:\Program Files\Windows Live Safety Center 2008-03-25 08:07 . 2008-03-25 08:07 <DIR> d----c--- C:\Program Files\MyPublisher 2008-03-25 08:07 . 2008-03-25 08:07 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\MyPublisher 2008-03-19 23:27 . 2008-03-19 23:27 <DIR> d----c--- C:\Program Files\Supple 2008-03-19 23:19 . 2008-03-19 23:19 <DIR> d----c--- C:\Program Files\Age or Castles 2008-03-16 22:32 . 2008-03-16 22:32 196,608 --a--c--- C:\6B.tmp 2008-03-16 00:55 . 2008-03-16 00:55 196,608 --a--c--- C:\13E0.tmp 2008-03-15 23:40 . 2008-03-15 23:40 <DIR> d----c--- C:\Program Files\Lavasoft 2008-03-15 23:40 . 2008-03-15 23:41 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-15 23:31 . 2008-03-15 23:31 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\Lavasoft 2008-03-15 23:13 . 2008-03-15 23:11 691,545 --a--c--- C:\WINDOWS\unins000.exe 2008-03-15 23:13 . 2008-03-15 23:13 2,554 --a--c--- C:\WINDOWS\unins000.dat 2008-03-15 22:47 . 2008-03-15 22:47 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\PC Suite 2008-03-15 10:17 . 2008-03-15 10:17 <DIR> d----c--- C:\WINDOWS\PaltalkScene 2008-03-15 10:17 . 2008-03-15 12:35 <DIR> d----c--- C:\Program Files\Paltalk Messenger 2008-03-14 16:00 . 2008-03-14 16:00 156,910 --a--c--- C:\WINDOWS\WMSysPr8.prx 2008-03-14 11:50 . 2008-03-14 11:50 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\Syntrillium 2008-03-14 11:49 . 2001-10-19 14:40 1,683,792 --a--c--- C:\WINDOWS\system32\wmvcore2.dll 2008-03-14 11:49 . 2001-10-19 14:40 665,424 --a--c--- C:\WINDOWS\system32\wmv8dmoe.dll 2008-03-14 11:49 . 2001-10-19 14:39 572,752 --a--c--- C:\WINDOWS\system32\wmvdmoe.dll 2008-03-14 11:49 . 2001-10-19 02:05 285,184 --a--c--- C:\WINDOWS\system32\wmidx2.ocx 2008-03-14 11:43 . 2008-03-14 11:43 <DIR> d----c--- C:\Downloads 2008-03-14 11:43 . 2008-03-14 11:45 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\GetRightToGo 2008-03-14 11:39 . 2008-03-14 11:39 <DIR> d----c--- C:\WINDOWS\Freecorder Toolbar 2008-03-14 11:39 . 2008-03-15 22:34 <DIR> d----c--- C:\Program Files\Freecorder 2008-03-10 18:15 . 2006-10-03 07:58 94 --a--c--- C:\WINDOWS\awshkwv.ini 2008-03-09 17:24 . 2008-03-15 22:32 <DIR> d----c--- C:\Program Files\WestWard 2008-03-09 17:24 . 2008-03-09 17:24 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-03-09 17:21 . 2008-03-19 23:22 <DIR> d----c--- C:\GameFools 2008-03-09 12:19 . 2008-03-09 12:45 <DIR> d----c--- C:\Program Files\Kitty Luv 2008-03-08 16:17 . 2008-03-31 15:25 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-08 15:41 . 2008-03-27 20:48 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\PlayFirst 2008-03-08 15:41 . 2008-03-27 20:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-03-07 23:00 . 2008-03-07 23:00 <DIR> d----c--- C:\Program Files\Gogii Games 2008-03-07 22:56 . 2008-03-07 22:56 <DIR> d----c--- C:\Program Files\ReflexiveArcade 2008-03-06 23:20 . 2008-03-06 23:20 <DIR> d--hsc--- C:\WINDOWS\ftpcache 2008-03-06 23:20 . 2008-03-06 23:20 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\Total Eclipse 2008-03-06 23:18 . 2008-03-14 18:43 <DIR> d----c--- C:\My Games 2008-03-06 23:17 . 2008-03-14 18:43 <DIR> d----c--- C:\My Download Files 2008-03-06 23:15 . 2008-03-06 23:15 774,144 --a--c--- C:\Program Files\RngInterstitial.dll 2008-03-06 23:05 . 2008-03-06 23:05 <DIR> d----c--- C:\Program Files\Free Offers from Freeze.com 2008-03-06 23:05 . 2008-03-06 23:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\GamingSquared 2008-03-06 23:04 . 2008-03-06 23:04 <DIR> d----c--- C:\Program Files\GamingSquared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-04-01 04:00 --------- dc----w C:\Program Files\MP3 Rocket 2008-04-01 03:09 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\MP3Rocket 2008-03-31 20:32 --------- dc----w C:\Program Files\Lx_cats 2008-03-27 03:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-26 20:15 --------- dc----w C:\Program Files\JockerSoft 2008-03-26 15:52 --------- dc----w C:\Program Files\Spybot - Search & Destroy 2008-03-26 15:38 --------- dc----w C:\Program Files\Lexmark 2300 Series 2008-03-26 14:56 --------- dc----w C:\Program Files\Common Files\LightScribe 2008-03-26 13:00 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\AVG7 2008-03-25 01:10 --------- dc----w C:\Program Files\Java 2008-03-22 04:49 --------- dc----w C:\Documents and Settings\Anyone\Application Data\MP3Rocket 2008-03-21 23:54 --------- dc----w C:\Program Files\Ea games 2008-03-17 04:25 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-16 15:58 --------- dc----w C:\Program Files\Common Files\Symantec Shared 2008-03-16 15:52 --------- dc----w C:\Program Files\Norton SystemWorks 2008-03-16 04:40 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-16 04:10 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-16 03:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-03-15 17:35 --------- dc----w C:\Program Files\LimeWire 2008-03-14 19:28 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\LimeWire 2008-03-12 13:00 --------- dc----w C:\Documents and Settings\Anyone\Application Data\AVG7 2008-03-09 14:47 --------- dc----w C:\Program Files\Yahoo! Games 2008-03-08 02:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\Gogii 2008-03-08 01:18 --------- dc----w C:\Program Files\MySpace 2008-03-08 01:16 --------- dc----w C:\Program Files\Common Files\EarthLink 2008-03-07 04:15 --------- dc----w C:\Program Files\Real 2008-03-07 04:15 --------- dc----w C:\Program Files\Common Files\Real 2008-03-07 04:05 --------- dc----w C:\Program Files\Freeze.com 2008-02-29 23:40 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\MySpace 2008-02-29 22:17 --------- dc----w C:\Program Files\Yahoo! 