Browser Hijacked and worms found but still got probs HJT log attached

[dwillz123]

I seem to have collected a nasty bug! or more
Have been running Norton always but not a peep from it
Installed AVAST and found about five worms and other assorted baddies
The main problem now is that I have lost partial control of my browser Internet access.

I get regular active X requests from pages like google that I know doesnt need it.
Looked at the details and wants to redirrect to :
http://us.f551.mail.yahoo.com/ym/login?.rand=.............
Googled this URL/request and tells me that it is some kind of information gatherer.
Had two or more sepperate attempts to login to my computer Norton identified and locked I Hope

Cant access Panda online scan as pop up window is blocked and I cant get it to unblock although I have told IE to allow all pop ups

I normally use Firefox and this wont work when I try to access Kappersky
file checker it just cuts me off and tells me connection lost


Logfile of HijackThis v1.99.1
Scan saved at 19:15:57, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\PowerPro\powerpro.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hj\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerPro.lnk = C:\Program Files\PowerPro\powerpro.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161203117250
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Your Help is much appreciated

I am using HP Pavilion zd8000 P4 3ghz 512ram 100gigHD 25gig free Win XP SP2 Win MEdia Player 10 (Rollback to IE 6) but browse with Firefox; Super vers 2007 build .21

[dwillz123]

Deckard's System Scanner v20070411.38
Run by DWEbikesonline on 2007-04-17 at 20:19:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2007-04-17 18:19:36 UTC - RP86 - Deckard's System Scanner Restore Point
11: 2007-04-16 21:03:50 UTC - RP85 - Software Distribution Service 2.0
10: 2007-04-16 20:33:42 UTC - RP84 - Installed Macromedia Dreamweaver 8
9: 2007-04-16 19:14:47 UTC - RP83 - Installed Adobe Photoshop CS2
8: 2007-04-16 18:49:03 UTC - RP82 - Installed Adobe Illustrator CS2


-- First Restore Point --
1: 2007-04-14 19:39:27 UTC - RP75 - Removed Extension Manager


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as DWEbikesonline.exe) --------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:20:26, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\PowerPro\powerpro.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\DWEbikesonline\Desktop\dss.exe
C:\hj\DWEbikesonline.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerPro.lnk = C:\Program Files\PowerPro\powerpro.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161203117250
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SnoopFree (SnoopFree Driver) - c:\windows\system32\drivers\snopfree.sys
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
R2 SBKUPNT - c:\windows\system32\drivers\sbkupnt.sys
R3 BCM43XX (BCM 802.11b Network Adapter Driver) - c:\windows\system32\drivers\bcmwl5.sys
R3 CAMCAUD (Conexant AMC 3D Environmental Audio) - c:\windows\system32\drivers\camcaud.sys
R3 CAMCHALA - c:\windows\system32\drivers\camchal.sys
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys
R3 HSFHWICH - c:\windows\system32\drivers\hsfhwich.sys
R3 IPFilter (Microsoft IntelliPoint Features driver) - c:\windows\system32\drivers\ipfilter.sys
R3 sdbus - c:\windows\system32\drivers\sdbus.sys
R3 tifm21 - c:\windows\system32\drivers\tifm21.sys
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys

S3 61883 (61883 Unit Device) - c:\windows\system32\drivers\61883.sys
S3 Avc (AVC Device) - c:\windows\system32\drivers\avc.sys
S3 DCamUSBEMPIA (Dazzle DVC90 Video Device) - c:\windows\system32\drivers\emdevice.sys
S3 emAudio (Dazzle DVC90 Audio Device) - c:\windows\system32\drivers\emaudio.sys
S3 FiltUSBEMPIA (USB Device Lower Filter) - c:\windows\system32\drivers\emfilter.sys
S3 MSDV (Microsoft DV Camera and VCR) - c:\windows\system32\drivers\msdv.sys
S3 nm (Network Monitor Driver) - c:\windows\system32\drivers\nmnt.sys
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl8139.sys (file missing)
S3 ScanUSBEMPIA (USB Still Image Capture Device) - c:\windows\system32\drivers\emscan.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CobBMService (Cobian Backup 8 service) - c:\program files\cobian backup 8\cbservice.exe
R2 ISSVC - "c:\program files\norton internet security\issvc.exe"
R2 SnoopFreeSvc (Snoop Free Service) - system32\snoopfreesvc.exe

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe
S4 KService - "c:\program files\kservice\kservice.exe"


-- Scheduled Tasks -------------------------------------------------------------

2007-03-28 00:00:21 566 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - DWEbikesonline.job<NORTON~1.JOB>


-- Files created between 2007-03-17 and 2007-04-17 -----------------------------

2007-04-17 14:56:06 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-17 14:56:04 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-17 14:56:03 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-17 14:56:02 90112 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-04-17 14:56:00 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-17 14:56:00 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-17 14:55:51 712832 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-17 14:55:46 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-04-16 21:23:10 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\Opera
2007-04-16 20:54:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems<ADOBES~1>
2007-04-16 20:49:07 16384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-04-16 19:26:51 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-04-14 22:22:08 0 d-------- C:\Program Files\Alcohol Soft<ALCOHO~1>
2007-04-14 22:16:39 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-14 22:04:02 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-04-14 22:03:14 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-04-14 16:15:26 0 d-------- C:\Program Files\cd4
2007-04-14 15:21:39 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\Torrent101<TORREN~1>
2007-04-11 17:12:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Magix
2007-04-06 19:41:00 3051520 -----n--- C:\WINDOWS\UNNMP.exe
2007-04-06 19:40:31 3067904 -----n--- C:\WINDOWS\NuNinst.exe
2007-04-06 19:40:30 33536 -----n--- C:\WINDOWS\system32\drivers\InCDrm.sys
2007-04-06 19:40:30 8704 -----n--- C:\WINDOWS\system32\drivers\InCDrec.sys
2007-04-06 19:40:30 29440 -----n--- C:\WINDOWS\system32\drivers\InCDpass.sys
2007-04-06 19:40:30 102016 -----n--- C:\WINDOWS\system32\drivers\InCDfs.sys
2007-04-06 19:40:29 0 d-------- C:\WINDOWS\InCD
2007-04-06 19:39:23 3051520 -----n--- C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE>
2007-04-06 19:39:23 24064 -----n--- C:\WINDOWS\system32\msxml3a.dll
2007-04-06 19:38:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-04-06 18:12:30 127488 -----n--- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-04-06 18:11:52 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll
2007-04-06 18:11:52 106496 -----n--- C:\WINDOWS\system32\TwnLib20.dll
2007-04-06 18:11:49 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll
2007-04-06 18:11:49 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll
2007-04-06 18:11:49 476320 -----n--- C:\WINDOWS\system32\ImagXpr7.dll
2007-04-06 18:11:49 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll
2007-04-05 15:18:14 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-04-03 15:13:27 8464 --a------ C:\WINDOWS\system32\sporder.dll
2007-04-03 15:05:50 0 d-------- C:\Program Files\AresTorrentDownloader<ARESTO~1>
2007-04-01 19:53:25 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\Participatory Culture Foundation<PARTIC~1>
2007-03-28 13:19:18 0 d-------- C:\Program Files\IObit
2007-03-27 20:39:36 115200 --a------ C:\outsound.bin
2007-03-25 18:21:50 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\MGI
2007-03-25 18:11:21 1142784 --a------ C:\WINDOWS\system32\MGIIpl4P6.dll<MGIIPL~4.DLL>
2007-03-25 18:11:21 1298432 --a------ C:\WINDOWS\system32\MGIIpl4M6.dll<MGIIPL~3.DLL>
2007-03-25 18:11:20 1261568 --a------ C:\WINDOWS\system32\MGIIpl4M5.dll<MGIIPL~2.DLL>
2007-03-25 18:10:30 24576 --a------ C:\WINDOWS\system32\Sfwuts20.dll
2007-03-25 18:10:30 254976 --a------ C:\WINDOWS\system32\Sfwiudll.dll
2007-03-25 18:10:30 63488 --a------ C:\WINDOWS\system32\Picn1111.dll
2007-03-25 18:10:30 29184 --a------ C:\WINDOWS\system32\Picn11.dll
2007-03-25 18:10:30 1130496 --a------ C:\WINDOWS\system32\MGIIpl4PX.dll<MGIIPL~1.DLL>
2007-03-25 18:10:30 24576 --a------ C:\WINDOWS\system32\MGIIpl4.dll
2007-03-25 18:10:30 61440 --a------ C:\WINDOWS\system32\MGI Panorama Screen Saver.scr<MGIPAN~1.SCR>
2007-03-25 18:10:30 98304 --a------ C:\WINDOWS\system32\MGI Album Screen Saver.scr<MGIALB~1.SCR>
2007-03-25 18:10:30 1977856 --a------ C:\WINDOWS\system32\LPControl.dll<LPCONT~1.DLL>
2007-03-25 18:10:30 126976 --a------ C:\WINDOWS\system32\ipubgrnd.dll
2007-03-25 18:10:30 458752 --a------ C:\WINDOWS\system32\Fpl.dll
2007-03-25 18:10:30 32768 --a------ C:\WINDOWS\system32\F210.dll
2007-03-25 18:10:30 45568 --a------ C:\WINDOWS\system32\DC210.dll
2007-03-25 18:10:24 196608 --a------ C:\WINDOWS\system32\opccli32.dll
2007-03-25 18:10:24 122880 --a------ C:\WINDOWS\system32\Jpeglib.dll
2007-03-25 18:10:24 5632 --a------ C:\WINDOWS\system32\Hellut32.dll
2007-03-25 18:10:24 332800 --a------ C:\WINDOWS\system32\Fpxlib.dll
2007-03-25 18:10:24 522752 --a------ C:\WINDOWS\system32\DC120fc7_32.dll<DC120F~1.DLL>
2007-03-25 18:10:24 29184 --a------ C:\WINDOWS\system32\Comm32.dll
2007-03-25 18:10:24 71168 --a------ C:\WINDOWS\system32\Camapi32.dll
2007-03-25 18:10:24 0 d-------- C:\WINDOWS\Live Picture<LIVEPI~1>
2007-03-25 18:10:24 0 d-------- C:\Program Files\Common Files\MGI Shared<MGISHA~1>
2007-03-25 18:10:23 0 d-------- C:\Program Files\MGI
2007-03-25 17:42:22 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\Ahead
2007-03-25 17:41:01 5888 -----n--- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-25 17:40:49 38912 -----n--- C:\WINDOWS\system32\picn20.dll
2007-03-25 17:40:49 544768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-03-25 17:40:49 569344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-03-25 17:40:48 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
2007-03-25 17:40:48 283920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-03-25 17:40:48 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-25 17:40:44 0 d-------- C:\Program Files\Ahead
2007-03-23 20:13:16 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\Kontiki
2007-03-23 20:11:00 0 d-------- C:\WINDOWS\kdx
2007-03-23 20:10:51 0 d-------- C:\Program Files\KService
2007-03-20 22:50:19 0 d-------- C:\Program Files\norman
2007-03-20 22:41:07 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\SlySoft
2007-03-20 22:40:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-03-20 22:32:18 0 d-------- C:\Program Files\SlySoft
2007-03-20 22:30:10 0 d-------- C:\Program Files\Serif
2007-03-20 11:15:29 0 d-------- C:\Program Files\Acoustica CD Label Maker<ACOUST~1>
2007-03-19 12:56:06 0 d-------- C:\Program Files\Crimson Editor<CRIMSO~1>
2007-03-18 23:41:54 0 d-------- C:\Program Files\Foxmail
2007-03-18 22:53:23 0 d-------- C:\Program Files\Solway's Internet TV and Radio<SOLWAY~1>
2007-03-18 15:53:47 19584 --a------ C:\WINDOWS\system32\drivers\emAudio.sys
2007-03-18 15:53:26 153088 --a------ C:\Program Files\UNWISE.EXE
2007-03-18 15:53:07 61440 --a------ C:\WINDOWS\system32\PCLECoInst.dll<PCLECO~1.DLL>
2007-03-18 15:53:07 5245 --a------ C:\WINDOWS\system32\drivers\emFilter.sys
2007-03-18 15:53:07 100957 --a------ C:\WINDOWS\system32\drivers\emDevice.sys
2007-03-18 15:53:06 24269 --a------ C:\WINDOWS\system32\drivers\emStream.sys
2007-03-18 15:53:06 4493 --a------ C:\WINDOWS\system32\drivers\emScan.sys
2007-03-18 15:53:05 45056 --a------ C:\WINDOWS\system32\emVFW.dll
2007-03-18 15:53:05 9739 --a------ C:\WINDOWS\system32\emUSD.dll
2007-03-18 15:53:04 17808 --a------ C:\WINDOWS\system32\emYUV.dll


-- Find3M Report ---------------------------------------------------------------

2007-04-17 19:11:50 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-17 10:35:01 0 d-------- C:\Program Files\Norton Internet Security<NORTON~1>
2007-04-16 22:37:58 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\Macromedia<MACROM~1>
2007-04-16 22:33:53 0 d-------- C:\Program Files\Macromedia<MACROM~1>
2007-04-16 22:33:02 0 d-------- C:\Program Files\Common Files\Macromedia<MACROM~1>
2007-04-16 21:17:17 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-16 20:53:58 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\Adobe
2007-04-15 21:25:49 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\MailWasherPro<MAILWA~1>
2007-04-14 21:39:27 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-14 21:37:30 0 d-------- C:\Program Files\Photo Story 3 for Windows<PHOTOS~1>
2007-04-14 21:37:00 0 d-------- C:\Program Files\CyberLink<CYBERL~1>
2007-04-14 21:35:30 0 d-------- C:\Program Files\Microsoft Works<MIF2B0~1>
2007-04-14 21:19:44 0 d-------- C:\Program Files\Pinnacle
2007-04-12 11:58:58 0 d-------- C:\Program Files\PowerPro
2007-04-11 15:08:59 0 d-------- C:\Program Files\Mp3 My Mp3 2.0<MP3MYM~1.0>
2007-04-07 17:56:15 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\FileZilla<FILEZI~1>
2007-04-05 13:47:51 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\AdobeUM
2007-04-04 09:31:32 2818 --a------ C:\Documents and Settings\DWEbikesonline\Application Data\wklnhst.dat
2007-04-03 09:23:21 6 --a------ C:\Documents and Settings\DWEbikesonline\Application Data\dm.ini
2007-04-03 09:23:21 871 --a------ C:\Documents and Settings\DWEbikesonline\Application Data\AdobeDLM.log
2007-04-01 22:56:58 119 --a------ C:\Documents and Settings\DWEbikesonline\Application Data\FixVTS.ini
2007-03-31 19:20:40 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\Skype
2007-03-30 15:36:01 0 d-------- C:\Program Files\SourceTec<SOURCE~1>
2007-03-27 20:28:43 0 d-------- C:\Program Files\Common Files\SourceTec<SOURCE~1>
2007-03-26 12:31:12 0 d-------- C:\Program Files\Collage Maker<COLLAG~1>
2007-03-26 12:29:59 0 d-------- C:\Program Files\proDAD
2007-03-20 22:43:40 0 d-------- C:\Program Files\NCH Swift Sound<NCHSWI~1>
2007-03-20 22:43:40 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\NCH Swift Sound<NCHSWI~1>
2007-03-17 15:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-17 11:08:28 0 d-------- C:\Program Files\Ripit4me
2007-03-16 17:29:59 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\RipIt4Me
2007-03-16 17:13:00 0 d-------- C:\Program Files\PgcEdit
2007-03-16 17:07:49 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1>
2007-03-16 16:15:12 0 d-------- C:\Program Files\DVD Decrypter<DVDDEC~1>
2007-03-16 15:57:36 0 d-------- C:\Program Files\AutoGK
2007-03-16 15:57:29 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe<XVID-U~1.EXE>
2007-03-16 15:57:23 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5>
2007-03-16 15:57:07 0 d-------- C:\Program Files\Gabest
2007-03-16 14:10:08 0 d-------- C:\Program Files\deepburner_free_portable_v1.8<DEEPBU~1.8>
2007-03-16 13:41:45 0 d-------- C:\Program Files\mpgtx
2007-03-16 12:04:42 0 d-------- C:\Program Files\GustoSoft<GUSTOS~1>
2007-03-16 12:01:03 0 d-------- C:\Program Files\Codec Pack - All In 1<CODECP~1>
2007-03-15 23:02:47 0 d-------- C:\Program Files\Tales Animator<TALESA~1>
2007-03-15 21:16:21 0 d-------- C:\Program Files\e-Sword
2007-03-15 20:15:38 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\IcoFX
2007-03-15 18:53:35 0 d-------- C:\Program Files\H_menu
2007-03-15 17:55:39 0 d-------- C:\Program Files\IcoFX 1.5<ICOFX1~1.5>
2007-03-15 17:51:41 0 d-------- C:\Program Files\Icons from File<ICONSF~1>
2007-03-15 11:15:18 0 d-------- C:\Program Files\Wav2MP3 Wizard<WAV2MP~1>
2007-03-14 18:58:36 0 d-------- C:\Program Files\Wavosaur.1.0.0.7000<WAVOSA~1.700>
2007-03-14 17:46:38 0 d-------- C:\Program Files\Legend
2007-03-14 17:26:27 0 d-------- C:\Program Files\Picture It! Premium 10<PICTUR~1>
2007-03-13 16:09:36 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-03-13 00:25:40 0 d-------- C:\Program Files\AcceleRun<ACCELE~1>
2007-03-12 18:56:10 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\Alien Skin<ALIENS~1>
2007-03-12 17:18:22 1024 --a------ C:\Documents and Settings\DWEbikesonline\Application Data\WavCodec.wff
2007-03-12 16:28:03 0 d-------- C:\Program Files\XviD
2007-03-12 15:53:35 0 d-------- C:\Program Files\Mp3Splitter<MP3SPL~1>
2007-03-12 15:53:13 286720 -----n--- C:\WINDOWS\Setup1.exe
2007-03-12 15:53:12 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-03-12 15:42:50 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\GetRightToGo<GETRIG~1>
2007-03-12 15:22:21 0 d-------- C:\Program Files\Ratajik Software<RATAJI~1>
2007-03-12 10:18:04 329 --a------ C:\WINDOWS\PowerReg.dat
2007-03-10 2241 0 d-------- C:\Program Files\Common Files\debugmode<DEBUGM~1>
2007-03-10 20:21:26 0 d-------- C:\Program Files\Audio Mid Recorder<AUDIOM~1>
2007-03-10 14:29:19 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\VoipCheapCom<VOIPCH~1>
2007-03-10 14:25:45 0 d-------- C:\Program Files\VoipCheapCom<VOIPCH~1>
2007-03-09 16:43:05 0 d-------- C:\Program Files\MAGIX
2007-03-09 15:54:12 0 d-------- C:\Program Files\doitselfscripting<DOITSE~1>
2007-03-08 19:18:16 0 d-------- C:\Program Files\MozBackup<MOZBAC~1>
2007-03-08 17:43:43 0 d-------- C:\Program Files\Common Files\MAGIX Shared<MAGIXS~1>
2007-03-08 17:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-07 16:15:37 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\Acoustica<ACOUST~1>
2007-03-07 09:21:45 0 d-------- C:\Program Files\CD-Cover Editor<CD-COV~1>
2007-03-05 15:15:41 0 d---s---- C:\Documents and Settings\DWEbikesonline\Application Data\Microsoft<MICROS~1>
2007-03-03 23:20:46 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\ImgBurn
2007-03-03 23:12:54 0 d-------- C:\Program Files\ImgBurn
2007-03-03 21:44:23 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\DeepBurner<DEEPBU~1>
2007-03-03 18:47:31 0 d-------- C:\Program Files\MUSICMATCH<MUSICM~1>
2007-03-03 18:39:24 0 d-------- C:\Program Files\Smart Projects<SMARTP~1>
2007-03-02 20:26:07 0 d-------- C:\Program Files\Pinnacle Systems<PINNAC~1>
2007-03-02 11:41:43 0 d-------- C:\Program Files\eRightSoft<ERIGHT~1>
2007-03-01 20:25:17 0 d-------- C:\Program Files\DivX
2007-02-27 23:36:37 0 --a------ C:\Documents<DOCUME~2>
2007-02-27 23:00:14 0 d-------- C:\Program Files\Cobian Backup 8<COBIAN~1>
2007-02-27 21:02:10 0 d-------- C:\Program Files\SCRIPTOMATIC<SCRIPT~1>
2007-02-27 16:45:30 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\AdobeAUM
2007-02-26 18:56:21 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-02-26 17:53:15 3042 --a------ C:\Documents and Settings\DWEbikesonline\Application Data\HPCOM_48BitScanUpdate.log<HPCOM_~1.LOG>
2007-02-26 17:53:09 0 d-------- C:\Program Files\HP
2007-02-26 17:19:23 20475 --a------ C:\WINDOWS\hpoins01.dat
2007-02-26 16:28:20 0 --a------ C:\AUTOEXEC.BAT
2007-02-26 16:26:12 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-02-25 22:54:21 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~2>
2007-02-24 14:55:38 737280 --a------ C:\WINDOWS\iun6002.exe
2007-02-23 23:30:23 0 d-------- C:\Program Files\Yahoo!
2007-02-23 23:28:20 0 d-------- C:\Program Files\Common Files\Real
2007-02-23 23:28:03 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\Real
2007-02-23 20:03:25 0 d-------- C:\Program Files\iMediaCONVERT<IMEDIA~1>
2007-02-23 20:02:26 0 d-------- C:\Program Files\ShellExView<SHELLE~1>
2007-02-23 20:00:09 0 d-------- C:\Program Files\KoolMoves Demo<KOOLMO~1>
2007-02-23 19:56:20 0 d-------- C:\Program Files\Skype
2007-02-23 19:55:31 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-21 17:58:12 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~1>
2007-02-21 13:47:16 31744 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2007-02-18 23:09:28 0 d-------- C:\Program Files\DAP
2007-02-17 16:48:29 0 d-------- C:\Documents and Settings\DWEbikesonline\Application Data\IndigoRose<INDIGO~1>
2007-02-09 13:24:39 2303 --a------ C:\Documents and Settings\DWEbikesonline\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log<GDIPLU~1.LOG>
2007-02-05 22:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-05 12:00:00 135168 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-02-05 12:00:00 761856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-02-05 12:00:00 413760 --a------ C:\WINDOWS\system32\MPG4c32.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"RegistryMechanic"=""
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"
"SnoopFreeUI"="SnoopFreeUI.exe"
"USB2Check"="RUNDLL32.EXE \"C:\\WINDOWS\\system32\\PCLECoInst.dll\",CheckUSBController"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktop"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- Hosts -----------------------------------------------------------------------

127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 http.acid-burn.info #[W32/Banker.YSP]
127.0.0.1 at.ad2click.nl
127.0.0.1 cms.ad2click.nl
127.0.0.1 banner.ad.nu
127.0.0.1 james.adbutler.de #[Tenebril.TrackingCookie]
127.0.0.1 www.adbutler.de #[SunBelt.AdButler.de]
127.0.0.1 www.adcopy.info
127.0.0.1 host1.adhese.be #[Adhese Datamine Tag]

3 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-04-17 at 20:20:53 ---------

[Sempurna]

Hi dwillz123,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

First of all, while it is acceptable to have two anti-virus programs installed, it is not a good idea to have them both running in auto-protect mode as it may make both less effective. Choose just one to run in auto-protect and use the other for ad-hoc scans only.


NEXT:

I notice that you have SpywareGuard running. Please disable SpywareGuard, as it may interfere with some of our HijackThis fixes:

To disable SpywareGuard:

• Right click the SpywareGuard icon in the System Tray at the bottom-right corner of the screen and open the program.
• Then go to Menu -> File -> Exit.
• Then confirm the program is closed.

NEXT:

Please download HostsXpert and save it to your desktop:

• Extract the zip file to your desktop or a permanent folder on your hard drive.
• Open the folder and double-click on HostsXpert.exe.
• Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled. By default the button should be showing "Make Hosts ReadOnly?" (if it is, leave it alone).
• Click "Create Backup".
• Click "Restore Microsoft’s Hosts File".
• Click "OK" and exit the program.

NEXT

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please download OTMoveIt by OldTimer:

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  C:\WINDOWS\iun6002.exe
  
  
• Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste.
• Click the red MoveIt! button.
• Copy everything in the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it in your next reply.
• Close OTMoveIt.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. After reboot, please run OTMoveIt again, follow the directions as above, and post the Results report for me to see.


NEXT:

Let's run some cleanup and diagnostic scans to make sure we're not leaving anything behind.

Please download CCleaner (freeware) and save it to your desktop:

1. Run the CCleaner installer.
2. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
3. Once installed, run CCleaner and click the Windows tab.
4. Select the following:
   • Check everything under the Internet Explorer section.
   • Check everything under the Windows Explorer section.
   • Check everything under the System section.
   • Check ONLY Old Prefetch data under the Advanced section.
5. Then, click the Applications tab:
   • UNCHECK everything there.
6. Next, click the Options button, then click the Advanced button:
   • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
7. Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit.

CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.


NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.

• Save it to your desktop.
• Double-click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT:

Please do an online scan with Kaspersky Online Scanner:

1. Click on Kaspersky Online Scanner.
2. You will be prompted to install an ActiveX component from Kaspersky, click Yes.
3. The program will launch and then begin downloading the latest definition files.
4. Once the files have been downloaded click on Next.
5. Now click on Scan Settings.
6. In the scan settings make sure that the following are selected:
   • Scan using the following Anti-Virus database:
     Extended
   • Scan Options:
     Scan Archives
     Scan Mail Bases
7. Click OK.
8. Now under select a target to scan:
   • Select My Computer.
9. This program will start and scan your system.
10. The scan will take a while so be patient and let it run.
11. Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As button.
    • In the File name: field, type kavscan.
    • In the Save as type: field, select Text file (*.txt).
12. Save the file to your desktop.
13. Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:

1. The log from the ComboFix scan.
2. The log from the Kaspersky scan.
3. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

[dwillz123]

Many Thanks for your extensive and in full and in depth reply
and also for your speedy reply here are the logs you requested
As you can see I still seem to have a problem with a couple of trojans still.

Also here are some events that have raised cause for concern since first post

I recently loaded avast anti-virus following the dissapointing performance of norton

I also loaded Zonealarm as a firewall replacement

1.)When I launched avast for first time it wanted to have connection to the internet I assumed for updates
But also a second request to recieve connections from the internet
Q. Can you tell me is this a normal procedure? (2 requests one out one in)

2.)Snoopfree monitors attempts at keyboard hooks and I often get nitification of attempt at keyboard hooks and particularly on launch of a new program. ie in this case avast.
Q. Is it normal on installation of a program that it will request a keyboaard hook or is it ALWAYS malicious?

3.)I use mostly firefox WITH 'NoScripts' I am regularly getting notification of
"XSS" I know little of this threat but understand it yet another attempt at identity theft to gain access through cookie pilfering.
Q.) Do legitmate companies ie Google or CNET use "XSS" on their webpages as part of their normal construction or is "XSS" ALWAYS malicious?

4.)On first installation of Zonealarm before I had given any program access to the internet I checked the "Firewall Program Control" Their were three entries two of them for my network adapter and one named "loopback adapter" listed on IP 127.0.0.1
Q. Is this a legitimate acception?

