Shaba,
Thanks. I've completed the following:
There was nothing of the sort in Add/Remove Programs - so I used the uninstall link you provided.
I downloaded and ran combofix. It completed successfully.
The ComboFix and HijackThis logs follow:
===================================
Logfile of HijackThis v1.99.1
Scan saved at 8:19:41 AM, on 7/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\bdpn.exe
C:\windows\system32\okdsregk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\okko\okkom.exe
C:\PROGRA~1\COMMON~1\okko\okkoa.exe
C:\WINDOWS\system32\nwinlpez.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.rr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.ieplugin.com/q.cgi?q=%s
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0FB9DEB0-8672-CC05-4E02-9ED3D98A323C} - C:\WINDOWS\cahkokbuf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\systb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D8DFCF6F-0078-4392-865C-A5567A6DA798} - C:\Program Files\MSN\hose.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {FBB4DFB8-BC85-4447-B0AC-AEC58B7BB2D0} - C:\Program Files\MSN\hose.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\systb.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\system32\fonts\svc\msapp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\system32\bdpn.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [{DF-F3-30-01-ZN}] C:\windows\system32\okdsregk.exe GID002
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe
O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe
O4 - HKCU\..\Run: [okko] C:\PROGRA~1\COMMON~1\okko\okkom.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\nwinlpez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\zigi.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search -
res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages -
res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\systb.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\systb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) -
http://support.cox.net/custsup/supporta ... gctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) -
http://support.cox.net/custsup/supporta ... gctlsi.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.c ... st0401.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/0305fd35f4b ... xIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 0483416765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 5752504252
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -
http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} -
http://69.56.176.75/webplugin.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) -
https://fastconnectkitsetup.cox.net/wiz ... ctiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -
http://download.games.yahoo.com/games/w ... tycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\system32\v199.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
===================================
Start Time= Fri 07/28/2006 7:57:04.01
Running from: C:\Documents and Settings\Cap'nTripps\Desktop
((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))
8:04:38.31
Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst
* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *
C:\WINDOWS\system32\gckhwr.exe
C:\WINDOWS\system32\wmblv.exe
C:\WINDOWS\SYSTEM32\ihiphxr.exe
* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
2006-07-24 21:11:58 127,488 "C:\WINDOWS\SYSTEM32\gckhwr.exe"
2006-05-03 02:56:58 127,078 "C:\WINDOWS\SYSTEM32\javaws.exe"
2006-05-03 01:19:40 53,346 "C:\WINDOWS\SYSTEM32\javaw.exe"
2006-07-25 02:39:16 38,412 "C:\WINDOWS\SYSTEM32\ssqbn.exe"
2006-07-25 02:39:02 48,193 "C:\WINDOWS\SYSTEM32\VSL13.exe"
2006-07-24 21:12:00 28,672 "C:\WINDOWS\SYSTEM32\wmblv.exe"
2006-05-19 07:59:42 148,480 "C:\WINDOWS\SYSTEM32\dnsapi.dll"
2006-05-10 00:25:22 55,808 "C:\WINDOWS\SYSTEM32\extmgr.dll"
2006-05-10 00:25:22 96,256 "C:\WINDOWS\SYSTEM32\inseng.dll"
2006-05-19 10:06:04 3,055,104 "C:\WINDOWS\SYSTEM32\mshtml.dll"
2006-05-10 00:25:22 532,480 "C:\WINDOWS\SYSTEM32\mstime.dll"
2006-05-10 00:25:22 615,424 "C:\WINDOWS\SYSTEM32\urlmon.dll"
2006-07-24 21:12:00 23,552 "C:\WINDOWS\SYSTEM32\ihiphxr.exe"
2006-06-19 16:19:26 304,944 "C:\WINDOWS\SYSTEM32\WgaTray.exe"
2006-05-10 00:25:20 151,040 "C:\WINDOWS\SYSTEM32\cdfview.dll"
2006-05-10 00:25:22 357,888 "C:\WINDOWS\SYSTEM32\dxtmsft.dll"
2006-05-10 00:25:22 205,312 "C:\WINDOWS\SYSTEM32\dxtrans.dll"
2006-05-10 00:25:22 251,904 "C:\WINDOWS\SYSTEM32\iepeers.dll"
2006-06-01 13:47:08 163,840 "C:\WINDOWS\SYSTEM32\jgdw400.dll"
2006-06-01 13:47:08 27,648 "C:\WINDOWS\SYSTEM32\jgpl400.dll"
2006-05-18 00:24:26 450,560 "C:\WINDOWS\SYSTEM32\jscript.dll"
2006-05-10 00:25:22 15,872 "C:\WINDOWS\SYSTEM32\jsproxy.dll"
2006-07-24 21:12:00 51,712 "C:\WINDOWS\SYSTEM32\mjjinbd.dll"
2006-05-10 00:25:22 39,424 "C:\WINDOWS\SYSTEM32\pngfilt.dll"
2006-05-14 03:44:08 181,248 "C:\WINDOWS\SYSTEM32\rasmans.dll"
2006-05-29 10:32:10 1,496,576 "C:\WINDOWS\SYSTEM32\shdocvw.dll"
2006-05-10 00:25:22 474,112 "C:\WINDOWS\SYSTEM32\shlwapi.dll"
2006-05-10 00:25:22 663,552 "C:\WINDOWS\SYSTEM32\wininet.dll"
2006-05-10 00:25:20 1,054,208 "C:\WINDOWS\SYSTEM32\danim.dll"
2006-07-27 13:10:32 127,488 "C:\WINDOWS\SYSTEM32\mayli.dat"
2006-07-28 07:54:04 421 "C:\WINDOWS\fxqon.dll"
2006-07-24 21:11:52 53 "C:\WINDOWS\bvlvlp.dat"
2006-07-24 21:11:58 127,488 "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ykvid.exe"
* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *
07/27/2006 01:10 PM 127,488 mayli.dat.vir
07/24/2006 09:11 PM 127,488 gckhwr.exe.vir
07/24/2006 09:11 PM 127,488 ykvid.exe.vir
07/24/2006 09:11 PM 51,712 mjjinbd.dll.vir
07/24/2006 09:11 PM 28,672 wmblv.exe.vir
07/24/2006 09:11 PM 23,552 ihiphxr.exe.vir
07/24/2006 09:11 PM 53 bvlvlp.dat.vir
DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO
* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
2006-06-19 16:19:26 304,944 "C:\WINDOWS\SYSTEM32\WgaTray.exe"
2006-05-03 02:56:58 127,078 "C:\WINDOWS\SYSTEM32\javaws.exe"
2006-05-03 01:19:40 53,346 "C:\WINDOWS\SYSTEM32\javaw.exe"
2006-07-25 02:39:16 38,412 "C:\WINDOWS\SYSTEM32\ssqbn.exe"
2006-07-25 02:39:02 48,193 "C:\WINDOWS\SYSTEM32\VSL13.exe"
2006-05-10 00:25:20 151,040 "C:\WINDOWS\SYSTEM32\cdfview.dll"
2006-05-10 00:25:22 357,888 "C:\WINDOWS\SYSTEM32\dxtmsft.dll"
2006-05-10 00:25:22 205,312 "C:\WINDOWS\SYSTEM32\dxtrans.dll"
2006-05-10 00:25:22 251,904 "C:\WINDOWS\SYSTEM32\iepeers.dll"
2006-06-01 13:47:08 163,840 "C:\WINDOWS\SYSTEM32\jgdw400.dll"