2008-02-29 19:28 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\EarthLink 2008-02-13 06:07 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\AdobeUM 2008-02-10 20:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-02-10 20:42 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-02-10 16:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Trymedia 2008-02-07 23:43 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\InterVideo 2008-02-07 08:17 --------- dc-h--r C:\Documents and Settings\Tami and Nick\Application Data\yahoo! 2008-02-05 03:01 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\ScamBlocker 2007-07-01 04:02 10,073 -c--a-w C:\Program Files\X-RayPc.log 2004-10-26 03:54 332,024 -c--a-w C:\Program Files\x-raypc.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971F630E-AD68-4d6e-B0C3-1C627AAC80F1}] 2008-02-07 16:10 635392 --a--c--- C:\Program Files\GamingSquared\Gaming2\G2IE_v1041.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-27 21:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 18:13 3810544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-09-21 05:20 127036] "LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\LXCGtime.dll" [2005-07-20 12:48 73728] "lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 01:07 200704] "EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 07:05 94208] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCh eck.exe" [2003-11-10 16:06 406016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "G2"="C:\Program Files\GamingSquared\Gaming2\G2.exe" [2008-02-07 16:10 1215152] "QuickTime Task"="C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" [2007-06-29 06:24 286720] C:\Documents and Settings\Anyone\Start Menu\Programs\Startup\ MP3 Rocket (Minimized).lnk - C:\Program Files\MP3 Rocket\MP3Rocket.exe [2007-11-13 12:27:06 116224] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadWaveRun] --a--c--- 2007-07-27 00:27 401412 C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2006-02-27 21:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2007-07-31 18:44 271672 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2007-06-29 06:24 286720 C:\Program Files\Ringz Studio\Storm Codec\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordPadRun] --a--c--- 2007-07-27 00:27 512004 C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymKeepAlive] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Speed Disk service"=2 (0x2) "SNDSrvc"=3 (0x3) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "PCA"=2 (0x2) "navapsvc"=3 (0x3) "iPod Service"=3 (0x3) "dopewars-server"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\IMSafer\\bin\\imsc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support R2 BroadWaveService;BroadWave Service;"C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe" -service [] R2 EarthLinkMonitor;EarthLink Monitor Service;"C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe" [2005-01-26 12:47] R2 ImSaferService;IMSafer;C:\Program Files\IMSafer\bin\imsc.exe [2007-09-21 15:23] R3 WPRO_40_755;WinPcap Packet Driver (WPRO_40_755);C:\WINDOWS\system32\drivers\WPRO_40_ 755.sys [] S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2N DIS5.sys [2004-11-01 15:16] S3 XDva002;XDva002;C:\WINDOWS\system32\XDva002.sys [] S4 dopewars-server;dopewars server;C:\Program Files\dopewars-1.5.12\dopewars.exe [2007-04-05 12:08] . Contents of the 'Scheduled Tasks' folder "2008-03-31 13:36:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-02 20:20:00 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-03-27 08:00:00 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-02 15:29:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll . Completion time: 2008-04-02 15:32:19 ComboFix-quarantined-files.txt 2008-04-02 20:32:10 ComboFix2.txt 2008-03-29 15:04:41 ComboFix3.txt 2007-12-13 02:34:22 Pre-Run: 1,613,115,392 bytes free Post-Run: 1,590,284,288 bytes free . 2008-03-12 08:02:39 --- E O F --- |
#7
|
||||
|
||||
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:47 PM, on 4/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe C:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\IMSafer\bin\imsc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Lexmark 2300 Series\lxcgmon.exe C:\Program Files\Lexmark 2300 Series\ezprint.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\lxcgcoms.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\GamingSquared\Gaming2\G2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: (no name) - Software - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - C:\Program Files\GamingSquared\Gaming2\G2IE_v1041.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file) O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [G2] "C:\Program Files\GamingSquared\Gaming2\G2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - SOFTWARE - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Baby%20Luv/Images/stg_drm.ocx O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1206509053046 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Baby%20Luv/Images/armhelper.ocx O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47...s/wwspades.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B557CEC6-7D4D-4A1A-8B34-A9D00C0D12A4}: NameServer = 85.255.116.82,85.255.112.88 O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C1B117-3681-43BC-8EA0-E357B07EEE8B}: NameServer = 85.255.116.82,85.255.112.88 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMSafer (ImSaferService) - IMSafer, Inc. - C:\Program Files\IMSafer\bin\imsc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe -- End of file - 9943 bytes |