5.)After Installing ZoneAlarm first run of firefox made two requests for connection
a) To access 127.0.0.1 Port 1075
b) To access 67.15.38.62 DNS
Q. Again is this normal and a legimate request

6.) Lastly I have noticed a disconcerting graphical annomoly with my cursor in my browser. It no longer appears to have a constant blink.
Q. This may of course be completely normal but I thought I may as well mention it

Once again many thanks for all your help

Here are the logs:-

"DWEbikesonline" - 07-04-18 10:05:06 Service Pack 2
ComboFix 07-04-18.V - Running from: C:\Documents and Settings\DWEbikesonline\Desktop\


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\SourceTec\Sothink Glanda\Templates\Album\Calendar\_desktop.ini
C:\Program Files\SourceTec\Sothink Glanda\Templates\Album\cube\_desktop.ini
C:\Program Files\SourceTec\Sothink Glanda\Templates\Album\frame\_desktop.ini
C:\Program Files\SourceTec\Sothink Glanda\Templates\Album\Fresh\_desktop.ini
C:\Program Files\SourceTec\Sothink Glanda\Templates\Album\MAC_style\_desktop.ini
C:\Program Files\SourceTec\Sothink Glanda\Templates\Album\Mail\_desktop.ini
C:\Program Files\SourceTec\Sothink Glanda\Templates\Album\number\_desktop.ini
C:\Program Files\SourceTec\Sothink Glanda\Templates\Album\player\_desktop.ini
C:\Program Files\SourceTec\Sothink Glanda\Templates\Album\snow\_desktop.ini
C:\Program Files\SourceTec\Sothink Glanda\Templates\Album\xmasstar\_desktop.ini


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm
-------\LEGACY_NM
-------\LEGACY_NPF


((((((((((((((((((((((((((((((( Files Created from 2007-03-18 to 2007-04-18 ))))))))))))))))))))))))))))))))))


