I just can't thank you enough for your help with this. I have said a prayer for you and your family. Karen
Here is the new FindIt log
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.
------- System Files in System Directory -------
Volume in drive C is HP_PAVILION
Volume Serial Number is 0D6D-0AD5
Directory of C:\WINDOWS\SYSTEM
ADICAP DLL 227,104 03-17-05 9:57p ADICAP.DLL
SYNDMAIL DLL 227,104 03-17-05 9:57p SYNDMAIL.DLL
MTNP32 DLL 227,104 03-17-05 9:57p MTNP32.DLL
CFYPTUI DLL 227,104 03-17-05 9:57p CFYPTUI.DLL
HIFREADR DLL 227,104 03-17-05 9:57p HIFREADR.DLL
IX1XDD DLL 227,104 03-17-05 9:57p iX1xdd.dll
INSCLASS DLL 227,104 03-17-05 9:57p INSCLASS.DLL
MTXMLR DLL 227,104 03-17-05 9:57p MTXMLR.DLL
DZDREF8 DLL 227,104 03-17-05 9:57p dZdref8.dll
HJFECP20 DLL 227,104 03-17-05 9:57p HJFecp20.dll
PEC_SDK DLL 227,104 03-17-05 9:57p PEC_SDK.dll
DRIMG401 DLL 227,104 03-17-05 9:57p drimg401.dll
RVCRTP DLL 227,104 03-17-05 9:57p RVCRTP.dll
MVVCR71 DLL 227,104 03-17-05 9:57p mvvcr71.dll
XVILEXR DLL 227,104 03-17-05 9:57p XVILEXR.DLL
MEIOSD16 DLL 227,104 03-09-05 12:13a MEIOSD16.DLL
MYPRINT DLL 227,104 03-09-05 12:13a MYPRINT.DLL
PVTORERC DLL 227,104 03-09-05 12:13a PVTORERC.DLL
18 file(s) 4,087,872 bytes
0 dir(s) 3,406.52 MB free
------- Hidden Files in System Directory -------
Volume in drive C is HP_PAVILION
Volume Serial Number is 0D6D-0AD5
Directory of C:\WINDOWS\SYSTEM
TCAUDIAG GID 8,628 03-12-05 7:28p TCAUDIAG.GID
RATINGS POL 16,384 01-14-05 5:21p RATINGS.POL
HPF61D20 GID 8,628 03-04-04 5:46p HPF61d20.GID
HPF61H20 GID 8,628 11-20-02 3:37p HPF61h20.GID
HPF61T20 GID 8,628 06-18-02 10:47p HPF61t20.GID
HPF61R20 GID 8,628 03-06-00 11:19p HPF61r20.GID
FOLDER HTT 13,122 11-09-99 1:13p folder.htt
DESKTOP INI 266 11-09-99 1:13p desktop.ini
8 file(s) 72,912 bytes
0 dir(s) 3,406.52 MB free
---------------- User Agent ------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{9D15D0F3-96A8-4118-02DA-0AE0360FC0B8}"=""
------------------ Locate.com Results ------------------
C:\WINDOWS\SYSTEM\
adicap.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
syndmail.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
meiosd16.dll Wed Mar 9 2005 12:13:42a ..S.R 227,104 221.78 K
ratings.pol Fri Jan 14 2005 5:21:30p ...HR 16,384 16.00 K
mtnp32.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
cfyptui.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
hifreadr.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
ix1xdd.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
myprint.dll Wed Mar 9 2005 12:13:42a ..S.R 227,104 221.78 K
pvtorerc.dll Wed Mar 9 2005 12:13:42a ..S.R 227,104 221.78 K
insclass.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
tcaudiag.gid Sat Mar 12 2005 7:28:38p A..H. 8,628 8.43 K
mtxmlr.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
dzdref8.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
hjfecp20.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
pec_sdk.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
drimg401.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
rvcrtp.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
mvvcr71.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
xvilexr.dll Thu Mar 17 2005 9:57:06p ..S.R 227,104 221.78 K
20 items found: 20 files, 0 directories.
