dirtmcgirt

Sorry it took so long for my reply.. I was out of town this weekend.

Here are the logs in order..

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:51:26 PM, 6/19/2006
+ Report-Checksum: 49841285

+ Scan result:

HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\DAWN\Cookies\dawn@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.6:C:\Documents and Settings\DAWN\Application Data\Mozilla\Firefox\Profiles\3rn26d44.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.7:C:\Documents and Settings\DAWN\Application Data\Mozilla\Firefox\Profiles\3rn26d44.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.8:C:\Documents and Settings\DAWN\Application Data\Mozilla\Firefox\Profiles\3rn26d44.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP724\A0054796.exe -> Proxy.Small.bo : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP724\A0056767.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0057767.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0058767.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0058958.exe -> Not-A-Virus.Hoax.Win32.Renos.dn : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0058970.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0058971.exe -> Downloader.Adload.bu : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0058976.exe -> Trojan.LdPinch.sh : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0059767.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0059802.exe -> Proxy.Agent.ji : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0059803.exe -> Downloader.Small.cxz : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0059813.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0059814.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061546.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061547.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061548.exe -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061550.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\snapshot\MFEX-3.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052132.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052147.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052150.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052151.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052152.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052153.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052154.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052155.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052156.EXE -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052174.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\snapshot\MFEX-1.DAT -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\snapshot\MFEX-2.DAT -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\snapshot\MFEX-3.DAT -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\snapshot\MFEX-7.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\snapshot\MFEX-8.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052287.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052288.exe -> Downloader.Adload.bt : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052296.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052484.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052485.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052486.exe -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052490.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052535.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052537.exe -> Downloader.Adload.bu : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052679.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052680.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052681.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052682.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052683.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052684.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052697.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052698.exe -> Downloader.Adload.bu : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052727.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052738.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052744.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP712\A0052787.dll -> Downloader.Agent.agw : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP723\A0054793.exe -> Proxy.Small.bo : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP647\A0043919.exe -> Adware.SurfAcc : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP649\A0043952.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059855.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059863.DLL -> Downloader.IstBar : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059883.exe -> Dropper.Small.aps : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059884.exe -> Downloader.Small.ctk : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059885.exe -> Proxy.Agent.ji : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059886.exe -> Downloader.Adload.bo : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059887.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059888.exe -> Downloader.Adload.bv : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059889.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059891.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059896.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059897.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059898.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059899.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059900.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059901.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059902.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059903.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059904.exe -> Not-A-Virus.Hoax.Win32.Renos.dn : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059905.exe -> Downloader.Tibs.eo : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059906.exe -> Downloader.Tibs.eo : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059907.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059908.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059909.exe -> Adware.SearchAssistant : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059910.exe -> Adware.SearchAssistant : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059911.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059912.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059913.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059914.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059915.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059916.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059917.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059918.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059919.exe -> Trojan.Dialer.pw : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059920.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059921.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059922.exe -> Dropper.Agent.aie : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059923.exe -> Not-A-Virus.Hoax.Win32.Renos.dn : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059924.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059925.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059926.exe -> Trojan.Qoologic : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059927.exe -> Adware.SearchAssistant : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059928.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059929.exe -> Adware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059930.exe -> Downloader.VB.nw : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059931.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059932.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059933.exe -> Downloader.Adload.bo : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059934.dll -> Adware.Zango : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059937.exe -> Trojan.Spambot : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0060065.exe -> Backdoor.VB.ary : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0060066.exe -> Backdoor.VB.ary : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0060067.exe -> Downloader.VB.adw : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0060068.exe -> Downloader.VB.adw : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0060069.exe -> Downloader.VB.adw : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0060070.exe -> Downloader.VB.adw : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0060071.exe -> Hijacker.VB.ly : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0060072.exe -> Hijacker.VB.ly : Cleaned with backup
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0060073.exe -> Downloader.Small.cpu : Cleaned with backup
C:\configdll.pif -> Downloader.Adload.bq : Cleaned with backup
C:\ZIGID003.exe -> Adware.ZenoSearch : Cleaned with backup
C:\lsass.exe -> Downloader.Adload.bq : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\svchost.exe/booterror.exe -> Downloader.Adload.bo : Cleaned with backup
C:\webnexmk.exe -> Dropper.Agent.hl : Cleaned with backup
C:\t.inx -> Trojan.Small : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\wd7gi8n.exe -> Downloader.Agent.ala : Cleaned with backup
C:\pi1_59.exe -> Downloader.Small.cqy : Cleaned with backup
C:\stub_sca3.exe -> Adware.BookedSpace : Cleaned with backup
C:\526_620.exe -> Dropper.Mudrop.bq : Cleaned with backup
C:\bintheredunthat\comscore.exe -> Dropper.Agent.hl : Cleaned with backup
C:\bintheredunthat\numbsoft.exe -> Dropper.Agent.hl : Cleaned with backup