2007-04-18 10:00 <DIR> d-------- C:\Program Files\CCleaner
2007-04-17 21:34 <DIR> d-------- C:\Program Files\SpyTheSpy
2007-04-17 20:19 <DIR> d-------- C:\Deckard
2007-04-17 14:56 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-17 14:56 90,112 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-04-17 14:56 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-17 14:56 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-17 14:56 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-17 14:56 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-17 14:55 712,832 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-17 14:55 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-16 21:23 <DIR> d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\Opera
2007-04-16 20:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-04-16 20:49 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-04-16 19:26 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-04-14 22:22 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-04-14 22:16 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-14 22:04 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-04-14 22:03 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-04-14 16:15 <DIR> d-------- C:\Program Files\cd4
2007-04-14 15:21 <DIR> d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\Torrent101
2007-04-11 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Magix
2007-04-06 19:41 3,051,520 --------- C:\WINDOWS\UNNMP.exe
2007-04-06 19:40 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2007-04-06 19:40 33,536 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2007-04-06 19:40 3,067,904 --------- C:\WINDOWS\NuNinst.exe
2007-04-06 19:40 29,440 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2007-04-06 19:40 102,016 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2007-04-06 19:40 <DIR> d-------- C:\WINDOWS\InCD
2007-04-06 19:39 3,051,520 --------- C:\WINDOWS\UNNeroVision.exe
2007-04-06 19:39 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-04-06 19:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-04-06 18:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-04-06 18:11 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-04-06 18:11 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-04-06 18:11 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-04-06 18:11 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-04-06 18:11 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll
2007-04-06 18:11 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-04-05 15:18 <DIR> d-------- C:\Program Files\a-squared Free
2007-04-03 15:13 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-04-03 15:05 <DIR> d-------- C:\Program Files\AresTorrentDownloader
2007-04-01 19:53 <DIR> d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\Participatory Culture Foundation
2007-03-28 13:19 <DIR> d-------- C:\Program Files\IObit
2007-03-27 20:39 115,200 --a------ C:\outsound.bin
2007-03-25 18:21 <DIR> d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\MGI
2007-03-25 18:11 1,298,432 --a------ C:\WINDOWS\system32\MGIIpl4M6.dll
2007-03-25 18:11 1,261,568 --a------ C:\WINDOWS\system32\MGIIpl4M5.dll
2007-03-25 18:11 1,142,784 --a------ C:\WINDOWS\system32\MGIIpl4P6.dll
2007-03-25 18:10 98,304 --a------ C:\WINDOWS\system32\MGI Album Screen Saver.scr
2007-03-25 18:10 71,168 --a------ C:\WINDOWS\system32\Camapi32.dll
2007-03-25 18:10 63,488 --a------ C:\WINDOWS\system32\Picn1111.dll
2007-03-25 18:10 61,440 --a------ C:\WINDOWS\system32\MGI Panorama Screen Saver.scr
2007-03-25 18:10 522,752 --a------ C:\WINDOWS\system32\DC120fc7_32.dll
2007-03-25 18:10 5,632 --a------ C:\WINDOWS\system32\Hellut32.dll
2007-03-25 18:10 458,752 --a------ C:\WINDOWS\system32\Fpl.dll
2007-03-25 18:10 45,568 --a------ C:\WINDOWS\system32\DC210.dll
2007-03-25 18:10 332,800 --a------ C:\WINDOWS\system32\Fpxlib.dll
2007-03-25 18:10 32,768 --a------ C:\WINDOWS\system32\F210.dll
2007-03-25 18:10 29,184 --a------ C:\WINDOWS\system32\Picn11.dll
2007-03-25 18:10 29,184 --a------ C:\WINDOWS\system32\Comm32.dll
2007-03-25 18:10 254,976 --a------ C:\WINDOWS\system32\Sfwiudll.dll
2007-03-25 18:10 24,576 --a------ C:\WINDOWS\system32\Sfwuts20.dll
2007-03-25 18:10 24,576 --a------ C:\WINDOWS\system32\MGIIpl4.dll
2007-03-25 18:10 196,608 --a------ C:\WINDOWS\system32\opccli32.dll
2007-03-25 18:10 126,976 --a------ C:\WINDOWS\system32\ipubgrnd.dll
2007-03-25 18:10 122,880 --a------ C:\WINDOWS\system32\Jpeglib.dll
2007-03-25 18:10 1,977,856 --a------ C:\WINDOWS\system32\LPControl.dll
2007-03-25 18:10 1,130,496 --a------ C:\WINDOWS\system32\MGIIpl4PX.dll
2007-03-25 18:10 <DIR> d-------- C:\WINDOWS\Live Picture
2007-03-25 18:10 <DIR> d-------- C:\Program Files\MGI
2007-03-25 18:10 <DIR> d-------- C:\Program Files\Common Files\MGI Shared
2007-03-25 17:42 <DIR> d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\Ahead
2007-03-25 17:41 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-25 17:40 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-03-25 17:40 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-03-25 17:40 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-03-25 17:40 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-03-25 17:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-03-25 17:40 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-03-25 17:40 <DIR> d-------- C:\Program Files\Ahead