2006-06-01 13:47:08 27,648 "C:\WINDOWS\SYSTEM32\jgpl400.dll"
2006-05-18 00:24:26 450,560 "C:\WINDOWS\SYSTEM32\jscript.dll"
2006-05-10 00:25:22 15,872 "C:\WINDOWS\SYSTEM32\jsproxy.dll"
2006-05-10 00:25:22 39,424 "C:\WINDOWS\SYSTEM32\pngfilt.dll"
2006-05-14 03:44:08 181,248 "C:\WINDOWS\SYSTEM32\rasmans.dll"
2006-05-29 10:32:10 1,496,576 "C:\WINDOWS\SYSTEM32\shdocvw.dll"
2006-05-10 00:25:22 474,112 "C:\WINDOWS\SYSTEM32\shlwapi.dll"
2006-05-10 00:25:22 663,552 "C:\WINDOWS\SYSTEM32\wininet.dll"
2006-05-19 07:59:42 148,480 "C:\WINDOWS\SYSTEM32\dnsapi.dll"
2006-05-10 00:25:22 55,808 "C:\WINDOWS\SYSTEM32\extmgr.dll"
2006-05-10 00:25:22 96,256 "C:\WINDOWS\SYSTEM32\inseng.dll"
2006-05-19 10:06:04 3,055,104 "C:\WINDOWS\SYSTEM32\mshtml.dll"
2006-05-10 00:25:22 532,480 "C:\WINDOWS\SYSTEM32\mstime.dll"
2006-05-10 00:25:22 615,424 "C:\WINDOWS\SYSTEM32\urlmon.dll"
2006-05-10 00:25:20 1,054,208 "C:\WINDOWS\SYSTEM32\danim.dll"
2006-07-28 07:54:04 421 "C:\WINDOWS\fxqon.dll"
(((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Bryce\Application Data\Sskcwrd.dll
C:\Documents and Settings\Bryce\Application Data\Sskknwrd.dll
C:\Documents and Settings\Bryce\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Bryce\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Ssk.log
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
8:12:04.25
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\drsmartload1.exe
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\D37R1P8U\drsmartload[1].exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\SYSTEM32\atmtd.dll.tmp
C:\Program Files\network monitor
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\WINDOWS\RG9yb3RoeSBNdW55YW4
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-07-28 07:54:04 421 ( A.... ) "C:\WINDOWS\fxqon.dll"
2006-07-28 07:51:36 45077 ( A.... ) "C:\WINDOWS\SYSTEM32\okdsregk.exe"
2006-07-28 07:45:54 923 ( A.... ) "C:\WINDOWS\SYSTEM32\nt68rrtc12.sys"
2006-07-28 07:45:54 923 ( A.... ) "C:\WINDOWS\SYSTEM32\nt68rrtc12.sys"
2006-07-28 07:42:40 159885 ( A.... ) "C:\WINDOWS\SYSTEM32\nwinlpez.exe"
2006-07-27 14:19:54 36864 ( A.... ) "C:\WINDOWS\ieunst.exe"
2006-07-27 14:19:50 16384 ( A.... ) "C:\WINDOWS\rgrt.exe"
2006-07-27 14:19:42 14848 ( A.... ) "C:\WINDOWS\ts.exe"
2006-07-27 14:19:36 25105 ( A.... ) "C:\WINDOWS\id.exe"
2006-07-27 14:19:30 46202 ( A.... ) "C:\fym9bvo.exe"
2006-07-27 14:19:30 45058 ( A.... ) "C:\WINDOWS\zigi.exe"
2006-07-27 14:19:12 40320 ( A.... ) "C:\WINDOWS\dollar.exe"
2006-07-27 14:19:12 32206 ( ..SH. ) "C:\Program Files\Common Files\Y1268OU.exe"
2006-07-27 14:18:52 183872 ( A.... ) "C:\WINDOWS\yazzle.exe"
2006-07-27 14:18:48 333983 ( A.... ) "C:\WINDOWS\mynexus.exe"
2006-07-27 14:18:42 254940 ( A.... ) "C:\WINDOWS\extract.exe"
2006-07-27 13:21:32 ( .D... ) "C:\Program Files\HijackThis"
2006-07-27 11:52:50 ( .D... ) "C:\Program Files\Common Files\okko"
2006-07-27 11:52:22 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\?ymbols"
2006-07-27 11:43:32 ( .D... ) "C:\Program Files\a-squared"
2006-07-27 10:34:40 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\Lavasoft"
2006-07-27 10:34:18 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-27 02:13:40 0 ( A.... ) "C:\WINDOWS\win32103-214342374.exe"