#8
|
||||
|
||||
Username "Tami and Nick" - 04/02/2008 8:38:33 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters "nameserver"="85.255.116.82 85.255.112.88" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{B557CEC6-7D4D-4A1A-8B34-A9D00C0D12A4} "nameserver"="85.255.116.82,85.255.112.88" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{F2C1B117-3681-43BC-8EA0-E357B07EEE8B} "nameserver"="85.255.116.82,85.255.112.88" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{866CDCA3-310D-435A-83E8-71E3389D5BA9} "DhcpNameServer"="85.255.116.82,85.255.112.88" <Value cleared. Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\run] "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EX E" "LXCGCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\ LXCGtime.dll,_RunDLLEntry@16" "lxcgmon.exe"="\"C:\\Program Files\\Lexmark 2300 Series\\lxcgmon.exe\"" "EzPrint"="\"C:\\Program Files\\Lexmark 2300 Series\\ezprint.exe\"" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe " "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe" "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDr vCheck.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\"" "G2"="\"C:\\Program Files\\GamingSquared\\Gaming2\\G2.exe\"" "QuickTime Task"="\"C:\\Program Files\\Ringz Studio\\Storm Codec\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\run\avp6_post_uninstall] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e" "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ |
#9
|
||||
|
||||
ABBYY FineReader 6.0 Sprint
Ad-Aware 2007 Adobe Flash Player ActiveX Adobe Reader 7.0.9 Adobe Shockwave Player Age of Empires III Age or Castles Aladdin Expander 5.0 American McGee's Alice(tm) AnalogX MaxMem Apple Mobile Device Support Apple Software Update ATI - Software Uninstall Utility ATI Display Driver AVG Anti-Spyware 7.5 AVIConverter 3.0 AVS Cover Editor 1.3.1.79 (AVSMedia) AVS DVD Copy version 1.4 BabyLink6 Barcodechecksum Bejeweled Deluxe 1.862 Black & White® 2 Boggle BroadWave Uninstall Burn4Free CD and DVD CardRd81 CCleaner (remove only) CCScore Chore Genie 2.0 Codec Pack - All In 1 6.0.3.0 CR2 Dig'nRigs Diner Dash Hometown Hero DivX DivX Player Dope Wars 2.2 for Windows dopewars-1.5.12 Dream Day First Home Dress Shop Hop (remove only) Dungeon Siege 2 DVD Shrink 3.2 EarthLink Software Equifax Dispute Database ESSBrwr ESSCDBK ESScore ESSCT ESSgui ESShelp ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS ESSTUTOR ESSvpaht ESSvpot Experian Dispute Database E-Z Contact Book version 1.0.8.0 FA Go Fish Faxtastic Free WMA to MP3 Converter 1.16 Frosty Games GamesBar 1.1.0.5 GameSpy Arcade GamingSquared Console HijackThis 2.0.2 HLPIndex HLPPDOCK HLPRFO Hot Wheels(tm) Velocity X Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Backup and Recovery Manager HP Help and Support InterActual Player InterVideo WinDVD IsoBuster 1.5 iTunes J2SE Runtime Environment 5.0 Update 6 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) SE Runtime Environment 6 Update 1 John Deere American Builder Deluxe John Deere American Farmer Deluxe JumpStart 1st Grade 2000 Kitty Luv Kodak EasyShare software KSU Lexmark 2300 Series LiveReg (Symantec Corporation) LiveUpdate 3.0 (Symantec Corporation) Logitech QuickCam Software Logitech® Camera Driver Macromedia Flash Player Merv Griffins Crosswords Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Halo Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.5 Microsoft Visual C++ 2005 Redistributable Might and Magic IX MixPad MOV Converter 1.01 MP3Lyrix MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK MyPublisher BookMaker Nanny Mania (remove only) neroxml Notifier OTtBP OTtBPSDK Panda ActiveScan Paradise Pet Salon (remove only) PH General Ledger v4.0 Pony Luv (remove only) PrimoPDF PrimoPDF Redistribution Package Prism Professional Resumes Quick & Easy Puppy Luv (remove only) Puppy Luv a New Breed (remove only) QuickTime QuickTime Reading Mansion RealArcade RealPlayer Realtek High Definition Audio Driver RecordPad Sound Recorder RegCure 1.4.0.4 Roxio Audio Module Roxio Copy Module Roxio Data Module Roxio DLA Roxio Express Labeler Roxio MyDVD Plus Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB946026) SFR SHASTA Sim File Maid 2 1.0.2 Sims2Pack Clean Installer SKIN0001 SKINXSDK Slice Uninstall SoundTap Uninstall Space Colony Spybot - Search & Destroy Spybot - Search & Destroy 1.5.2.20 SpywareBlaster v3.5.1 Stamp Uninstall Stronghold Crusader Supple Switch The Sims 2 The Sims 2 Family Fun Stuff The Sims 2 Glamour Life Stuff The Sims 2 Nightlife The Sims 2 Open For Business The Sims 2 Pets The Sims 2 University Tonka Workshop Total Organizer TransUnion Dispute Database Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Valentine's EZ Cards VCD Galaxy DVDRip ComboPack VobSub v2.05 (Remove Only) VPRINTOL WavePad Uninstall WinAce Archiver 2.0 Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Windows Driver Package - Nokia Modem (02/15/2007 3.1) Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live OneCare safety scanner Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB891781 WinImage WinISO 5.3 WinRAR archiver WinZip WIRELESS Yahoo! Messenger Zoo Vet (remove only) Zuma Deluxe 1.0 |
#10
|
||||
|
||||
I would really have just no way to sight know which one(s) of those many, many installed games might be undesirable due to aggressive tactics or adware/spyware. An overwhelming number, and somehow I sense many are no longer being played, yes?
FixWareout corrected the rogue DNS settings, but before we do a scan that will spend too much time bogged down reading through all those game files, go here, and compare your install list using their alphabetic listing system. Copy down the ones you find as those you shouldn't keep, then go to Add/Remove Programs and uninstall them. Then reboot after, and post back a new Uninstall list from HijackThis, as well as your list of items removed. You can skip the obvious ones, like Kodak and Windows update, and any that are not showing as recognizable names, like those ESS... (ESSBrwr for example - they are Kodak software) ones, but take your time, check all the named ones, uninstall the bad ones then post back the new info please. |
#11
|
||||
|
||||
ABBYY FineReader 6.0 Sprint
Ad-Aware 2007 Adobe Flash Player ActiveX Adobe Reader 7.0.9 Adobe Shockwave Player Age of Empires III Aladdin Expander 5.0 American McGee's Alice(tm) Apple Mobile Device Support Apple Software Update ATI - Software Uninstall Utility ATI Display Driver AVG Anti-Spyware 7.5 AVIConverter 3.0 AVS Cover Editor 1.3.1.79 (AVSMedia) AVS DVD Copy version 1.4 BabyLink6 Barcodechecksum Bejeweled Deluxe 1.862 Black & White® 2 Boggle BroadWave Uninstall Burn4Free CD and DVD CardRd81 CCleaner (remove only) CCScore Chore Genie 2.0 Codec Pack - All In 1 6.0.3.0 CR2 Dig'nRigs Diner Dash Hometown Hero DivX DivX Player Dope Wars 2.2 for Windows dopewars-1.5.12 Dream Day First Home Dress Shop Hop (remove only) Dungeon Siege 2 DVD Shrink 3.2 EarthLink Software Equifax Dispute Database ESSBrwr ESSCDBK ESScore ESSCT ESSgui ESShelp ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS ESSTUTOR ESSvpaht ESSvpot Experian Dispute Database E-Z Contact Book version 1.0.8.0 Faxtastic Free WMA to MP3 Converter 1.16 Frosty Games GameSpy Arcade HijackThis 2.0.2 HLPIndex HLPPDOCK HLPRFO Hot Wheels(tm) Velocity X Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Backup and Recovery Manager HP Help and Support InterActual Player InterVideo WinDVD IsoBuster 1.5 iTunes J2SE Runtime Environment 5.0 Update 6 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) SE Runtime Environment 6 Update 1 John Deere American Builder Deluxe John Deere American Farmer Deluxe JumpStart 1st Grade 2000 Kodak EasyShare software KSU Lexmark 2300 Series LiveReg (Symantec Corporation) LiveUpdate 3.0 (Symantec Corporation) Logitech QuickCam Software Logitech® Camera Driver Macromedia Flash Player Merv Griffins Crosswords Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Halo Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.5 Microsoft Visual C++ 2005 Redistributable Might and Magic IX MixPad MOV Converter 1.01 MP3Lyrix MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK MyPublisher BookMaker neroxml Notifier OTtBP OTtBPSDK PH General Ledger v4.0 PrimoPDF PrimoPDF Redistribution Package Prism Professional Resumes Quick & Easy QuickTime QuickTime Reading Mansion RealArcade RealPlayer Realtek High Definition Audio Driver RecordPad Sound Recorder RegCure 1.4.0.4 Roxio Audio Module Roxio Copy Module Roxio Data Module Roxio DLA Roxio Express Labeler Roxio MyDVD Plus Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB946026) SFR SHASTA Sim File Maid 2 1.0.2 Sims2Pack Clean Installer SKIN0001 SKINXSDK Slice Uninstall SoundTap Uninstall Space Colony Spybot - Search & Destroy Spybot - Search & Destroy 1.5.2.20 SpywareBlaster v3.5.1 Stamp Uninstall Stronghold Crusader The Sims 2 The Sims 2 Family Fun Stuff The Sims 2 Glamour Life Stuff The Sims 2 Nightlife The Sims 2 Open For Business The Sims 2 Pets The Sims 2 University Tonka Workshop Total Organizer TransUnion Dispute Database Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Valentine's EZ Cards VCD Galaxy DVDRip ComboPack VobSub v2.05 (Remove Only) VPRINTOL WavePad Uninstall WinAce Archiver 2.0 Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Windows Driver Package - Nokia Modem (02/15/2007 3.1) Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live OneCare safety scanner Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB891781 WinImage WinISO 5.3 WinRAR archiver WinZip WIRELESS Yahoo! Messenger |
#12
|
||||
|
||||
Not too sure some of the remaining ones still will make it unscathed through some scans we need to do. The logs show freeze.com, which is an adware vendor, so somewhere in that list they have some bundled items. One that does need to be uninstalled still is that RegCure 1.4.0.4 - anything from Paretologic Inc, listed here in the past, means it provides ads luring you to download/install it, does some flashy scan, and only then do you learn they want money for it to do anything. Your choice, but it would be a good idea to uninstall that as well, and any Paretologic listings in Add/Remove Programs.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Also disconnect from net access anytime you run ComboFix, reconnecting after it has completed it's scan. Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it: Code:
File:: C:\WINDOWS\awshkwv.ini C:\13E0.tmp C:\6B.tmp Folder:: C:\Program Files\Freeze.com C:\Program Files\Free Offers from Freeze.com C:\Documents and Settings\All Users\Application Data\TEMP (include the "quotation marks" with the name) You should now have both ComboFix and that CFScript on the desktop. Just left click/hold on the CFScript file, and drag it into ComboFix to start the scan. ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. ----------------------------- Also Go here and run the Kaspersky online scan, and post back the log it creates (it requires IE). To use the scan, once the download has completed click Scan Settings, then make sure the "extended option" is checked (leave all others as they are) and click OK. Then click My Computer to begin the scan. Save the Report as a text file and post that back here. To save it as a text file, still with the page in Internet Explorer, go to the top of the page and select File - Save As... Then make sure in the "Save as type" drop down you change it to "Text File(*.txt)". Post back that log along with the ComboFix.txt and a new HijackThis log please. |
#13
|
||||
|
||||
ComboFix 08-04-01.2 - Tami and Nick 2008-04-05 12:06:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.489 [GMT -5:00] Running from: C:\Documents and Settings\Tami and Nick\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Tami and Nick\Desktop\cfscript * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\13E0.tmp C:\6B.tmp C:\WINDOWS\awshkwv.ini . TimedOut: progfile.dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\13E0.tmp C:\6B.tmp C:\Documents and Settings\All Users\Application Data\TEMP C:\Program Files\Free Offers from Freeze.com C:\Program Files\Free Offers from Freeze.com\101_Free_Songs.ico C:\Program Files\Free Offers from Freeze.com\4115.url C:\Program Files\Free Offers from Freeze.com\4294.url C:\Program Files\Free Offers from Freeze.com\4295.url C:\Program Files\Free Offers from Freeze.com\control.txt C:\Program Files\Free Offers from Freeze.com\games_icon2.ico C:\Program Files\Free Offers from Freeze.com\Ringtones.ico C:\Program Files\Freeze.com C:\Program Files\Freeze.com\Frosty Games\data\butt.swf C:\Program Files\Freeze.com\Frosty Games\data\DefaultExit.html C:\Program Files\Freeze.com\Frosty Games\data\DefaultFree.html C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_freeintro_08.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_01.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_02.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_03.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_04.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_05.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_06.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_07.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_09.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_10.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_11.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_12.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_13.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_14.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_15.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_16.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_17.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_18.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_19.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_20.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_21.jpg C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_22.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_01.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_02.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_03.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_04.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_05.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_06.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_07.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_08.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_09.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_10.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_11.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_12.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_13.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_14.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_15.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_16.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_17.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_18.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_19.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_20.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_21.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_22.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_23.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_24.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_25.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_26.jpg C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_27.jpg C:\Program Files\Freeze.com\Frosty Games\data\frosty500x350.html C:\Program Files\Freeze.com\Frosty Games\data\frosty728x90.html C:\Program Files\Freeze.com\Frosty Games\data\games.txt C:\Program Files\Freeze.com\Frosty Games\data\left_menu.swf C:\Program Files\Freeze.com\Frosty Games\data\offlinefrosty_v2\050930_728x90_generic_mole_hole.jpg C:\Program Files\Freeze.com\Frosty Games\data\offlinefrosty_v2\500x350.gif C:\Program Files\Freeze.com\Frosty Games\data\offlinefrosty500x350.html C:\Program Files\Freeze.com\Frosty Games\data\offlinefrosty728x90.html C:\Program Files\Freeze.com\Frosty Games\data\OnlineDefaultFree.html C:\Program Files\Freeze.com\Frosty Games\FrostyGames.exe C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\chicken_gamedata.txt