::Report End


Combofix log

Start Time= Mon 06/19/2006 21:54:45.42

(((((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))

21:55:29.31

* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-05-24 18:47:48 8,464 "C:\WINDOWS\system32\sporder.dll"
2102-12-31 21:14:20 0 "C:\WINDOWS\system32\PTPTT.dat"
2006-05-29 07:22:46 34 "C:\WINDOWS\shcyi.dll"
2006-05-29 07:26:40 142 "C:\WINDOWS\cyctn.dll"
2006-06-15 18:41:28 11,554 "C:\WINDOWS\mozver.dat"
2006-05-29 07:22:40 53 "C:\WINDOWS\wlwpon.dat"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


05/29/2006 07:26 AM 142 cyctn.dll.vir
05/29/2006 07:22 AM 53 wlwpon.dat.vir
05/29/2006 07:22 AM 34 shcyi.dll.vir


DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-05-24 18:47:48 8,464 "C:\WINDOWS\system32\sporder.dll"
2102-12-31 21:14:20 0 "C:\WINDOWS\system32\PTPTT.dat"
2006-06-15 18:41:28 11,554 "C:\WINDOWS\mozver.dat"


((((((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\DAWN\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\DAWN\Application Data\Sskknwrd.dll
C:\Documents and Settings\JESSICA\Application Data\Sskknwrd.dll
C:\Documents and Settings\MIKE\Application Data\Sskknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



