==========
HiJackThis
==========
Logfile of HijackThis v1.99.1
Scan saved at 10:46:04 PM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Netropa\OSD.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\windows\system32\okdsregk.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\system32\n9nyb.exe
C:\WINDOWS\system32\redistributor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\System Files\System.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
O2 - BHO: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\systb.dll
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\systb.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\system32\fonts\svc\msapp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [{DF-F3-30-01-ZN}] C:\windows\system32\okdsregk.exe GID002
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwinlpez.exe GID002
O4 - HKLM\..\RunOnce: [wXsX56B0n] "C:\WINDOWS\system32\iqqr.exe" -SASg
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\nwinlpez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\zigi.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\systb.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\systb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.cox.net/custsup/supporta ... gctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.cox.net/custsup/supporta ... gctlsi.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... st0401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0483416765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5752504252
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wiz ... ctiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/w ... tycoon.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
==========
Uninstall List
==========
Ad-Aware SE Personal
Adobe Acrobat 5.0
allTunes
a-squared Free 1.6.5
ATI Display Driver
Browser Mouse
Command
Conexant HCF V90 56K Data Fax PCI Modem
Dell Picture Studio - Image Expert 2000
Dell Solution Center
DellTouch
ewido anti-spyware 4.0
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB918766)
hp instant support
hp LaserJet 1010 Series
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
ImageMate CompactFlash USB (SDDR-31) Ver. 5.05
Internet Explorer Toolbar - Intelligent Explorer
InterVideo XPack (MP3 Only)
J2SE Runtime Environment 5.0 Update 7
Kaspersky On-line Scanner
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Picture It! Publishing 2001
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MSN Messenger 7.5
Muiltmedia keyboard utility 1.1
Norton WMI Update
PhoneTools
PowerDVD
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Shockwave
Spybot - Search & Destroy 1.4
Symantec Client Security
TargetSaver
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Wal-Mart Music Downloads Store
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
=========
ComboFix
=========
Start Time= Tue 08/01/2006 22:42:40.06
Running from: C:\Documents and Settings\Cap'nTripps\Desktop\MalWareRemoval
QuickScan did not find any signs of infected files
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-08-01 20:39:40 24296 ( A.... ) "C:\WINDOWS\icont.exe"
2006-08-01 11:37:04 78336 ( A.... ) "C:\WINDOWS\wnu_243.exe"
2006-08-01 09:09:30 578560 ( A.... ) "C:\Installer3.exe"
2006-08-01 09:09:22 159744 ( A.... ) "C:\WINDOWS\SYSTEM32\redist.dll"
2006-08-01 09:09:18 126464 ( A.... ) "C:\WINDOWS\SYSTEM32\redistributor.exe"
2006-08-01 09:09:06 ( .D... ) "C:\Program Files\System Icons"
2006-08-01 09:09:06 ( .D... ) "C:\Program Files\System Files"
2006-08-01 09:08:58 587016 ( A.... ) "C:\626_101newer.exe"
2006-08-01 09:08:46 ( .D... ) "C:\Program Files\Cas2Stub"
2006-08-01 09:08:44 27648 ( A.... ) "C:\dist13.exe"
2006-08-01 09:08:04 30208 ( A.... ) "C:\SS1001newer.exe"
2006-08-01 09:07:50 14848 ( A.... ) "C:\stub_113_4_0_4_0newer.exe"
2006-08-01 09:07:46 923 ( A.... ) "C:\WINDOWS\SYSTEM32\nt68rrtc12.sys"
2006-08-01 09:07:46 923 ( A.... ) "C:\WINDOWS\SYSTEM32\nt68rrtc12.sys"