2007-03-23 20:13 <DIR> d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\Kontiki
2007-03-23 20:11 <DIR> d-------- C:\WINDOWS\kdx
2007-03-23 20:10 <DIR> d-------- C:\Program Files\KService
2007-03-20 22:50 <DIR> d-------- C:\Program Files\norman
2007-03-20 22:41 <DIR> d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\SlySoft
2007-03-20 22:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-03-20 22:32 <DIR> d-------- C:\Program Files\SlySoft
2007-03-20 22:30 <DIR> d-------- C:\Program Files\Serif
2007-03-20 11:15 <DIR> d-------- C:\Program Files\Acoustica CD Label Maker
2007-03-19 12:56 <DIR> d-------- C:\Program Files\Crimson Editor
2007-03-18 23:41 <DIR> d-------- C:\Program Files\Foxmail
2007-03-18 22:53 <DIR> d-------- C:\Program Files\Solway's Internet TV and Radio
2007-03-18 15:53 9,739 --a------ C:\WINDOWS\system32\emUSD.dll
2007-03-18 15:53 61,440 --a------ C:\WINDOWS\system32\PCLECoInst.dll
2007-03-18 15:53 5,245 --a------ C:\WINDOWS\system32\drivers\emFilter.sys
2007-03-18 15:53 45,056 --a------ C:\WINDOWS\system32\emVFW.dll
2007-03-18 15:53 4,493 --a------ C:\WINDOWS\system32\drivers\emScan.sys
2007-03-18 15:53 24,269 --a------ C:\WINDOWS\system32\drivers\emStream.sys
2007-03-18 15:53 19,584 --a------ C:\WINDOWS\system32\drivers\emAudio.sys
2007-03-18 15:53 17,808 --a------ C:\WINDOWS\system32\emYUV.dll
2007-03-18 15:53 153,088 --a------ C:\Program Files\UNWISE.EXE
2007-03-18 15:53 100,957 --a------ C:\WINDOWS\system32\drivers\emDevice.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-18 09:54 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\mailwasherpro
2007-04-17 22:19 -------- d-------- C:\Program Files\spywareguard
2007-04-17 21:17 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-04-17 10:35 -------- d-------- C:\Program Files\norton internet security
2007-04-14 21:39 -------- d--h----- C:\Program Files\installshield installation information
2007-04-14 21:37 -------- d-------- C:\Program Files\photo story 3 for windows
2007-04-14 21:37 -------- d-------- C:\Program Files\cyberlink
2007-04-14 21:35 -------- d-------- C:\Program Files\microsoft works
2007-04-14 21:19 -------- d-------- C:\Program Files\pinnacle
2007-04-12 11:58 -------- d-------- C:\Program Files\powerpro
2007-04-11 15:08 -------- d-------- C:\Program Files\mp3 my mp3 2.0
2007-04-07 17:56 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\filezilla
2007-04-05 13:47 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\adobeum
2007-04-04 09:31 2818 --a------ C:\DOCUME~1\DWEBIK~1\APPLIC~1\wklnhst.dat
2007-04-03 09:23 871 --a------ C:\DOCUME~1\DWEBIK~1\APPLIC~1\adobedlm.log
2007-04-03 09:23 6 --a------ C:\DOCUME~1\DWEBIK~1\APPLIC~1\dm.ini
2007-04-01 22:56 119 --a------ C:\DOCUME~1\DWEBIK~1\APPLIC~1\fixvts.ini
2007-03-31 19:20 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\skype
2007-03-30 15:36 -------- d-------- C:\Program Files\sourcetec
2007-03-27 20:28 -------- d-------- C:\Program Files\Common Files\sourcetec
2007-03-26 12:31 -------- d-------- C:\Program Files\collage maker
2007-03-26 12:29 -------- d-------- C:\Program Files\prodad
2007-03-20 22:43 -------- d-------- C:\Program Files\nch swift sound
2007-03-20 22:43 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\nch swift sound
2007-03-17 15:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-17 11:08 -------- d-------- C:\Program Files\ripit4me
2007-03-16 17:29 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\ripit4me
2007-03-16 17:13 -------- d-------- C:\Program Files\pgcedit
2007-03-16 17:07 -------- d-------- C:\Program Files\dvd shrink
2007-03-16 16:15 -------- d-------- C:\Program Files\dvd decrypter
2007-03-16 15:57 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-03-16 15:57 -------- d-------- C:\Program Files\gabest
2007-03-16 15:57 -------- d-------- C:\Program Files\avisynth 2.5
2007-03-16 15:57 -------- d-------- C:\Program Files\autogk
2007-03-16 14:10 -------- d-------- C:\Program Files\deepburner_free_portable_v1.8
2007-03-16 13:41 -------- d-------- C:\Program Files\mpgtx
2007-03-16 12:04 -------- d-------- C:\Program Files\gustosoft
2007-03-16 12:01 -------- d-------- C:\Program Files\codec pack - all in 1
2007-03-15 23:02 -------- d-------- C:\Program Files\tales animator
2007-03-15 21:16 -------- d-------- C:\Program Files\e-sword
2007-03-15 20:15 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\icofx
2007-03-15 18:53 -------- d-------- C:\Program Files\h_menu
2007-03-15 17:55 -------- d-------- C:\Program Files\icofx 1.5
2007-03-15 17:51 -------- d-------- C:\Program Files\icons from file
2007-03-15 11:15 -------- d-------- C:\Program Files\wav2mp3 wizard
2007-03-14 18:58 -------- d-------- C:\Program Files\wavosaur.1.0.0.7000
2007-03-14 17:46 -------- d-------- C:\Program Files\legend
2007-03-14 17:26 -------- d-------- C:\Program Files\picture it! premium 10
2007-03-13 16:09 -------- d-------- C:\Program Files\windows media connect 2
