Jump to content

Malwarebytes

mrxdavv.sys, kwave.sys malwarebytes wont delete

- - - - -
Started by sansari, Apr 30 2009 12:58 AM

36 replies to this topic

#1
sansari
Posted 30 April 2009 - 12:58 AM

    New Member

  • Members
  • Pip
  • 29 posts
I am persistently getting these 2 files while running anti-malware. I have tried almost everything, for several hours, i have found online to clean it up but on reboot the files appear again. Can somebody help? I m pasting the malware bytes log and hijack this log below.

Malwarebytes' Anti-Malware 1.36
Database version: 2060
Windows 5.1.2600 Service Pack 3

29/04/2009 8:53:57 PM
mbam-log-2009-04-29 (20-53-57).txt

Scan type: Quick Scan
Objects scanned: 85778
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot.
********************************************************************************
*****


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:11 PM, on 29/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Novatel Wireless\MobiLink\Lite.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Documents and Settings\Sania Ansari\Desktop\launch.exe
C:\DOCUME~1\SANIAA~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\SANIAA~1\LOCALS~1\Temp\RarSFX0\setup.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\SANIA ANSARI\Application Data\Mozilla\Profiles\default\cegjmm6n.slt\prefs.js)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MobiLink Lite] C:\Program Files\Novatel Wireless\MobiLink\Lite.exe
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-21-4183914383-1123606108-2360302904-501\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-21-4183914383-1123606108-2360302904-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-21-4183914383-1123606108-2360302904-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Guest')
O4 - HKUS\S-1-5-21-4183914383-1123606108-2360302904-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Guest')
O4 - HKUS\S-1-5-21-4183914383-1123606108-2360302904-501\..\Run: [MobiLink Lite] C:\Program Files\Novatel Wireless\Mobilink\Lite.exe (User 'Guest')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.idesitv.com/livetv.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: bw+0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 23857 bytes

#2
AdvancedSetup
Posted 30 April 2009 - 07:36 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
STEP 01
[indent]Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
[/indent]

STEP 02
[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
[/indent]

STEP 03
    Please create a BOOTLOG
  • Delete the following file if it exists. C:\Windows\ntbtlog.txt
  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  • Select "Enable Boot Logging" option and press enter.
  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows

    If you're already running inside Windows you can enable it the following way.

  • Click on START - RUN and type in MSCONFIG go to the BOOT.INI tab and place a check mark by /BOOTLOG
  • Click on OK and you will be prompted to RESTART Windows. Please do restart now.
  • After Windows restarts open the file C:\Windows\ntbtlog.txt with Notepad
  • From the Edit menu choose Select All then Edit, COPY and post that back on your next reply.
  • NOTE: If the file is over about 150 lines or so then DELETE the C:\Windows\ntbtlog.txt file and restart the computer and post the NEW one it creates.
  • NOTE: Vista users can type in the Search and it will show on the menu, then Right click and choose Run as Adminsitrator
  • The tab is called BOOT on Vista. Then choose Boot log

STEP 04
RootRepeal - