######o everyone. I am a newbie to all this and found this site trying to get rid of my trojan. I am unable to use my mozilla firefox without an error coming up about this dumb trojan. I am using ewido. Ran that in safe mode. Tryed HJT.exe, killbox. Everything I have read. Nothing is working. I hate IE and am going nuts. I also have Zone alrarm and get errors. Never the less here is my HJT report.. Any help would be MUCH aprreciated. I would typically send comp to my computer repair guy, but fnaces are rought right now. SIngle mother trying to support 3 kids.. HELP ME PLEASE !! Thanks in advance
Logfile of HijackThis v1.99.1
Scan saved at 7:00:11 PM, on 7/18/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS1\System32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
C:\WINDOWS1\System32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS1\System32\ZoneLabs\isafe.exe
C:\Do######ents and Settings\Kash.IM4U\Desktop\HJT.exe.exe
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS1\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O16 - DPF: {07812B64-CFBD-7E40-870E-380B18B62F75} - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: winevu32 - C:\WINDOWS1\SYSTEM32\winevu32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS1\System32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS1\System32\HPHipm09.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS1\System32\WFXSVC.EXE
Full Version: HELP PLEASE ! Trojan.dialer.pz
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Heres anotrher report
Start Time= Wed 07/19/2006 8:24:46.07
Running from: C:\Documents and Settings\Kash.IM4U\Desktop
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-07-19 08:16 <DIR> C:\Program Files\mozilla firefox
2006-07-19 06:40 778 C:\WINDOWS1\win.ini
2006-07-19 06:37 <DIR> C:\Program Files\Common Files\wise installation wizard
2006-07-19 06:35 856 C:\WINDOWS1\wininit.ini
2006-07-18 15:30 227 C:\WINDOWS1\system.ini
2006-07-18 14:52 69,632 C:\WINDOWS1\g525766.dll
2006-07-18 11:29 <DIR> C:\Program Files\ewido anti-spyware 4.0
2006-07-18 11:01 69,632 C:\WINDOWS1\g5574465.dll
2006-07-18 10:01 69,632 C:\WINDOWS1\g1966517.dll
2006-07-18 09:41 69,632 C:\WINDOWS1\g767673.dll
2006-07-17 15:17 69,632 C:\WINDOWS1\g1113771.dll
2006-07-17 13:54 <DIR> C:\Program Files\microsoft activesync
2006-07-17 13:54 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\microsoft
2006-07-17 12:26 69,632 C:\WINDOWS1\g336572034.dll
2006-07-17 12:06 69,632 C:\WINDOWS1\g335370837.dll
2006-07-17 11:46 69,632 C:\WINDOWS1\g334170581.dll
2006-07-17 10:46 69,632 C:\WINDOWS1\g330570264.dll
2006-07-17 10:26 69,632 C:\WINDOWS1\g329370159.dll
2006-07-17 10:06 69,632 C:\WINDOWS1\g328169753.dll
2006-07-17 09:06 69,632 C:\WINDOWS1\g324567813.dll
2006-07-17 08:26 69,632 C:\WINDOWS1\g322167742.dll
2006-07-13 15:13 <DIR> C:\Program Files\handmark
2006-07-13 14:04 <DIR> C:\Program Files\avantgo connect
2006-07-13 13:19 <DIR> C:\Program Files\complus applications
2006-07-13 13:19 <DIR> C:\Program Files\Common Files\ukmw
2006-07-13 13:19 <DIR> C:\Program Files\Common Files\svchostsys
2006-07-13 13:19 <DIR> C:\Program Files\Common Files\simtest
2006-07-13 13:19 <DIR> C:\Program Files\common files
2006-07-13 13:02 <DIR> C:\Program Files\partypoker
2006-07-13 13:02 <DIR> C:\Program Files\msn gaming zone
2006-07-13 13:02 <DIR> C:\Program Files\msn
2006-07-12 09:32 18,432 C:\WINDOWS1\system32\winevu32.dll
2006-07-11 23:13 <DIR> C:\Program Files\installshield installation information
2006-07-11 23:13 <DIR> C:\Program Files\conduits pocket artist
2006-07-07 11:46 <DIR> C:\Program Files\quicktime
2006-07-04 19:48 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\adobeum
2006-06-23 11:46 <DIR> C:\Program Files\spybot - search & destroy
2006-06-19 09:05 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\limewire
2006-06-19 09:04 <DIR> C:\Program Files\yahoo sitebuilder
2006-06-19 09:04 <DIR> C:\Program Files\windows
2006-06-19 09:04 <DIR> C:\Program Files\itunes
2006-06-19 09:04 <DIR> C:\Program Files\internet explorer
2006-06-17 18:19 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\apple computer
2006-06-06 08:15 <DIR> C:\Program Files\partygaming
2006-06-05 16:16 <DIR> C:\Program Files\kazaa lite k++
2006-06-05 15:59 <DIR> C:\Program Files\kazupernodes
2006-05-26 14:20 <DIR> C:\Program Files\full tilt poker
2006-05-18 09:43 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\ourpictures
2006-05-03 11:33 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\roxio
2006-05-03 10:48 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\yahoo!
2006-04-27 17:49 288,417 C:\WINDOWS1\system32\srchsts.exe
2006-04-25 16:18 <DIR> C:\Program Files\windows media player
2006-04-25 16:18 <DIR> C:\Program Files\messenger
2006-04-19 14:17 15,360 C:\WINDOWS1\system32\bassmod.dll
2006-03-23 10:06 <DIR> C:\Program Files\java
2006-03-19 11:28 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\sonic
2006-03-17 12:46 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\sun
2006-03-17 12:38 <DIR> C:\Program Files\Common Files\java
2006-03-08 17:16 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\adobe
2006-03-08 11:47 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\backup mypc
2006-03-07 22:28 <DIR> C:\Program Files\Common Files\sonic shared
2006-03-07 16:05 <DIR> C:\Program Files\Common Files\adobe
2006-03-07 15:36 <DIR> C:\Program Files\adobe
2006-03-03 20:16 <DIR> C:\Program Files\microsoft money
2006-03-03 20:16 <DIR> C:\Program Files\Common Files\microsoft shared
2006-03-03 13:18 <DIR> C:\Program Files\partygaming.net
2006-03-02 12:49 <DIR> C:\Program Files\jasc software inc
2006-03-02 12:49 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\jasc software inc
2006-03-01 17:52 <DIR> C:\Program Files\taxcut05
2006-02-28 16:12 <DIR> C:\Program Files\yahoo!
2006-02-28 16:11 <DIR> C:\Program Files\bittornado
2006-02-28 15:35 <DIR> C:\Program Files\Common Files\fotonation
2006-02-23 19:45 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\msn6
2006-02-23 19:04 <DIR> C:\Program Files\symantec
2006-02-23 19:04 <DIR> C:\Program Files\Common Files\symantec shared
2006-02-21 14:28 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\mailfrontier
2006-02-21 13:53 <DIR> C:\Program Files\zone labs
2006-02-16 09:23 <DIR> C:\Program Files\visioneer onetouch
2006-02-16 09:23 <DIR> C:\Program Files\Common Files\scansoft shared
2006-02-16 09:22 <DIR> C:\Program Files\scansoft
2006-02-16 09:14 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\help
2006-02-16 09:10 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\symantec
2006-02-16 09:09 <DIR> C:\Program Files\Common Files\novell shared
2006-02-15 19:22 <DIR> C:\Program Files\winrar
2006-02-15 17:09 <DIR> C:\Program Files\avantgo
2006-02-15 16:03 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\simple star
2006-02-15 15:12 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\kazaa lite
2006-02-15 14:56 <DIR> C:\Program Files\program files
2006-02-15 14:46 <DIR> C:\Program Files\hp photosmart
2006-02-15 14:33 <DIR> C:\Program Files\java web start
2006-02-15 14:30 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\talkback
2006-02-15 14:30 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\mozilla
2006-02-15 14:03 <DIR> C:\Program Files\hewlett-packard
2006-02-15 13:51 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\macromedia
2006-02-15 13:09 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\identities
2006-02-15 13:00 <DIR> C:\Program Files\online services
2006-02-15 12:59 <DIR> C:\Program Files\netmeeting
2006-02-15 12:59 <DIR> C:\Program Files\movie maker
2006-02-15 12:58 <DIR> C:\Program Files\outlook express
2006-02-15 12:58 <DIR> C:\Program Files\Common Files\system
2006-02-15 12:56 <DIR> C:\Program Files\windows nt
2006-02-13 16:21 <DIR> C:\Program Files\microsoft jsharp browser controls v1.1
2006-02-13 16:20 <DIR> C:\Program Files\Common Files\xing shared
2006-02-13 16:20 <DIR> C:\Program Files\Common Files\real
2006-02-13 12:21 <DIR> C:\Program Files\real