2006-07-25 02:39:16 38412 ( A.... ) "C:\WINDOWS\SYSTEM32\ssqbn.exe"
2006-07-25 02:39:02 48193 ( A.... ) "C:\WINDOWS\SYSTEM32\VSL13.exe"
2006-07-25 02:38:42 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\System Restore"
2006-07-24 21:28:50 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-24 21:12:46 143360 ( A.... ) "C:\WINDOWS\sys012143423743-2006.exe"
2006-07-24 21:12:30 183887 ( A.... ) "C:\WINDOWS\YazzleBundle-1304.exe"
2006-07-24 21:12:16 234248 ( A.... ) "C:\WINDOWS\Tagasuarus2.exe"
2006-07-24 21:12:14 28672 ( A.... ) "C:\WINDOWS\SYSTEM32\hvzead7v.exe"
2006-07-24 21:12:12 208896 ( A.... ) "C:\WINDOWS\SYSTEM32\v199.dll"
2006-07-24 21:12:10 45056 ( A.... ) "C:\WINDOWS\system32tfthot.exe"
2006-07-24 21:11:58 45056 ( A.... ) "C:\WINDOWS\zuckdha.exe"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\SYSTEM32\tsuninst.exe"
2006-07-03 10:53:22 1142784 ( A.... ) "C:\WINDOWS\SYSTEM32\bdpn.exe"
2006-06-23 21:05:16 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\Sun"
2006-06-23 20:57:22 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\Google"
2006-06-23 20:57:20 ( .D... ) "C:\Program Files\Google"
2006-06-23 20:54:56 ( .D... ) "C:\Program Files\Java"
2006-06-23 20:52:22 ( .D... ) "C:\Program Files\Common Files\Java"
2006-06-23 10:22:08 9216 ( A.... ) "C:\WINDOWS\cahkokbuf.dll"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\SYSTEM32\WgaLogon.dll"
2006-05-31 12:01:28 155648 ( ..SH. ) "C:\Program Files\Common Files\Y1268OA.exe"
2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\SYSTEM32\dnsapi.dll"
2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\SYSTEM32\dhcpcsvc.dll"
2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\SYSTEM32\iphlpapi.dll"
2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\SYSTEM32\javaws.exe"
2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\SYSTEM32\javaw.exe"
2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\SYSTEM32\java.exe"
2001-07-26 17:58:46 47 ( A.... ) "C:\Program Files\ACMonitor_X73.ini"
2001-07-05 13:46:44 8116 ( A.... ) "C:\Program Files\OSLO3071b2.USB"
2001-05-11 12:39:16 53248 ( A.... ) "C:\Program Files\ACMonitor_X73.exe"
2001-05-08 17:36:42 114688 ( A.... ) "C:\Program Files\lxarscan.dll"
2001-04-23 15:22:14 1437 ( A.... ) "C:\Program Files\gtx73.ini"
2001-02-22 10:54:36 768 ( A.... ) "C:\Program Files\x73_lut.dat"
(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))
2006-07-28 07:51 45,077 C:\WINDOWS\system32\okdsregk.exe
2006-07-28 07:45 923 C:\WINDOWS\system32\nt68rrtc12.sys
2006-07-28 07:42 159,885 C:\WINDOWS\system32\nwinlpez.exe
2006-07-27 14:19 46,202 C:\fym9bvo.exe
2006-07-27 14:19 45,058 C:\WINDOWS\zigi.exe
2006-07-27 14:19 40,320 C:\WINDOWS\dollar.exe
2006-07-27 14:19 36,864 C:\WINDOWS\ieunst.exe
2006-07-27 14:19 25,105 C:\WINDOWS\id.exe
2006-07-27 14:19 16,384 C:\WINDOWS\rgrt.exe
2006-07-27 14:19 14,848 C:\WINDOWS\ts.exe
2006-07-27 14:19 127,578 C:\WINDOWS\system32\tsuninst.exe
2006-07-27 14:18 69,632 C:\WINDOWS\wupdt.exe
2006-07-27 14:18 61,440 C:\WINDOWS\getnexus.exe
2006-07-27 14:18 401,408 C:\WINDOWS\systb.dll
2006-07-27 14:18 333,983 C:\WINDOWS\mynexus.exe
2006-07-27 14:18 290,816 C:\WINDOWS\webnexus.exe
2006-07-27 14:18 254,940 C:\WINDOWS\extract.exe