21:58:13.75
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2102-12-31 21:53:00 ( .D... ) "C:\Program Files\WinPortrait"
2102-12-31 21:52:58 16384 ( A.... ) "C:\WINDOWS\system32\WINKRNME.DLL"
2102-12-31 21:35:18 ( .D... ) "C:\Program Files\v2 Premier"
2102-12-31 21:32:38 ( .D... ) "C:\Program Files\3DMouse"
2102-12-31 21:31:06 ( .D... ) "C:\Program Files\NetMedia"
2102-12-31 21:28:56 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2102-12-31 21:27:56 ( .D... ) "C:\Program Files\VideoProfessor"
2102-12-31 21:26:16 ( .D... ) "C:\Program Files\lesson"
2102-12-31 21:09:06 ( .D... ) "C:\Program Files\SiSLan"
2102-12-31 2138 ( .D... ) "C:\Program Files\C-Media 3D Audio"
2102-12-31 21:00:48 ( .D... ) "C:\Program Files\SiSVGA"
2102-12-31 21:00:12 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.16a"
2102-12-31 20:59:30 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2102-12-31 20:56:38 ( .D.H. ) "C:\Program Files\Uninstall Information"
2102-12-31 20:53:18 ( .D... ) "C:\Program Files\xerox"
2102-12-31 20:53:16 ( .D... ) "C:\Program Files\microsoft frontpage"
2102-12-31 20:53:08 0 ( A.... ) "C:\AUTOEXEC.BAT"
2102-12-31 20:51:36 ( .D... ) "C:\Program Files\Movie Maker"
2102-12-31 20:51:26 ( .D... ) "C:\Program Files\Windows Media Player"
2102-12-31 20:51:26 ( .D... ) "C:\Program Files\NetMeeting"
2102-12-31 20:51:26 ( .D... ) "C:\Program Files\Common Files\Services"
2102-12-31 20:51:24 ( .D... ) "C:\Program Files\Outlook Express"
2102-12-31 20:51:22 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2102-12-31 20:51:20 ( .D... ) "C:\Program Files\Internet Explorer"
2102-12-31 20:51:20 ( .D... ) "C:\Program Files\Common Files\System"
2102-12-31 20:50:58 ( .D... ) "C:\Program Files\ComPlus Applications"
2102-12-31 20:50:26 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2102-12-31 20:50:26 ( .D... ) "C:\Program Files\Online Services"
2102-12-31 20:50:20 ( .D... ) "C:\Program Files\Messenger"
2102-12-31 20:50:16 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2102-12-31 20:50:12 ( .D... ) "C:\Program Files\Windows NT"
2102-12-31 20:47:12 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2102-12-31 20:47:12 ( .D... ) "C:\Program Files\Common Files\ODBC"
2102-12-31 20:47:10 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2102-12-31 20:47:10 ( .D... ) "C:\Program Files\Common Files"
2102-12-31 20:47:00 62 ( A.SH. ) "C:\Documents and Settings\DAWN\Application Data\desktop.ini"
2102-12-31 20:46:44 ( .DS.. ) "C:\Documents and Settings\DAWN\Application Data\Microsoft"
2006-06-17 01:27:40 ( .D... ) "C:\Program Files\CleanUp!"
2006-06-16 15:30:22 ( .D... ) "C:\Documents and Settings\DAWN\Application Data\Lavasoft"
2006-06-16 13:12:08 39424 ( A.... ) "C:\WINDOWS\system32\aspi161566.exe"
2006-06-16 13:11:42 ( .D... ) "C:\Program Files\ewido anti-malware"
2006-06-16 03:33:50 ( .D... ) "C:\Program Files\Hijack this"
2006-06-15 18:52:50 418445 ( A.... ) "C:\Mendoza1.exe"
2006-06-15 18:49:28 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-06-15 18:48:38 20992 ( A.... ) "C:\WINDOWS\system32\2a0c93d9.exe"
2006-06-15 18:41:24 ( .D... ) "C:\Program Files\Mozilla Firefox"
2006-06-15 18:39:34 ( .D... ) "C:\Program Files\Lavasoft"
2006-06-15 18:37:44 0 ( A.... ) "C:\Documents and Settings\DAWN\Application Data\Install.dat"
2006-06-14 22:18:50 154 ( A.... ) "C:\WINDOWS\comfix.bat"
2006-06-14 21:03:46 114174 ( A.... ) "C:\WINDOWS\hostsmgr.exe"
2006-06-14 20:52:14 29251 ( A.... ) "C:\WINDOWS\mc-110-12-0000488.exe"
2006-06-12 11:48:16 174669 ( A.... ) "C:\WINDOWS\srvqxexyef.exe"
2006-06-12 11:45:00 2518 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq1.exe"
2006-06-12 11:44:58 16 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq8.exe"
2006-06-10 11:26:20 3072 ( ..SHR ) "C:\WINDOWS\system32\vxgame6.exe3072.exe"
2006-06-10 11:10:14 28672 ( A.... ) "C:\WINDOWS\System32ftuninst.exe"
2006-06-10 11:10:12 28672 ( A.... ) "C:\WINDOWS\system32\ftuninst.exe"
2006-05-29 07:01:00 6064 ( A.... ) "C:\PPCleanDeleteAtReboot.bat"
2006-05-24 18:48:22 380104 ( A.... ) "C:\516_618.exe"
2006-05-24 18:47:48 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-05-24 18:47:14 ( .D... ) "C:\Program Files\Common Files\owim"
2006-04-17 06:42:10 1176576 ( ..SHR ) "C:\WINDOWS\wmiprvse32.exe"
2006-04-06 10:54:38 73728 ( A.... ) "C:\WINDOWS\system32\asuninst.exe"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UMonit"="C:\\WINDOWS\\System32\\umonit.exe"
"PivotSoftware"="\"C:\\Program Files\\WinPortrait\\wpctrl.exe\""
"2a0c93d9.exe"="C:\\WINDOWS\\System32\\2a0c93d9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"0mcamcap"="C:\\WINDOWS\\System32\\0mcamcap.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"2a0c93d9.exe"="C:\\Documents and Settings\\DAWN\\Local Settings\\Application Data\\2a0c93d9.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"owim"="C:\\PROGRA~1\\COMMON~1\\owim\\owimm.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"owim"="C:\\PROGRA~1\\COMMON~1\\owim\\owimm.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}"="DCOM Server"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Billminder.lnk"
"backup"="C:\\WINDOWS\\pss\\Billminder.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Quicken\\billmind.exe -startup"
"item"="Billminder"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Broadband Support Center.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Broadband Support Center.lnk"
"backup"="C:\\WINDOWS\\pss\\Broadband Support Center.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\bin\\matcli.exe -boot"
"item"="Broadband Support Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Lifeline.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digital Lifeline.lnk"
"backup"="C:\\WINDOWS\\pss\\Digital Lifeline.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DIGITA~1\\bin\\mpbtn.exe -boot"
"item"="Digital Lifeline"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Event Planner Reminders Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\Event Planner Reminders Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Sierra\\Planner\\PLNRnote.exe "
"item"="Event Planner Reminders Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinScheduler.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinScheduler.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinScheduler.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\WinDVR\\WINSCH~1.EXE "
"item"="InterVideo WinScheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^iSchedule-it.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\iSchedule-it.lnk"
"backup"="C:\\WINDOWS\\pss\\iSchedule-it.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INSIGH~1\\NETKNO~1\\Common\\ISCHED~1.EXE /Silent"
"item"="iSchedule-it"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Lotus Organizer EasyClip.lnk"
"backup"="C:\\WINDOWS\\pss\\Lotus Organizer EasyClip.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\lotus\\organize\\easyclip.exe "
"item"="Lotus Organizer EasyClip"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Lotus QuickStart.lnk"
"backup"="C:\\WINDOWS\\pss\\Lotus QuickStart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\lotus\\wordpro\\ltsstart.exe "
"item"="Lotus QuickStart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SmartCenter.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Lotus SmartCenter.lnk"
"backup"="C:\\WINDOWS\\pss\\Lotus SmartCenter.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\lotus\\smartctr\\SMARTCTR.EXE "
"item"="Lotus SmartCenter"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SuiteStart.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Lotus SuiteStart.lnk"
"backup"="C:\\WINDOWS\\pss\\Lotus SuiteStart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\lotus\\smartctr\\SUITEST.EXE "
"item"="Lotus SuiteStart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSOEMON.EXE "