2006-02-09 19:49 <DIR> C:\Program Files\microsoft works
2006-02-09 16:59 <DIR> C:\Program Files\windowsupdate
2006-02-07 09:52 <DIR> C:\Program Files\msnmusic
2006-02-02 22:48 <DIR> C:\Program Files\simbsoft
2006-02-01 18:23 <DIR> C:\Program Files\microsoft money 2005
2006-02-01 16:45 <DIR> C:\Program Files\partypoker.net
2006-02-01 16:28 <DIR> C:\Program Files\sonic
2006-02-01 16:28 <DIR> C:\Program Files\roxio
2006-02-01 16:27 <DIR> C:\Program Files\Common Files\roxio shared
2006-02-01 16:24 <DIR> C:\Program Files\Common Files\installshield
2006-02-01 16:01 <DIR> C:\Program Files\tdk
2006-02-01 15:50 <DIR> C:\Program Files\directx
2006-02-01 14:32 <DIR> C:\Program Files\Common Files\l&h
2006-02-01 14:31 <DIR> C:\Program Files\microsoft.net
2006-02-01 14:30 <DIR> C:\Program Files\microsoft visual studio
2006-02-01 14:30 <DIR> C:\Program Files\microsoft office
2006-02-01 14:30 <DIR> C:\Program Files\Common Files\designer
2006-02-01 12:53 <DIR> C:\Program Files\Common Files\adobe systems shared
2006-01-31 17:55 <DIR> C:\Program Files\simple star
2006-01-31 17:54 <DIR> C:\Program Files\photo show
2006-01-31 16:31 <DIR> C:\Program Files\Common Files\simple star shared
2006-01-31 15:25 <DIR> C:\Program Files\tgtsoft
2006-01-31 13:14 <DIR> C:\Program Files\maxtor
2006-01-31 13:09 <DIR> C:\Program Files\ati multimedia
2006-01-31 12:32 <DIR> C:\Program Files\sbc yahoo!
2006-01-31 12:32 <DIR> C:\Program Files\broadjump
2006-01-31 12:25 <DIR> C:\Program Files\uninstall information
2006-01-31 12:19 <DIR> C:\Program Files\xerox
2006-01-31 12:19 <DIR> C:\Program Files\microsoft frontpage
2006-01-31 12:16 <DIR> C:\Program Files\Common Files\services
2006-01-31 12:16 <DIR> C:\Program Files\Common Files\mssoap
2006-01-31 04:07 <DIR> C:\Program Files\Common Files\speechengines
2006-01-31 04:07 <DIR> C:\Program Files\Common Files\odbc
(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))
2006-07-18 17:51 536,449,024 C:\hiberfil.sys
2006-07-18 17:21 4,096 C:\WINDOWS1\system32\reboot.exe
2006-07-18 17:21 16,384 C:\WINDOWS1\system32\restart.exe
2006-07-18 17:21 10,599 C:\delfiles.bat
2006-07-18 14:52 69,632 C:\WINDOWS1\g525766.dll
2006-07-18 11:23 53,248 C:\WINDOWS1\system32\Process.exe
2006-07-18 11:23 42,496 C:\WINDOWS1\system32\swreg.exe
2006-07-18 11:23 40,960 C:\WINDOWS1\system32\swsc.exe
2006-07-18 11:23 288,417 C:\WINDOWS1\system32\SrchSTS.exe
2006-07-18 11:01 69,632 C:\WINDOWS1\g5574465.dll
2006-07-18 10:01 69,632 C:\WINDOWS1\g1966517.dll
2006-07-18 09:41 69,632 C:\WINDOWS1\g767673.dll
2006-07-17 15:17 69,632 C:\WINDOWS1\g1113771.dll
2006-07-17 12:26 69,632 C:\WINDOWS1\g336572034.dll
2006-07-17 12:06 69,632 C:\WINDOWS1\g335370837.dll
2006-07-17 11:46 69,632 C:\WINDOWS1\g334170581.dll
2006-07-17 10:46 69,632 C:\WINDOWS1\g330570264.dll
2006-07-17 10:26 69,632 C:\WINDOWS1\g329370159.dll
2006-07-17 10:06 69,632 C:\WINDOWS1\g328169753.dll
2006-07-17 09:06 69,632 C:\WINDOWS1\g324567813.dll
2006-07-17 08:26 69,632 C:\WINDOWS1\g322167742.dll
2006-07-13 14:49 21,504 C:\WINDOWS1\system32\7105c9fa.exe
2006-07-13 14:09 109,056 C:\WINDOWS1\system32\UNINSTAL.EXE
2006-07-13 14:04 77,899 C:\WINDOWS1\system32\rapi.dll
2006-07-13 14:04 65,615 C:\WINDOWS1\system32\pmailext.dll
2006-07-13 14:04 65,613 C:\WINDOWS1\system32\ppvexp.dll
2006-07-13 14:04 57,423 C:\WINDOWS1\system32\MsgStRPC.dll
2006-07-13 14:04 36,942 C:\WINDOWS1\system32\ppcload.dll
2006-07-13 14:04 24,653 C:\WINDOWS1\system32\ceutil.dll