Total of file sizes: 4,112,884 bytes 3.92 M
------------ Strings.exe Qoologic Results ------------
C:\WINDOWS\VPTNFILE.518: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.518: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.518: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.518: TROJ_QOOLOGIC.A
C:\WINDOWS\LPT$VPN.518: TROJ_QOOLOGIC.G
C:\WINDOWS\LPT$VPN.518: TROJ_QOOLOGIC.C
C:\WINDOWS\LPT$VPN.518: TROJ_QOOLOGIC.B
C:\WINDOWS\LPT$VPN.518: TROJ_QOOLOGIC.A
C:\WINDOWS\aaeaec.dll: excl_urls=photobucket.com,c1.zedo.com,media.deskwizz.com,stats.eblocs.com,passportimages.com,banners.searchingbooth.com,ads234.com,click2.containsitall.com,media.fastclick.net,sandboxer.com,a.websponsors.com,ads.clickagents.com,trk.bestmagsdirect.com,toprebates.com,ad.doubleclick.net,as.casalemedia.com,m3.doubleclick.net,dw.dailywinner.net,img2.mailpostdirect.com,bv.channel.aol.com,adlog2.lzio.com,host239.ipowerweb.com,popups.ad-logics.com,clickserve.cc-dt.com,hits.clickandtrack.net,ads.mydailyhoroscope.net,c5.zedo.com,affiliates.4lowrates.com,couponage.com,ekmas.com,creativeby.viewpoint.com,mydailyhoroscope.net,images.trafficmp.com,actualdeals.com,download.websearch.com,aim-charts.pf.aol.com,aol.com,target.com,yahoo.com,microsoft.com,anrdoezrs.net,isg05.casalemedia.com,jbigpops.cjt1.net,whenusearch.com,trk.pcsecurityshield.com,license.hotbar.com,web.icq.com,sc.musicmatch.com,comcast.net,filter.belkin.com,clickit.go2net.com,adverts.lzio.com,windowsupdate.microsoft.com,v4.windowsupdate.microsoft.com,odysseusmarketing.com,join1.winhundred.com,advert.runescape.com,top-banners.com,sr.websearch.com,messenger.msn.com,download.abetterinternet.com,adserv.internetfuel.com,pops.browseraid.com,banners.pennyweb.com,tv.180solutions.com,s.clkoptimizer.com,adserv1.gruvmedia.com,cdn.icq.com,messenger.zango.com,smileycentral.com,wwp.icq.com,web.tickle.com,isapi60.weatherbug.com,websearch.com,hop.clickbank.net,media76.fastclick.net,mmm.media-motor.net,rightmedia.net,bannerserver.gator.com,www4.yesadvertising.com,ww2.weatherbug.com,servedby.advertising.com,adsrv.qoologic.com,games.yahoo.com,weatherbug.com,jicmedia.cjt1.net,ad.trafficmp.com,updates.qoologic.com,ads1.revenue.net,ar.atwola.com,ads.addynamix.com,wisapidata.weatherbug.com,popuppers.com,as.adwave.com,look2me.com,jbns2.cydoor.com,bannerfarm.ace.advertising.com,delfinproject.com,view.atdmt.com,mm.delfinproject.com,download.smileycentral.com,xadso.offeroptimizer.com,webpdp.gator.com,ayb.lop.com,stopzilla.com,pgq.yahoo.com,jmnad1.com,topicks.com,e.rn11.com,focusin.ads.targetnet.com,insider.msg.yahoo.com,m2.doubleclick.net,mail.yahoo.com,jcontent.bns1.net,ctl.twain-tech.com,master.mx-targeting.com,hotmail.com,searcheffect.com,ads.delfinproject.com,cfg.mywebsearch.com,akapp.whenu.com,newupdates.lzio.com,allaboutsearching.com,amch.questionmarket.com,adfarm.mediaplex.com,hotmail.msn.com,by.optimost.com,cdn-cf.aol.com,paypopup.com,popuptraffic.com,xadsq.offeroptimizer.com,jnictech.cjt1.net,xanga.com,count.exitexchange.com,servedby.adscpm.com,search200.com,cdn-aimtoday.aol.com,kill-pop-ups.com,us.update.companion.yahoo.com,qksrv.net,clickspring.net,xlime.offeroptimizer.com,sr.adwave.com,zone.msn.com,radio.launch.yahoo.com,ads.bidclix.com,counters.honesty.com,oz.valueclick.com,i.emarketresearchgroup.com,ads2.revenue.net,popup.msn.com,adsv2.delfinproject.com,u.clkoptimizer.com,ezula.com,server.iad.liveperson.net,loadingwebsite.com,pan-advert.com,t.trafficmp.com,clicktrk.com,aaabesthomepage.com,ads.exitexchange.com,us.a1.yimg.com,trafficmp.com,yimg.com,a.as-us.falkag.net,a1.yimg.com,z1.adserver.com,falkag.net,as-us.falkag.net,loginnet.passport.com,ads.inet1.com,pagead2.googlesyndication.com,login.passport.net,v8.alwaysupdatednews.com,adv.eblocs.com,alwaysupdatednews.com,fxfeeds.mozilla.org,cdn.aim.com,ar.atwola.com,c4.maxserving.com,maxserving.com,mediaplex.com,altfarm.mediaplex.com,topmoxie.com,global.msads.net,msads.net,banner.goldenpalace.com,goldenpalace.com,us.i1.yimg.com,cdn.comcast.net,us.yimg.com,us.js1.yimg.com,js1.yimg.com,switch.atdmt.com,atdmt.com,update32.searchmiracle.com,onemoresearch.net,