"item"="MyWebSearch Email Plugin"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetMedia.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NetMedia.lnk"
"backup"="C:\\WINDOWS\\pss\\NetMedia.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NetMedia\\Versato.exe "
"item"="NetMedia"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NovaDisk+ Schedule Service Controller.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NovaDisk+ Schedule Service Controller.lnk"
"backup"="C:\\WINDOWS\\pss\\NovaDisk+ Schedule Service Controller.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NOVADI~1\\SCHEDU~1\\schengd.exe -app"
"item"="NovaDisk+ Schedule Service Controller"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NovaDisk+ Scheduler Tray Control.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NovaDisk+ Scheduler Tray Control.lnk"
"backup"="C:\\WINDOWS\\pss\\NovaDisk+ Scheduler Tray Control.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NOVADI~1\\schtrayd.exe "
"item"="NovaDisk+ Scheduler Tray Control"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Scheduled Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Scheduled Updates.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Quicken\\bagent.exe "
"item"="Quicken Scheduled Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Startup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Quicken\\QWDLLS.EXE "
"item"="Quicken Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Video Professor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Video Professor.lnk"
"backup"="C:\\WINDOWS\\pss\\Video Professor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\lesson\\FREELE~1.EXE "
"item"="Video Professor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DAWN^Start Menu^Programs^Startup^OpenOffice.org 1.0.lnk]
"path"="C:\\Documents and Settings\\DAWN\\Start Menu\\Programs\\Startup\\OpenOffice.org 1.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 1.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 1.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DAWN^Start Menu^Programs^Startup^Registration-INSDVD.lnk]
"path"="C:\\Documents and Settings\\DAWN\\Start Menu\\Programs\\Startup\\Registration-INSDVD.lnk"
"backup"="C:\\WINDOWS\\pss\\Registration-INSDVD.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Pinnacle\\INSTAN~1\\SHARED~1\\Pixie\\RegTool.exe INSDVD,INSDVD,register,EN,0,serial=ABDPG-AADFP-PVYPV-WYAFA-AAAAA"
"item"="Registration-INSDVD"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DAWN^Start Menu^Programs^Startup^Zeno.lnk]
"path"="C:\\Documents and Settings\\DAWN\\Start Menu\\Programs\\Startup\\Zeno.lnk"
"backup"="C:\\WINDOWS\\pss\\Zeno.lnkStartup"
"location"="Startup"
"command"="C:\\WINDOWS\\system32\\pwinqqez.exe GID003"
"item"="Zeno"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MIKE^Start Menu^Programs^Startup^OpenOffice.org 1.0.lnk]
"path"="C:\\Documents and Settings\\MIKE\\Start Menu\\Programs\\Startup\\OpenOffice.org 1.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 1.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 1.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MIKE^Start Menu^Programs^Startup^Registration-INSDVD.lnk]
"path"="C:\\Documents and Settings\\MIKE\\Start Menu\\Programs\\Startup\\Registration-INSDVD.lnk"
"backup"="C:\\WINDOWS\\pss\\Registration-INSDVD.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Pinnacle\\INSTAN~1\\SHARED~1\\Pixie\\RegTool.exe INSDVD,INSDVD,register,EN,0,serial=ABDPG-AADFP-PVYPV-WYAFA-AAAAA"
"item"="Registration-INSDVD"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0mcamcap]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="0mcamcap"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\0mcamcap.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0PaAbB9]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rkncx"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\rkncx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3DMouse]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="3DMouse"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\3DMouse\\3DMouse.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOL"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\America Online 9.0a\\AOL.EXE\" -b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1107721595\\ee\\services\\sscAntiSpywarePlugin\\ver1_10_3_1\\AOLSP Scheduler.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pwinqqez"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\pwinqqez.exe GID003"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDll32 cmicnfg"
"hkey"="HKLM"
"command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DataLayer"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DCOM Server]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dxvwgqyt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\dxvwgqyt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="defender23a"
"hkey"="HKLM"
"command"="C:\\\\defender23a.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsescn"
"hkey"="HKLM"
"command"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mptft"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\mptft.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhl7RfpJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ssn6tuu"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\System32\\ssn6tuu.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1107721595\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW ControlCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iwctrl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="keyboard25"
"hkey"="HKLM"
"command"="C:\\\\keyboard25.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LapLink Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LLSCHED"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\LapLink\\Scheduler\\LLSCHED.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbrbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 3100 Series\\lxbrbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MPfTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=" "
"hkey"="HKLM"
"command"=" "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="newname25"
"hkey"="HKLM"
"command"="C:\\\\newname25.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NclTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Nokia\\Tools\\NclTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nsdajwp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nsdajwp"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\nsdajwp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"command"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pctspk"
"hkey"="HKLM"
"command"="pctspk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PortAOL"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="khooker"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\khooker.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sistray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\sistray.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSCRun"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1107721595\\ee\\services\\sscFirewallPlugin\\ver1_10_3_1\\SSCRun.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ssk"
"hkey"="HKLM"
"command"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kernels8"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\kernels8.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="whagent"
"hkey"="HKLM"
"command"="C:\\Program Files\\webHancer\\Programs\\whagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="whsurvey"
"hkey"="HKLM"
"command"="C:\\Program Files\\webHancer\\Programs\\whsurvey.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Winamp3\\winampa.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B1-1B-BD-DD-ZN}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ppdsregp"
"hkey"="HKLM"
"command"="C:\\windows\\system32\\ppdsregp.exe GID003"
"inimapping"="0"