C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data.txt C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level0_data.t xt C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level1_data.t xt C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level2_data.t xt C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level3_data.t xt C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level4_data.t xt C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level5_data.t xt C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level6_data.t xt C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level7_data.t xt C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level8_data.t xt C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level9_data.t xt C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Mayan_Mask_Mayhem.swf C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Smiley_Chomp.swf C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Spot_The_Difference_Edu cation.swf C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Spot_The_Difference_Sum mer.swf C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Spot_The_Difference_Tha nksgiving.swf C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Swap_A_Smiley.swf C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Why_Did_The_Chicken_Cro ss_The_Road.swf C:\Program Files\Freeze.com\Frosty Games\icon_desk_snowflake_v1.ico C:\Program Files\Freeze.com\Frosty Games\INSTALL.LOG C:\Program Files\Freeze.com\Frosty Games\license.txt C:\Program Files\Freeze.com\Frosty Games\undata.exe C:\Program Files\Freeze.com\Frosty Games\undata.ini C:\Program Files\Freeze.com\Frosty Games\UNINSTAL.EXE C:\Program Files\Freeze.com\Valentine's EZ Cards\EZCards7VD.exe C:\Program Files\Freeze.com\Valentine's EZ Cards\freeze.ico C:\Program Files\Freeze.com\Valentine's EZ Cards\freeze.url C:\Program Files\Freeze.com\Valentine's EZ Cards\INSTALL.LOG C:\Program Files\Freeze.com\Valentine's EZ Cards\undata.exe C:\Program Files\Freeze.com\Valentine's EZ Cards\undata.ini C:\Program Files\Freeze.com\Valentine's EZ Cards\UNINSTAL.EXE C:\WINDOWS\awshkwv.ini . ((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))) . 2008-04-05 09:56 . 2008-04-05 09:56 101,136 --a--c--- C:\WINDOWS\system32\WPRO_40_755woem.tmp 2008-04-02 22:12 . 2008-04-02 23:15 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\NCH Swift Sound 2008-04-02 08:36 . 2008-04-02 08:42 <DIR> d----c--- C:\fixwareout 2008-03-29 09:46 . 2008-03-29 10:04 <DIR> d----c--- C:\ComboFix[1] 2008-03-28 17:10 . 2008-03-28 17:10 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Saved Games 2008-03-27 20:26 . 2008-04-02 23:11 <DIR> d----c--- C:\Program Files\Oberon Media 2008-03-27 20:26 . 2008-03-27 20:26 <DIR> d----c--- C:\Program Files\Common Files\Oberon Media 2008-03-26 23:26 . 2008-03-26 23:26 <DIR> d----c--- C:\Program Files\Trend Micro 2008-03-26 22:38 . 2008-03-26 22:38 <DIR> d----c--- C:\kav 2008-03-26 22:37 . 2008-03-29 09:43 <DIR> d----c--- C:\Program Files\Enigma Software Group 2008-03-26 00:22 . 2008-03-26 00:26 <DIR> d----c--- C:\Program Files\Windows Live Safety Center 2008-03-25 08:07 . 2008-03-25 08:07 <DIR> d----c--- C:\Program Files\MyPublisher 2008-03-25 08:07 . 2008-03-25 08:07 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\MyPublisher 2008-03-19 23:27 . 2008-04-02 22:12 <DIR> d----c--- C:\Program Files\Supple 2008-03-19 23:19 . 2008-04-02 22:08 <DIR> d----c--- C:\Program Files\Age or Castles 2008-03-15 23:40 . 2008-03-15 23:40 <DIR> d----c--- C:\Program Files\Lavasoft 2008-03-15 23:40 . 2008-03-15 23:41 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-15 23:31 . 2008-03-15 23:31 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\Lavasoft 2008-03-15 23:13 . 2008-03-15 23:11 691,545 --a--c--- C:\WINDOWS\unins000.exe 2008-03-15 23:13 . 2008-03-15 23:13 2,554 --a--c--- C:\WINDOWS\unins000.dat 2008-03-15 22:47 . 2008-03-15 22:47 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\PC Suite 2008-03-15 10:17 . 2008-03-15 10:17 <DIR> d----c--- C:\WINDOWS\PaltalkScene 2008-03-15 10:17 . 2008-03-15 12:35 <DIR> d----c--- C:\Program Files\Paltalk Messenger 2008-03-14 16:00 . 2008-03-14 16:00 156,910 --a--c--- C:\WINDOWS\WMSysPr8.prx 2008-03-14 11:50 . 2008-03-14 11:50 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\Syntrillium 2008-03-14 11:49 . 2001-10-19 14:40 1,683,792 --a--c--- C:\WINDOWS\system32\wmvcore2.dll 2008-03-14 11:49 . 2001-10-19 14:40 665,424 --a--c--- C:\WINDOWS\system32\wmv8dmoe.dll 2008-03-14 11:49 . 2001-10-19 14:39 572,752 --a--c--- C:\WINDOWS\system32\wmvdmoe.dll 2008-03-14 11:49 . 2001-10-19 02:05 285,184 --a--c--- C:\WINDOWS\system32\wmidx2.ocx 2008-03-14 11:43 . 2008-03-14 11:43 <DIR> d----c--- C:\Downloads 2008-03-14 11:43 . 2008-03-14 11:45 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\GetRightToGo 2008-03-14 11:39 . 2008-03-14 11:39 <DIR> d----c--- C:\WINDOWS\Freecorder Toolbar 2008-03-14 11:39 . 2008-03-15 22:34 <DIR> d----c--- C:\Program Files\Freecorder 2008-03-09 17:24 . 2008-03-15 22:32 <DIR> d----c--- C:\Program Files\WestWard 2008-03-09 17:24 . 2008-03-09 17:24 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-03-09 17:21 . 2008-03-19 23:22 <DIR> d----c--- C:\GameFools 2008-03-09 12:19 . 2008-04-02 22:10 <DIR> d----c--- C:\Program Files\Kitty Luv 2008-03-08 15:41 . 2008-03-27 20:48 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\PlayFirst 2008-03-08 15:41 . 2008-03-27 20:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-03-07 22:56 . 2008-03-07 22:56 <DIR> d----c--- C:\Program Files\ReflexiveArcade 2008-03-06 23:20 . 2008-03-06 23:20 <DIR> d--hsc--- C:\WINDOWS\ftpcache 2008-03-06 23:20 . 2008-03-06 23:20 <DIR> d----c--- C:\Documents and Settings\Tami and Nick\Application Data\Total Eclipse 2008-03-06 23:18 . 2008-03-14 18:43 <DIR> d----c--- C:\My Games 2008-03-06 23:17 . 2008-03-14 18:43 <DIR> d----c--- C:\My Download Files 2008-03-06 23:15 . 2008-03-06 23:15 774,144 --a--c--- C:\Program Files\RngInterstitial.dll |