2006-07-13 14:04 24,652 C:\WINDOWS1\system32\uicom.dll
2006-07-13 14:04 114,688 C:\WINDOWS1\system32\malslib.dll
2006-07-12 09:32 18,432 C:\WINDOWS1\system32\winevu32.dll
2006-07-10 19:41 230,912 C:\WINDOWS1\epsuninst.exe
2006-07-10 19:40 163,599 C:\WINDOWS1\psuninst2.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS1\\System32\\ctfmon.exe"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS1\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk"
"backup"="C:\\WINDOWS1\\pss\\Acrobat Assistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~3.0\\Distillr\\acrotray.exe "
"item"="Acrobat Assistant"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kash.IM4U^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Kash.IM4U\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS1\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7105c9fa.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="7105c9fa"
"hkey"="HKLM"
"command"="C:\\WINDOWS1\\System32\\7105c9fa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="atiptaxx.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CFD"
"hkey"="HKLM"
"command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BMUpdate"
"hkey"="HKCU"
"command"="C:\\WINDOWS1\\System32\\BMUpdate.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS1\\System32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb04"
"hkey"="HKLM"
"command"="C:\\WINDOWS1\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphmon03"
"hkey"="HKLM"
"command"="C:\\WINDOWS1\\System32\\hphmon03.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydarVisionDesktopManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ONETOU~2"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VISION~1\\ONETOU~2.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mssysmgr"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\SIMPLE~1\\PHOTOS~1\\data\\xtras\\mssysmgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPWebCap"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\ScanSoft\\PAPERP~1\\PPWebCap.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Drag to Disc\\DrgToDsc.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RoxWatchTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM8\\RoxWatchTray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wfxsnt40"
"hkey"="HKLM"
"command"="wfxsnt40.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"inimapping"="0"
Contents of the 'Scheduled Tasks' folder
Completion time: Wed 07/19/2006 8:25:55.99
ComboFix ver 06.07.19.2 - This logfile is located at C:\ComboFix.txt
ComboFix.txt
Start Time= Wed 07/19/2006 8:24:46.07
Running from: C:\Documents and Settings\Kash.IM4U\Desktop
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-07-19 08:16 <DIR> C:\Program Files\mozilla firefox
2006-07-19 06:40 778 C:\WINDOWS1\win.ini
2006-07-19 06:37 <DIR> C:\Program Files\Common Files\wise installation wizard
2006-07-19 06:35 856 C:\WINDOWS1\wininit.ini
2006-07-18 15:30 227 C:\WINDOWS1\system.ini
2006-07-18 14:52 69,632 C:\WINDOWS1\g525766.dll
2006-07-18 11:29 <DIR> C:\Program Files\ewido anti-spyware 4.0
2006-07-18 11:01 69,632 C:\WINDOWS1\g5574465.dll
2006-07-18 10:01 69,632 C:\WINDOWS1\g1966517.dll
2006-07-18 09:41 69,632 C:\WINDOWS1\g767673.dll
2006-07-17 15:17 69,632 C:\WINDOWS1\g1113771.dll
2006-07-17 13:54 <DIR> C:\Program Files\microsoft activesync
2006-07-17 13:54 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\microsoft