Contents of the 'Scheduled Tasks' folder

Completion time: Mon 06/19/2006 21:58:16.40
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt


Panda Activescan


Incident Status Location

Adware:Adware/SystemDoctor Not disinfected c:\windows\system32\2a0c93d9.exe
Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr
Adware:adware/adsmart Not disinfected c:\windows\system32\dlh9jkdq8.exe
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@atwola[1].txt
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe
Adware:Adware/Tibs Not disinfected C:\WINDOWS\system32\vxgame6.exe3072.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\dlh9jkdq1.exe
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\HDPlugin1019.inf
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\LastGood\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
Adware:Adware/CommAd Not disinfected C:\WINDOWS\REFXTg\lHIrn0.vbs
Adware:Adware/FCHelp Not disinfected C:\WINDOWS\srvqxexyef.exe[PECarlin.exe]
Adware:Adware/NewAds Not disinfected C:\WINDOWS\mc-110-12-0000488.exe
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\DAWN\Local Settings\Application Data\2a0c93d9.exe
Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 10:14:13 PM, on 6/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1107721595\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\WINDOWS\System32\aspi161566.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\wmiprvse32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\umonit.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\WINDOWS\System32\2a0c93d9.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer powered by Verizon Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.v2premier.com"); (C:\Documents and Settings\DAWN\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAWN\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [2a0c93d9.exe] C:\WINDOWS\System32\2a0c93d9.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [2a0c93d9.exe] C:\Documents and Settings\DAWN\Local Settings\Application Data\2a0c93d9.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Capture Links - C:\Program Files\Insight Development\Net Knowledge Tools\common\MenuExtCaptureLinks.js
O8 - Extra context menu item: Capture Page - C:\Program Files\Insight Development\Net Knowledge Tools\common\MenuExtCapturePage.js
O9 - Extra button: Insight NetKnowledge Tools - {102910D3-CF07-4BED-ACDC-D165385B9B66} - C:\Program Files\Insight Development\Net Knowledge Tools\common\Insight NetKnowledge Tools.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8DD733A8-353A-4E93-AB85-93CA8DC96F6A} (ActivatorControl1 Class) - https://objects.aol.com/activator/en-us/Activator.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://portal.verizon.net/checkmypc/...ivePreQual.cab
O18 - Protocol: iwd - {EA5F5649-A6C7-11D4-9E3C-0020AF0FFB56} - C:\Program Files\Insight Development\Net Knowledge Tools\common\IwdProtocol.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1107721595\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi161566.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: RemoteRegBck - Unknown owner - C:\WINDOWS\regsvc.exe (file missing)
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: wmiprvse - Unknown owner - C:\WINDOWS\wmiprvse32.exe