#14
|
||||
|
||||
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-04-05 14:11 --------- dc----w C:\Documents and Settings\Anyone\Application Data\MP3Rocket 2008-04-04 00:42 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\MP3Rocket 2008-04-03 04:15 --------- dc----w C:\Program Files\NCH Swift Sound 2008-04-03 04:12 --------- dc----w C:\Program Files\NCH Software 2008-04-03 04:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-04-03 04:11 --------- dc----w C:\Program Files\Yahoo! Games 2008-04-01 04:00 --------- dc----w C:\Program Files\MP3 Rocket 2008-03-31 20:32 --------- dc----w C:\Program Files\Lx_cats 2008-03-27 03:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-26 20:15 --------- dc----w C:\Program Files\JockerSoft 2008-03-26 15:52 --------- dc----w C:\Program Files\Spybot - Search & Destroy 2008-03-26 15:38 --------- dc----w C:\Program Files\Lexmark 2300 Series 2008-03-26 14:56 --------- dc----w C:\Program Files\Common Files\LightScribe 2008-03-26 13:00 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\AVG7 2008-03-25 01:10 --------- dc----w C:\Program Files\Java 2008-03-21 23:54 --------- dc----w C:\Program Files\Ea games 2008-03-17 04:25 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-16 15:58 --------- dc----w C:\Program Files\Common Files\Symantec Shared 2008-03-16 15:52 --------- dc----w C:\Program Files\Norton SystemWorks 2008-03-16 04:40 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-16 04:10 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-16 03:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-03-15 17:35 --------- dc----w C:\Program Files\LimeWire 2008-03-14 19:28 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\LimeWire 2008-03-12 13:00 --------- dc----w C:\Documents and Settings\Anyone\Application Data\AVG7 2008-03-08 02:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\Gogii 2008-03-08 01:18 --------- dc----w C:\Program Files\MySpace 2008-03-08 01:16 --------- dc----w C:\Program Files\Common Files\EarthLink 2008-03-07 04:15 --------- dc----w C:\Program Files\Real 2008-03-07 04:15 --------- dc----w C:\Program Files\Common Files\Real 2008-02-29 23:40 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\MySpace 2008-02-29 22:17 --------- dc----w C:\Program Files\Yahoo! 2008-02-29 19:28 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\EarthLink 2008-02-13 06:07 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\AdobeUM 2008-02-10 20:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-02-10 20:42 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-02-10 16:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Trymedia 2008-02-07 23:43 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\InterVideo 2008-02-07 08:17 --------- dc-h--r C:\Documents and Settings\Tami and Nick\Application Data\yahoo! 2008-02-05 03:01 --------- dc----w C:\Documents and Settings\Tami and Nick\Application Data\ScamBlocker 2007-07-01 04:02 10,073 -c--a-w C:\Program Files\X-RayPc.log 2004-10-26 03:54 332,024 -c--a-w C:\Program Files\x-raypc.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-27 21:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 18:13 3810544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-09-21 05:20 127036] "LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\LXCGtime.dll" [2005-07-20 12:48 73728] "lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 01:07 200704] "EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 07:05 94208] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCh eck.exe" [2003-11-10 16:06 406016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "QuickTime Task"="C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" [2007-06-29 06:24 286720] C:\Documents and Settings\Anyone\Start Menu\Programs\Startup\ MP3 Rocket (Minimized).lnk - C:\Program Files\MP3 Rocket\MP3Rocket.exe [2007-11-13 12:27:06 116224] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadWaveRun] C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2006-02-27 21:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2007-07-31 18:44 271672 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2007-06-29 06:24 286720 C:\Program Files\Ringz Studio\Storm Codec\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordPadRun] C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymKeepAlive] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Speed Disk service"=2 (0x2) "SNDSrvc"=3 (0x3) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "PCA"=2 (0x2) "navapsvc"=3 (0x3) "iPod Service"=3 (0x3) "dopewars-server"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\IMSafer\\bin\\imsc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support R2 EarthLinkMonitor;EarthLink Monitor Service;"C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe" [2005-01-26 12:47] R2 ImSaferService;IMSafer;C:\Program Files\IMSafer\bin\imsc.exe [2007-09-21 15:23] R3 WPRO_40_755;WinPcap Packet Driver (WPRO_40_755);C:\WINDOWS\system32\drivers\WPRO_40_ 755.sys [] S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2N DIS5.sys [2004-11-01 15:16] S3 XDva002;XDva002;C:\WINDOWS\system32\XDva002.sys [] S4 dopewars-server;dopewars server;C:\Program Files\dopewars-1.5.12\dopewars.exe [2007-04-05 12:08] . Contents of the 'Scheduled Tasks' folder "2008-03-31 13:36:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-05 17:04:45 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-03-27 08:00:00 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-05 12:10:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll . Completion time: 2008-04-05 12:12:37 ComboFix-quarantined-files.txt 2008-04-05 17:12:28 ComboFix2.txt 2008-04-02 20:32:19 ComboFix3.txt 2008-03-29 15:04:41 ComboFix4.txt 2007-12-13 02:34:22 Pre-Run: 3,637,190,656 bytes free Post-Run: 3,611,303,936 bytes free . 2008-03-12 08:02:39 --- E O F --- |