2007-03-12 18:56 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\alien skin
2007-03-12 17:18 1024 --a------ C:\DOCUME~1\DWEBIK~1\APPLIC~1\wavcodec.wff
2007-03-12 16:28 -------- d-------- C:\Program Files\xvid
2007-03-12 15:53 73216 --a------ C:\WINDOWS\st6unst.exe
2007-03-12 15:53 286720 --------- C:\WINDOWS\setup1.exe
2007-03-12 15:53 -------- d-------- C:\Program Files\mp3splitter
2007-03-12 15:42 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\getrighttogo
2007-03-12 15:22 -------- d-------- C:\Program Files\ratajik software
2007-03-12 10:18 329 --a------ C:\WINDOWS\powerreg.dat
2007-03-10 22:06 -------- d-------- C:\Program Files\Common Files\debugmode
2007-03-10 20:21 -------- d-------- C:\Program Files\audio mid recorder
2007-03-10 14:29 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\voipcheapcom
2007-03-10 14:25 -------- d-------- C:\Program Files\voipcheapcom
2007-03-09 16:43 -------- d-------- C:\Program Files\magix
2007-03-09 15:54 -------- d-------- C:\Program Files\doitselfscripting
2007-03-08 19:18 -------- d-------- C:\Program Files\mozbackup
2007-03-08 17:43 -------- d-------- C:\Program Files\Common Files\magix shared
2007-03-08 17:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-07 09:21 -------- d-------- C:\Program Files\cd-cover editor
2007-03-03 23:20 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\imgburn
2007-03-03 23:12 -------- d-------- C:\Program Files\imgburn
2007-03-03 21:44 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\deepburner
2007-03-03 18:47 -------- d-------- C:\Program Files\musicmatch
2007-03-03 18:39 -------- d-------- C:\Program Files\smart projects
2007-03-02 20:26 -------- d-------- C:\Program Files\pinnacle systems
2007-03-02 11:41 -------- d-------- C:\Program Files\erightsoft
2007-03-01 20:25 -------- d-------- C:\Program Files\divx
2007-02-27 23:00 -------- d-------- C:\Program Files\cobian backup 8
2007-02-27 21:02 -------- d-------- C:\Program Files\scriptomatic
2007-02-27 16:45 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\adobeaum
2007-02-26 18:56 -------- d-------- C:\Program Files\hewlett-packard
2007-02-26 17:53 3042 --a------ C:\DOCUME~1\DWEBIK~1\APPLIC~1\hpcom_48bitscanupdate.log
2007-02-26 17:53 -------- d-------- C:\Program Files\hp
2007-02-26 17:19 20475 --a------ C:\WINDOWS\hpoins01.dat
2007-02-26 16:28 0 --a------ C:\AUTOEXEC.BAT
2007-02-26 16:26 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-02-25 22:54 -------- d-------- C:\Program Files\spywareblaster
2007-02-23 23:30 -------- d-------- C:\Program Files\yahoo!
2007-02-23 23:28 -------- d-------- C:\Program Files\Common Files\real
2007-02-23 23:28 -------- d-------- C:\DOCUME~1\DWEBIK~1\APPLIC~1\real
2007-02-23 20:03 -------- d-------- C:\Program Files\imediaconvert
2007-02-23 20:02 -------- d-------- C:\Program Files\shellexview
2007-02-23 20:00 -------- d-------- C:\Program Files\koolmoves demo
2007-02-23 19:56 -------- d-------- C:\Program Files\skype
2007-02-23 19:55 -------- d-------- C:\Program Files\quicktime
2007-02-21 13:47 31744 -r-hs---- C:\WINDOWS\system32\msfdx.dll
2007-02-18 23:09 -------- d-------- C:\Program Files\dap
2007-02-09 13:24 2303 --a------ C:\DOCUME~1\DWEBIK~1\APPLIC~1\gdiplusupgrade_msiapproach_wrapper.log
2007-02-05 22:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-05 12:00 761856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-02-05 12:00 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-02-05 12:00 135168 --a------ C:\WINDOWS\system32\xvidvfw.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{724d43a9-0d85-11d4-9908-00400523e39a} C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"RegistryMechanic"=""
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"
"SnoopFreeUI"="SnoopFreeUI.exe"
"USB2Check"="RUNDLL32.EXE \"C:\\WINDOWS\\system32\\PCLECoInst.dll\",CheckUSBController"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070418-095506-573
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20070418-095505-324
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - DWEbikesonline.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-18 10:10:16
C:\ComboFix-quarantined-files.txt ... 07-04-18 10:10


KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 18, 2007 5:16:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 18/04/2007
Kaspersky Anti-Virus database records: 298878
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 85346
Number of viruses found 2
Number of infected objects 7 / 0
Number of suspicious objects 0
Duration of the scan process 01:15:14

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XXZ6QK8\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D5P8I2ZL\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RT2TKL2H\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UPT0Z6YT\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped
C:\Documents and Settings\Administrator\s-1-5-21-1606980848-1343024091-725345543-500.rrr Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\DWEbikesonline\Application Data\Mozilla\Firefox\Profiles\ih883dha.default\cert8.db Object is locked skipped
C:\Documents and Settings\DWEbikesonline\Application Data\Mozi