2006-08-01 09:07:30 463212 ( A.... ) "C:\visfx500new.exe"
2006-08-01 09:07:10 48190 ( A.... ) "C:\RDFX4.exe"
2006-08-01 09:06:56 36864 ( A.... ) "C:\WINDOWS\system32n9nyb.exe"
2006-08-01 09:06:56 28672 ( A.... ) "C:\WINDOWS\system32bez6n4r21.exe"
2006-08-01 09:06:56 28672 ( A.... ) "C:\WINDOWS\SYSTEM32\iqqr.exe"
2006-08-01 09:06:54 45056 ( A.... ) "C:\WINDOWS\system32ghynf.exe"
2006-08-01 09:06:48 36864 ( A.... ) "C:\WINDOWS\SYSTEM32\n9nyb.exe"
2006-08-01 09:06:48 36864 ( A.... ) "C:\WINDOWS\ieunst.exe"
2006-08-01 09:06:46 28672 ( A.... ) "C:\WINDOWS\SYSTEM32\bez6n4r21.exe"
2006-08-01 09:06:42 16384 ( A.... ) "C:\WINDOWS\rgrt.exe"
2006-08-01 09:06:38 159840 ( A.... ) "C:\WINDOWS\SYSTEM32\nwinlpez.exe"
2006-08-01 09:06:36 14848 ( A.... ) "C:\WINDOWS\ts.exe"
2006-08-01 09:06:32 57344 ( A.... ) "C:\fym9bvo.exe"
2006-08-01 09:06:32 45080 ( A.... ) "C:\WINDOWS\SYSTEM32\okdsregk.exe"
2006-08-01 09:06:32 25105 ( A.... ) "C:\WINDOWS\id.exe"
2006-08-01 09:06:30 45058 ( A.... ) "C:\WINDOWS\zigi.exe"
2006-08-01 09:06:30 2 ( A.... ) "C:\WINDOWS\SYSTEM32\wcpsvit.exe"
2006-08-01 09:06:28 ( .D... ) "C:\Program Files\Common Files\?icrosoft"
2006-08-01 09:06:10 40320 ( A.... ) "C:\WINDOWS\dollar.exe"
2006-08-01 09:06:04 183872 ( A.... ) "C:\WINDOWS\yazzle.exe"
2006-08-01 09:06:00 333983 ( A.... ) "C:\WINDOWS\mynexus.exe"
2006-08-01 09:05:58 254940 ( A.... ) "C:\WINDOWS\extract.exe"
2006-08-01 08:14:30 528446 ( A.... ) "C:\WINDOWS\gmer.dll"
2006-07-31 10:22:26 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-27 13:21:32 ( .D... ) "C:\Program Files\HijackThis"
2006-07-27 11:52:22 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\?ymbols"
2006-07-27 11:43:32 ( .D... ) "C:\Program Files\a-squared"
2006-07-27 10:34:40 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\Lavasoft"
2006-07-27 10:34:18 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-27 02:13:40 0 ( A.... ) "C:\WINDOWS\win32103-214342374.exe"
2006-07-25 02:38:42 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\System Restore"
2006-07-24 21:28:50 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\SYSTEM32\tsuninst.exe"
2006-06-23 21:05:16 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\Sun"
2006-06-23 20:57:22 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\Google"
2006-06-23 20:57:20 ( .D... ) "C:\Program Files\Google"
2006-06-23 20:54:56 ( .D... ) "C:\Program Files\Java"
2006-06-23 20:52:22 ( .D... ) "C:\Program Files\Common Files\Java"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\SYSTEM32\WgaLogon.dll"
2006-06-06 20:49:18 745531 ( A...R ) "C:\WINDOWS\gmer.exe"
2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\SYSTEM32\dnsapi.dll"
2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\SYSTEM32\dhcpcsvc.dll"
2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\SYSTEM32\iphlpapi.dll"
2006-05-16 03:38:40 499712 ( A.... ) "C:\WINDOWS\SYSTEM32\msvcp71.dll"
2006-05-16 03:38:40 348160 ( A.... ) "C:\WINDOWS\SYSTEM32\msvcr71.dll"
2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\SYSTEM32\javaws.exe"
2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\SYSTEM32\javaw.exe"
2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\SYSTEM32\java.exe"
2001-07-26 17:58:46 47 ( A.... ) "C:\Program Files\ACMonitor_X73.ini"
2001-07-05 13:46:44 8116 ( A.... ) "C:\Program Files\OSLO3071b2.USB"
2001-05-11 12:39:16 53248 ( A.... ) "C:\Program Files\ACMonitor_X73.exe"
2001-05-08 17:36:42 114688 ( A.... ) "C:\Program Files\lxarscan.dll"
2001-04-23 15:22:14 1437 ( A.... ) "C:\Program Files\gtx73.ini"
2001-02-22 10:54:36 768 ( A.... ) "C:\Program Files\x73_lut.dat"
(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))
2006-08-01 20:39 24,296 C:\WINDOWS\icont.exe
2006-08-01 11:37 78,336 C:\WINDOWS\wnu_243.exe
2006-08-01 09:09 578,560 C:\Installer3.exe
2006-08-01 09:09 159,744 C:\WINDOWS\system32\redist.dll
2006-08-01 09:09 126,464 C:\WINDOWS\system32\redistributor.exe
2006-08-01 09:08 587,016 C:\626_101newer.exe
2006-08-01 09:08 30,208 C:\SS1001newer.exe