#15
|
||||
|
||||
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT Saturday, April 05, 2008 5:17:33 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 5/04/2008 Kaspersky Anti-Virus database records: 684963 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ H:\ I:\ J:\ K:\ Scan Statistics: Total number of scanned objects: 185775 Number of viruses found: 8 Number of infected objects: 29 Number of suspicious objects: 0 Duration of the scan process: 02:18:22 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-05_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Documents\citycodec4570.exe/stream Infected: Trojan.Win32.DNSChanger.arn skipped C:\Documents and Settings\All Users\Documents\citycodec4570.exe NSIS: infected - 1 skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Effects\P_MedalGold.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Int\Icon_Scale1.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Int\Icon_Scale2.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Int\Icon_Scale3.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Items\I_Head_Glow.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Items\I_Ring_Glow.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Portraits\Fire_Female.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\TCMap\TCGr_WStone.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\TCMap\TC_Desert_S.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\TCMap\TC_Steppe_S.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\TCMap\TC_WizTower.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Archon_Hero.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Black_Angel.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Bone_Dragon.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Elf_Cavalry.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Elf_Militia.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Galley_Mask.ilb Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Goblin_Hero.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Human_Scout.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Human_Witch.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Orc_Cavalry.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Orc_Glutton.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Orc_Militia.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Orc_Warlord.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Priest_Evil.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Priest_Good.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Tigran_Hero.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\Units\Undead_Hero.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\WMap\O_HoHealing.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\WMap\O_MCatalist.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Images\WMap\O_WaterMill.ILB Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Movies\AoWInternal.BIK Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Readme.html Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Resource\FX\Ability\Cold_Breath.fx Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Resource\FX\Ability\Fire_Breath.fx Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Resource\FX\Ability\Waterdancer.fx Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Resource\FX\Hit\Cold_Medium.fx Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Resource\FX\Hit\Cold_XLarge.fx Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Resource\FX\Hit\Death_Large.fx Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Resource\FX\Hit\Death_Small.fx Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Resource\FX\Hit\Fire_Medium.fx Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Resource\FX\Hit\Fire_XLarge.fx Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Resource\FX\Hit\Holy_Medium.fx Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Resource\FX\Hit\Holy_XLarge.fx Object is locked skipped C:\Documents and Settings\All Users\Documents\D drive\AGE OF WONDERS\Resource\FX\Hit\Magic_Large.fx Object is locked skipped |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Trojan Viruses. | adnan.sharif | Malware Removal | 1 | December 23rd, 2008 09:18 PM |
Downloader and Adware.Memini viruses | russoelainec | Windows XP | 3 | June 8th, 2007 12:59 AM |
Trojan.Dialer.Premium and Trojan.Downloader.Agent.XXX | Xa4 | Malware Removal | 22 | September 13th, 2006 08:23 PM |
Cant get rid of Trojan.Dialer.Premium and Trojan.downloader.agent.xxx | anix | Malware Removal | 3 | September 4th, 2006 01:37 AM |
Trojan Downloader Viruses | Betty | Malware Removal | 1 | April 16th, 2004 09:24 AM |
All times are GMT +1. The time now is 05:33 PM.