2006-07-17 12:26 69,632 C:\WINDOWS1\g336572034.dll
2006-07-17 12:06 69,632 C:\WINDOWS1\g335370837.dll
2006-07-17 11:46 69,632 C:\WINDOWS1\g334170581.dll
2006-07-17 10:46 69,632 C:\WINDOWS1\g330570264.dll
2006-07-17 10:26 69,632 C:\WINDOWS1\g329370159.dll
2006-07-17 10:06 69,632 C:\WINDOWS1\g328169753.dll
2006-07-17 09:06 69,632 C:\WINDOWS1\g324567813.dll
2006-07-17 08:26 69,632 C:\WINDOWS1\g322167742.dll
2006-07-13 15:13 <DIR> C:\Program Files\handmark
2006-07-13 14:04 <DIR> C:\Program Files\avantgo connect
2006-07-13 13:19 <DIR> C:\Program Files\complus applications
2006-07-13 13:19 <DIR> C:\Program Files\Common Files\ukmw
2006-07-13 13:19 <DIR> C:\Program Files\Common Files\svchostsys
2006-07-13 13:19 <DIR> C:\Program Files\Common Files\simtest
2006-07-13 13:19 <DIR> C:\Program Files\common files
2006-07-13 13:02 <DIR> C:\Program Files\partypoker
2006-07-13 13:02 <DIR> C:\Program Files\msn gaming zone
2006-07-13 13:02 <DIR> C:\Program Files\msn
2006-07-12 09:32 18,432 C:\WINDOWS1\system32\winevu32.dll
2006-07-11 23:13 <DIR> C:\Program Files\installshield installation information
2006-07-11 23:13 <DIR> C:\Program Files\conduits pocket artist
2006-07-07 11:46 <DIR> C:\Program Files\quicktime
2006-07-04 19:48 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\adobeum
2006-06-23 11:46 <DIR> C:\Program Files\spybot - search & destroy
2006-06-19 09:05 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\limewire
2006-06-19 09:04 <DIR> C:\Program Files\yahoo sitebuilder
2006-06-19 09:04 <DIR> C:\Program Files\windows
2006-06-19 09:04 <DIR> C:\Program Files\itunes
2006-06-19 09:04 <DIR> C:\Program Files\internet explorer
2006-06-17 18:19 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\apple computer
2006-06-06 08:15 <DIR> C:\Program Files\partygaming
2006-06-05 16:16 <DIR> C:\Program Files\kazaa lite k++
2006-06-05 15:59 <DIR> C:\Program Files\kazupernodes
2006-05-26 14:20 <DIR> C:\Program Files\full tilt poker
2006-05-18 09:43 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\ourpictures
2006-05-03 11:33 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\roxio
2006-05-03 10:48 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\yahoo!
2006-04-27 17:49 288,417 C:\WINDOWS1\system32\srchsts.exe
2006-04-25 16:18 <DIR> C:\Program Files\windows media player
2006-04-25 16:18 <DIR> C:\Program Files\messenger
2006-04-19 14:17 15,360 C:\WINDOWS1\system32\bassmod.dll
2006-03-23 10:06 <DIR> C:\Program Files\java
2006-03-19 11:28 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\sonic
2006-03-17 12:46 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\sun
2006-03-17 12:38 <DIR> C:\Program Files\Common Files\java
2006-03-08 17:16 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\adobe
2006-03-08 11:47 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\backup mypc
2006-03-07 22:28 <DIR> C:\Program Files\Common Files\sonic shared
2006-03-07 16:05 <DIR> C:\Program Files\Common Files\adobe
2006-03-07 15:36 <DIR> C:\Program Files\adobe
2006-03-03 20:16 <DIR> C:\Program Files\microsoft money
2006-03-03 20:16 <DIR> C:\Program Files\Common Files\microsoft shared
2006-03-03 13:18 <DIR> C:\Program Files\partygaming.net
2006-03-02 12:49 <DIR> C:\Program Files\jasc software inc
2006-03-02 12:49 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\jasc software inc
2006-03-01 17:52 <DIR> C:\Program Files\taxcut05
2006-02-28 16:12 <DIR> C:\Program Files\yahoo!