2006-08-01 09:08 27,648 C:\dist13.exe
2006-08-01 09:07 48,190 C:\RDFX4.exe
2006-08-01 09:07 463,212 C:\visfx500new.exe
2006-08-01 09:07 14,848 C:\stub_113_4_0_4_0newer.exe
2006-08-01 09:06 61,440 C:\WINDOWS\getnexus.exe
2006-08-01 09:06 57,344 C:\fym9bvo.exe
2006-08-01 09:06 45,080 C:\WINDOWS\system32\okdsregk.exe
2006-08-01 09:06 45,058 C:\WINDOWS\zigi.exe
2006-08-01 09:06 45,056 C:\WINDOWS\system32ghynf.exe
2006-08-01 09:06 40,320 C:\WINDOWS\dollar.exe
2006-08-01 09:06 36,864 C:\WINDOWS\system32n9nyb.exe
2006-08-01 09:06 36,864 C:\WINDOWS\system32\n9nyb.exe
2006-08-01 09:06 36,864 C:\WINDOWS\ieunst.exe
2006-08-01 09:06 28,672 C:\WINDOWS\system32bez6n4r21.exe
2006-08-01 09:06 28,672 C:\WINDOWS\system32\iqqr.exe
2006-08-01 09:06 28,672 C:\WINDOWS\system32\bez6n4r21.exe
2006-08-01 09:06 25,105 C:\WINDOWS\id.exe
2006-08-01 09:06 2 C:\WINDOWS\system32\wcpsvit.exe
2006-08-01 09:06 183,872 C:\WINDOWS\yazzle.exe
2006-08-01 09:06 16,384 C:\WINDOWS\rgrt.exe
2006-08-01 09:06 159,840 C:\WINDOWS\system32\nwinlpez.exe
2006-08-01 09:06 14,848 C:\WINDOWS\ts.exe
2006-08-01 09:05 86,016 C:\WINDOWS\wdskctl.exe
2006-08-01 09:05 69,632 C:\WINDOWS\wupdt.exe
2006-08-01 09:05 401,408 C:\WINDOWS\systb.dll
2006-08-01 09:05 333,983 C:\WINDOWS\mynexus.exe
2006-08-01 09:05 254,940 C:\WINDOWS\extract.exe
2006-08-01 09:00 267,468,800 C:\hiberfil.sys
2006-08-01 08:14 745,531 C:\WINDOWS\gmer.exe
2006-08-01 08:14 528,446 C:\WINDOWS\gmer.dll
2006-07-31 08:44 221,184 C:\WINDOWS\system32\wmpns.dll
2006-07-28 07:45 923 C:\WINDOWS\system32\nt68rrtc12.sys
2006-07-27 14:19 127,578 C:\WINDOWS\system32\tsuninst.exe
2006-07-27 02:13 0 C:\WINDOWS\win32103-214342374.exe
2006-06-23 20:56 53,346 C:\WINDOWS\system32\javaw.exe
2006-06-23 20:56 49,248 C:\WINDOWS\system32\java.exe
2006-06-23 20:56 127,078 C:\WINDOWS\system32\javaws.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\Wkfud.exe"
"DellTouch"="C:\\WINDOWS\\DELLMMKB.EXE"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"SandIcon"="C:\\ImageMate CompactFlash USB\\SandIcon.Exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser Mouse\\mouse32a.exe"
"Windows System Tray"="C:\\WINDOWS\\system32\\fonts\\svc\\msapp.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"QuickTime Task"="C:\\WINDOWS\\System32\\qttask.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~2\\VPTray.exe"
@=""
"StatusClient"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Apache Tomcat 4.0\\webapps\\Toolbox\\StatusClient\\StatusClient.exe /auto"
"TomcatStartup"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\hpbpsttp.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"Win Server Updt"="C:\\WINDOWS\\wupdt.exe"
"{DF-F3-30-01-ZN}"="C:\\windows\\system32\\okdsregk.exe GID002"
"wdskctl"="C:\\WINDOWS\\wdskctl.exe"
"BrowserUpdateSched"="C:\\WINDOWS\\system32\\nwinlpez.exe GID002"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"CAS2"="\"C:\\Program Files\\System Files\\System.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"wXsX56B0n"="\"C:\\WINDOWS\\system32\\iqqr.exe\" -SASg"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Outlook Express\\kybeqiki.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Online Services\\hoxy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="C:\\Program Files\\WindowsUpdate\\kybeqiki.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ec,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="C:\\Program Files\\Internet Explorer\\hoxy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ee,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,44,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Files and Settings Transfer Wizard.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1068310400.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\ISP signup reminder 3.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: Tue 08/01/2006 22:43:20.95
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt
ComboFix.2006-08-01.220828.txt
ComboFix.2006-08-01.224239.txt