2006-07-27 14:18 183,872 C:\WINDOWS\yazzle.exe
2006-07-27 02:13 0 C:\WINDOWS\win32103-214342374.exe
2006-07-27 01:54 267,468,800 C:\hiberfil.sys
2006-07-25 02:39 48,193 C:\WINDOWS\system32\VSL13.exe
2006-07-25 02:39 38,412 C:\WINDOWS\system32\ssqbn.exe
2006-07-24 21:12 45,056 C:\WINDOWS\system32tfthot.exe
2006-07-24 21:12 28,672 C:\WINDOWS\system32\hvzead7v.exe
2006-07-24 21:12 234,248 C:\WINDOWS\Tagasuarus2.exe
2006-07-24 21:12 208,896 C:\WINDOWS\system32\v199.dll
2006-07-24 21:12 183,887 C:\WINDOWS\YazzleBundle-1304.exe
2006-07-24 21:12 143,360 C:\WINDOWS\sys012143423743-2006.exe
2006-07-24 21:12 1,142,784 C:\WINDOWS\system32\bdpn.exe
2006-07-24 21:11 45,056 C:\WINDOWS\zuckdha.exe
2006-07-24 21:11 421 C:\WINDOWS\fxqon.dll
2006-06-23 20:56 53,346 C:\WINDOWS\system32\javaw.exe
2006-06-23 20:56 49,248 C:\WINDOWS\system32\java.exe
2006-06-23 20:56 127,078 C:\WINDOWS\system32\javaws.exe
2006-06-23 10:22 9,216 C:\WINDOWS\cahkokbuf.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\Wkfud.exe"
"DellTouch"="C:\\WINDOWS\\DELLMMKB.EXE"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"SandIcon"="C:\\ImageMate CompactFlash USB\\SandIcon.Exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser Mouse\\mouse32a.exe"
"Windows System Tray"="C:\\WINDOWS\\system32\\fonts\\svc\\msapp.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"QuickTime Task"="C:\\WINDOWS\\System32\\qttask.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~2\\VPTray.exe"
@=""
"StatusClient"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Apache Tomcat 4.0\\webapps\\Toolbox\\StatusClient\\StatusClient.exe /auto"
"TomcatStartup"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\hpbpsttp.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"pop06apelt"="C:\\WINDOWS\\thiselt.exe"
"kSPYv"="\"C:\\WINDOWS\\system32\\bdpn.exe\""
"TheMonitor"="C:\\WINDOWS\\CCZoop05.exe"
"ftexc"="C:\\WINDOWS\\system32\\mptft.exe"
"Win Server Updt"="C:\\WINDOWS\\wupdt.exe"
"{DF-F3-30-01-ZN}"="c:\\windows\\system32\\okdsregk.exe GID002"
"wdskctl"="C:\\WINDOWS\\wdskctl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"wallp2.exe"="C:\\WINDOWS\\system32\\wallp2.exe"
"VSL13.exe"="C:\\WINDOWS\\system32\\VSL13.exe"
"ssqbn.exe"="C:\\WINDOWS\\system32\\ssqbn.exe"
"okko"="C:\\PROGRA~1\\COMMON~1\\okko\\okkom.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Outlook Express\\kybeqiki.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Online Services\\hoxy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="C:\\Program Files\\WindowsUpdate\\kybeqiki.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ec,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="C:\\Program Files\\Internet Explorer\\hoxy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ee,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,44,03,00,00,f0,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Files and Settings Transfer Wizard.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1068310400.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\ISP signup reminder 3.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: Fri 07/28/2006 8:12:20.50
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt
===================================