2006-02-28 16:11 <DIR> C:\Program Files\bittornado
2006-02-28 15:35 <DIR> C:\Program Files\Common Files\fotonation
2006-02-23 19:45 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\msn6
2006-02-23 19:04 <DIR> C:\Program Files\symantec
2006-02-23 19:04 <DIR> C:\Program Files\Common Files\symantec shared
2006-02-21 14:28 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\mailfrontier
2006-02-21 13:53 <DIR> C:\Program Files\zone labs
2006-02-16 09:23 <DIR> C:\Program Files\visioneer onetouch
2006-02-16 09:23 <DIR> C:\Program Files\Common Files\scansoft shared
2006-02-16 09:22 <DIR> C:\Program Files\scansoft
2006-02-16 09:14 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\help
2006-02-16 09:10 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\symantec
2006-02-16 09:09 <DIR> C:\Program Files\Common Files\novell shared
2006-02-15 19:22 <DIR> C:\Program Files\winrar
2006-02-15 17:09 <DIR> C:\Program Files\avantgo
2006-02-15 16:03 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\simple star
2006-02-15 15:12 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\kazaa lite
2006-02-15 14:56 <DIR> C:\Program Files\program files
2006-02-15 14:46 <DIR> C:\Program Files\hp photosmart
2006-02-15 14:33 <DIR> C:\Program Files\java web start
2006-02-15 14:30 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\talkback
2006-02-15 14:30 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\mozilla
2006-02-15 14:03 <DIR> C:\Program Files\hewlett-packard
2006-02-15 13:51 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\macromedia
2006-02-15 13:09 <DIR> C:\Documents and Settings\Kash.IM4U\Application Data\identities
2006-02-15 13:00 <DIR> C:\Program Files\online services
2006-02-15 12:59 <DIR> C:\Program Files\netmeeting
2006-02-15 12:59 <DIR> C:\Program Files\movie maker
2006-02-15 12:58 <DIR> C:\Program Files\outlook express
2006-02-15 12:58 <DIR> C:\Program Files\Common Files\system
2006-02-15 12:56 <DIR> C:\Program Files\windows nt
2006-02-13 16:21 <DIR> C:\Program Files\microsoft jsharp browser controls v1.1
2006-02-13 16:20 <DIR> C:\Program Files\Common Files\xing shared
2006-02-13 16:20 <DIR> C:\Program Files\Common Files\real
2006-02-13 12:21 <DIR> C:\Program Files\real
2006-02-09 19:49 <DIR> C:\Program Files\microsoft works
2006-02-09 16:59 <DIR> C:\Program Files\windowsupdate
2006-02-07 09:52 <DIR> C:\Program Files\msnmusic
2006-02-02 22:48 <DIR> C:\Program Files\simbsoft
2006-02-01 18:23 <DIR> C:\Program Files\microsoft money 2005
2006-02-01 16:45 <DIR> C:\Program Files\partypoker.net
2006-02-01 16:28 <DIR> C:\Program Files\sonic
2006-02-01 16:28 <DIR> C:\Program Files\roxio
2006-02-01 16:27 <DIR> C:\Program Files\Common Files\roxio shared
2006-02-01 16:24 <DIR> C:\Program Files\Common Files\installshield
2006-02-01 16:01 <DIR> C:\Program Files\tdk
2006-02-01 15:50 <DIR> C:\Program Files\directx
2006-02-01 14:32 <DIR> C:\Program Files\Common Files\l&h
2006-02-01 14:31 <DIR> C:\Program Files\microsoft.net
2006-02-01 14:30 <DIR> C:\Program Files\microsoft visual studio
2006-02-01 14:30 <DIR> C:\Program Files\microsoft office
2006-02-01 14:30 <DIR> C:\Program Files\Common Files\designer
2006-02-01 12:53 <DIR> C:\Program Files\Common Files\adobe systems shared
2006-01-31 17:55 <DIR> C:\Program Files\simple star
2006-01-31 17:54 <DIR> C:\Program Files\photo show
2006-01-31 16:31 <DIR> C:\Program Files\Common Files\simple star shared
2006-01-31 15:25 <DIR> C:\Program Files\tgtsoft
2006-01-31 13:14 <DIR> C:\Program Files\maxtor
2006-01-31 13:09 <DIR> C:\Program Files\ati multimedia
2006-01-31 12:32 <DIR> C:\Program Files\sbc yahoo!