C:\WINDOWS\installer.exe: e:\Projects\Qoologic\PopupClient\Installer\Release\Installer.pdb
C:\WINDOWS\installer.exe: e:\Projects\Qoologic\PopupClient\FancyUninstall\Release\FancyUninstall.pdb
C:\WINDOWS\unadbeh.exe: e:\Projects\Qoologic\PopupClient\FancyUninstall\Release\FancyUninstall.pdb
C:\WINDOWS\aahah.dll: excl_urls=heavy.com,onemoresearch.net,update32.searchmiracle.com,atdmt.com,switch.atdmt.com,js1.yimg.com,us.js1.yimg.com,us.yimg.com,cdn.comcast.net,us.i1.yimg.com,goldenpalace.com,banner.goldenpalace.com,msads.net,global.msads.net,topmoxie.com,altfarm.mediaplex.com,mediaplex.com,maxserving.com,c4.maxserving.com,ar.atwola.com,alwaysupdatednews.com,fxfeeds.mozilla.org,cdn.aim.com,adv.eblocs.com,weatherbug.com,jicmedia.cjt1.net,ad.trafficmp.com,updates.qoologic.com,ads1.revenue.net,ar.atwola.com,ads.addynamix.com,v8.alwaysupdatednews.com,login.passport.net,pagead2.googlesyndication.com,ads.inet1.com,loginnet.passport.com,as-us.falkag.net,falkag.net,z1.adserver.com,a1.yimg.com,a.as-us.falkag.net,yimg.com,trafficmp.com,us.a1.yimg.com,ads.exitexchange.com,aaabesthomepage.com,pan-advert.com,clicktrk.com,t.trafficmp.com,loadingwebsite.com,ezula.com,server.iad.liveperson.net,u.clkoptimizer.com,adsv2.delfinproject.com,popup.msn.com,ads2.revenue.net,i.emarketresearchgroup.com,oz.valueclick.com,counters.honesty.com,ads.bidclix.com,radio.launch.yahoo.com,zone.msn.com,sr.adwave.com,xlime.offeroptimizer.com,clickspring.net,kill-pop-ups.com,us.update.companion.yahoo.com,qksrv.net,cdn-aimtoday.aol.com,search200.com,servedby.adscpm.com,count.exitexchange.com,xanga.com,jnictech.cjt1.net,xadsq.offeroptimizer.com,popuptraffic.com,paypopup.com,cdn-cf.aol.com,by.optimost.com,hotmail.msn.com,adfarm.mediaplex.com,amch.questionmarket.com,allaboutsearching.com,newupdates.lzio.com,akapp.whenu.com,cfg.mywebsearch.com,ads.delfinproject.com,searcheffect.com,hotmail.com,master.mx-targeting.com,ctl.twain-tech.com,jcontent.bns1.net,mail.yahoo.com,m2.doubleclick.net,insider.msg.yahoo.com,topicks.com,e.rn11.com,focusin.ads.targetnet.com,jmnad1.com,pgq.yahoo.com,stopzilla.com,ayb.lop.com,xadso.offeroptimizer.com,webpdp.gator.com,download.smileycentral.com,mm.delfinproject.com,view.atdmt.com,delfinproject.com,bannerfarm.ace.advertising.com,jbns2.cydoor.com,look2me.com,as.adwave.com,popuppers.com,wisapidata.weatherbug.com,games.yahoo.com,adsrv.qoologic.com,servedby.advertising.com,ww2.weatherbug.com,www4.yesadvertising.com,bannerserver.gator.com,rightmedia.net,websearch.com,hop.clickbank.net,media76.fastclick.net,mmm.media-motor.net,isapi60.weatherbug.com,web.tickle.com,wwp.icq.com,smileycentral.com,messenger.zango.com,adserv1.gruvmedia.com,cdn.icq.com,banners.pennyweb.com,s.clkoptimizer.com,tv.180solutions.com,pops.browseraid.com,adserv.internetfuel.com,download.abetterinternet.com,messenger.msn.com,sr.websearch.com,top-banners.com,advert.runescape.com,join1.winhundred.com,odysseusmarketing.com,v4.windowsupdate.microsoft.com,windowsupdate.microsoft.com,adverts.lzio.com,comcast.net,filter.belkin.com,clickit.go2net.com,sc.musicmatch.com,license.hotbar.com,web.icq.com,trk.pcsecurityshield.com,whenusearch.com,jbigpops.cjt1.net,isg05.casalemedia.com,anrdoezrs.net,aim-charts.pf.aol.com,microsoft.com,target.com,yahoo.com,aol.com,download.websearch.com,actualdeals.com,images.trafficmp.com,mydailyhoroscope.net,ekmas.com,affiliates.4lowrates.com,creativeby.viewpoint.com,couponage.com,c5.zedo.com,hits.clickandtrack.net,ads.mydailyhoroscope.net,clickserve.cc-dt.com,popups.ad-logics.com,host239.ipowerweb.com,adlog2.lzio.com,bv.channel.aol.com,img2.mailpostdirect.com,dw.dailywinner.net,m3.doubleclick.net,ad.doubleclick.net,as.casalemedia.com,toprebates.com,trk.bestmagsdirect.com,ads.clickagents.com,sandboxer.com,a.websponsors.com,click2.containsitall.com,media.fastclick.net,ads234.com,banners.searchingbooth.com,passportimages.com,stats.eblocs.com,media.deskwizz.com,c1.zedo.com,photobucket.com
C:\WINDOWS\SYSTEM\pav.sig: Qoologic
C:\WINDOWS\SYSTEM\pav.sig: Qoologic
-------------- Strings.exe Aspack Results -------------
C:\WINDOWS\VSAPI32.DLL: ASPACK EXE
C:\WINDOWS\VSAPI32.DLL: ASPACK2 EXE
C:\WINDOWS\VSAPI32.DLL: ASPack 1.08.04
C:\WINDOWS\VSAPI32.DLL: ASPack 1.08.03
C:\WINDOWS\VSAPI32.DLL: ASPack 1.08.02b
C:\WINDOWS\VSAPI32.DLL: ASPack 1.08.01
C:\WINDOWS\VSAPI32.DLL: ASPack 1.08
C:\WINDOWS\VSAPI32.DLL: ASPack 1.07b
C:\WINDOWS\VSAPI32.DLL: ASPack 1.61
C:\WINDOWS\VSAPI32.DLL: ASPack 1.05b
C:\WINDOWS\VSAPI32.DLL: ASPack 1.03
C:\WINDOWS\VSAPI32.DLL: ASPack 1.02
C:\WINDOWS\VSAPI32.DLL: ASPack 1.01
C:\WINDOWS\VSAPI32.DLL: ASPack 1.00
C:\WINDOWS\SYSTEM\pav.sig: AsPack
----------------- HKLM Run Key ------------------
-------------- Strings.exe Umonitor Results -------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\STIMON.EXE"
"POINTER"="point32.exe"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec Core LC"="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe start"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMON.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"TCASUTIEXE"="TCAUDIAG.EXE -off"
"KavSvc"="C:\\WINDOWS\\rrmrmz.exe"
"sixtysix"="C:\\WINDOWS\\SIXTYPOPSIX.exe"
"nsvcin"="C:\\WINDOWS\\N20050308.EXE"
Logfile of HijackThis v1.99.1
Scan saved at 11:21:44 AM, on 4/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RRMRMZ.EXE
C:\WINDOWS\N20050308.EXE
C:\PROGRAM FILES\ICQ\NDETECT.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\MICROTEK\SCANWIZARD 5\SCANNERFINDER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\MY SOFTWARE\DOWNLOADS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.att.net/F1 - win.ini: run=hpfsched
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\rrmrmz.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\SIXTYPOPSIX.exe
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\N20050308.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet Security\ISSVC.exe"
O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Startup: ddpd.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {A28DAC07-0D34-4A90-A0E6-CEE27208C86D} (CWDL_DownLoadControl Class) -
http://www.callwave....DL_DownLoad.cabO16 - DPF: {33C9CD44-1EB4-41BC-BDAE-67200C31CC01} -
http://supportservic...ages/msncfg.CABO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) -
https://supportservi...ool/MailCfg.cabO16 - DPF: {94418D7F-29BF-460F-8614-DEFB34871FA4} () -
https://secure3.true.../TrueConfig.cabO16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: Squelchies by pogo -
http://game1.pogo.co...s-ob-assets.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.s...sa/SymAData.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.s.../ActiveData.cabO16 - DPF: Tumble Bees by pogo -
http://game1.pogo.co...e-ob-assets.cabO16 - DPF: Word Whomp by pogo -
http://game1.pogo.co...p-ob-assets.cabO16 - DPF: Yahoo! Chat -
http://us.chat1.yimg...t/c381/chat.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.s...sa/LSSupCtl.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall-bet...all/xscan60.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: Poppit by pogo -
http://game1.pogo.co...2-ob-assets.cabO16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) -
http://www.odysseusm...om/actsetup.cabO16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} -
http://www.ouchvideo...viewer_ic13.cabO16 - DPF: Harvest Mania by pogo -
http://game1.pogo.co...t-ob-assets.cabO16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
http://www.ysbweb.co...ysb_1002245.cabO17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = 702com.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.239.0.75,216.239.0.76