2006-01-31 12:32 <DIR> C:\Program Files\broadjump
2006-01-31 12:25 <DIR> C:\Program Files\uninstall information
2006-01-31 12:19 <DIR> C:\Program Files\xerox
2006-01-31 12:19 <DIR> C:\Program Files\microsoft frontpage
2006-01-31 12:16 <DIR> C:\Program Files\Common Files\services
2006-01-31 12:16 <DIR> C:\Program Files\Common Files\mssoap
2006-01-31 04:07 <DIR> C:\Program Files\Common Files\speechengines
2006-01-31 04:07 <DIR> C:\Program Files\Common Files\odbc
(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))
2006-07-18 17:51 536,449,024 C:\hiberfil.sys
2006-07-18 17:21 4,096 C:\WINDOWS1\system32\reboot.exe
2006-07-18 17:21 16,384 C:\WINDOWS1\system32\restart.exe
2006-07-18 17:21 10,599 C:\delfiles.bat
2006-07-18 14:52 69,632 C:\WINDOWS1\g525766.dll
2006-07-18 11:23 53,248 C:\WINDOWS1\system32\Process.exe
2006-07-18 11:23 42,496 C:\WINDOWS1\system32\swreg.exe
2006-07-18 11:23 40,960 C:\WINDOWS1\system32\swsc.exe
2006-07-18 11:23 288,417 C:\WINDOWS1\system32\SrchSTS.exe
2006-07-18 11:01 69,632 C:\WINDOWS1\g5574465.dll
2006-07-18 10:01 69,632 C:\WINDOWS1\g1966517.dll
2006-07-18 09:41 69,632 C:\WINDOWS1\g767673.dll
2006-07-17 15:17 69,632 C:\WINDOWS1\g1113771.dll
2006-07-17 12:26 69,632 C:\WINDOWS1\g336572034.dll
2006-07-17 12:06 69,632 C:\WINDOWS1\g335370837.dll
2006-07-17 11:46 69,632 C:\WINDOWS1\g334170581.dll
2006-07-17 10:46 69,632 C:\WINDOWS1\g330570264.dll
2006-07-17 10:26 69,632 C:\WINDOWS1\g329370159.dll
2006-07-17 10:06 69,632 C:\WINDOWS1\g328169753.dll
2006-07-17 09:06 69,632 C:\WINDOWS1\g324567813.dll
2006-07-17 08:26 69,632 C:\WINDOWS1\g322167742.dll
2006-07-13 14:49 21,504 C:\WINDOWS1\system32\7105c9fa.exe
2006-07-13 14:09 109,056 C:\WINDOWS1\system32\UNINSTAL.EXE
2006-07-13 14:04 77,899 C:\WINDOWS1\system32\rapi.dll
2006-07-13 14:04 65,615 C:\WINDOWS1\system32\pmailext.dll
2006-07-13 14:04 65,613 C:\WINDOWS1\system32\ppvexp.dll
2006-07-13 14:04 57,423 C:\WINDOWS1\system32\MsgStRPC.dll
2006-07-13 14:04 36,942 C:\WINDOWS1\system32\ppcload.dll
2006-07-13 14:04 24,653 C:\WINDOWS1\system32\ceutil.dll
2006-07-13 14:04 24,652 C:\WINDOWS1\system32\uicom.dll
2006-07-13 14:04 114,688 C:\WINDOWS1\system32\malslib.dll
2006-07-12 09:32 18,432 C:\WINDOWS1\system32\winevu32.dll
2006-07-10 19:41 230,912 C:\WINDOWS1\epsuninst.exe
2006-07-10 19:40 163,599 C:\WINDOWS1\psuninst2.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS1\\System32\\ctfmon.exe"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS1\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk"
"backup"="C:\\WINDOWS1\\pss\\Acrobat Assistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~3.0\\Distillr\\acrotray.exe "
"item"="Acrobat Assistant"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kash.IM4U^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Kash.IM4U\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS1\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7105c9fa.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="7105c9fa"
"hkey"="HKLM"
"command"="C:\\WINDOWS1\\System32\\7105c9fa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="atiptaxx.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CFD"
"hkey"="HKLM"
"command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BMUpdate"
"hkey"="HKCU"
"command"="C:\\WINDOWS1\\System32\\BMUpdate.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS1\\System32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb04"
"hkey"="HKLM"
"command"="C:\\WINDOWS1\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphmon03"
"hkey"="HKLM"
"command"="C:\\WINDOWS1\\System32\\hphmon03.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydarVisionDesktopManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ONETOU~2"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VISION~1\\ONETOU~2.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mssysmgr"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\SIMPLE~1\\PHOTOS~1\\data\\xtras\\mssysmgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPWebCap"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\ScanSoft\\PAPERP~1\\PPWebCap.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Drag to Disc\\DrgToDsc.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RoxWatchTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM8\\RoxWatchTray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wfxsnt40"
"hkey"="HKLM"
"command"="wfxsnt40.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"inimapping"="0"
Contents of the 'Scheduled Tasks' folder
Completion time: Wed 07/19/2006 8:25:55.99
ComboFix ver 06.07.19.2 - This logfile is located at C:\ComboFix.txt
ComboFix.txt
Some very big problems on this computer! You are in the Lavasoft Support Forums and you haven't even mentioned using Adaware.
I see no antivirus installed on your system, and I also see that your windows isn't up to date.
You don't have even ServicePack1 installed! Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing on an unpatched unprotected computer... and that is the reason why you are now infected, because, if your windows was up to date, the security patches could prevent this.
You're running both Kazaa and Limewire, known to carry spywareware bundled with them. Additionally programs downloaded from the P2P networks are mostly infected files - again with no protection on your computer you should not even be using P2P programs. This is computer suicide waiting to happen!
Run this free tool for the delf trojan and post the log back here.
Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c:\windelf.txt
And we need to see your Adaware Scan log:
Please can you make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R115 18.07.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan"
and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
And before you post another HijackThis log or go any further, please get your Windows Updates here:
Visit http://windowsupdate.microsoft.com/ to update. Get ALL the critical security updates recommended.
Then you need an Antivirus program.
AVG, Antivir OR Avast are good FREE antivirus (free for personal use only!).
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decreases the reliability of it seriously!
AVg: http://free.grisoft.com/freeweb.php/doc/2/
Avira's AntiVir (free personal edition) http://www.free-av.com/
Avast: http://www.avast.com/
Otherwise, I suggest you need a better computer repair guy if he is letting you run this system with NO windows update and NO antivirus.
I see no antivirus installed on your system, and I also see that your windows isn't up to date.
You don't have even ServicePack1 installed! Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing on an unpatched unprotected computer... and that is the reason why you are now infected, because, if your windows was up to date, the security patches could prevent this.
You're running both Kazaa and Limewire, known to carry spywareware bundled with them. Additionally programs downloaded from the P2P networks are mostly infected files - again with no protection on your computer you should not even be using P2P programs. This is computer suicide waiting to happen!
Run this free tool for the delf trojan and post the log back here.
Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c:\windelf.txt
And we need to see your Adaware Scan log:
Please can you make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R115 18.07.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan"
and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
And before you post another HijackThis log or go any further, please get your Windows Updates here:
Visit http://windowsupdate.microsoft.com/ to update. Get ALL the critical security updates recommended.
Then you need an Antivirus program.
AVG, Antivir OR Avast are good FREE antivirus (free for personal use only!).
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decreases the reliability of it seriously!
AVg: http://free.grisoft.com/freeweb.php/doc/2/
Avira's AntiVir (free personal edition) http://www.free-av.com/
Avast: http://www.avast.com/
Otherwise, I suggest you need a better computer repair guy if he is letting you run this system with NO windows update and NO antivirus.
I have two anti-virus programs. . . Zone Labs ZOne Alarm and Ewido anti virus spyware...
Ah, ok. You have the ZA security suite then? That's good for AV protection too then.
You still need to run the tools I listed above and then you need to get Windows Security Updates. I'll need to see the logs from Win32delfkil (c:\windelf.txt) and the Adaware Scan logs after getting today's update. Then after the reboot a fresh HijackThis log please.
You still need to run the tools I listed above and then you need to get Windows Security Updates. I'll need to see the logs from Win32delfkil (c:\windelf.txt) and the Adaware Scan logs after getting today's update. Then after the reboot a fresh HijackThis log please.
How are you coming along BMK637?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.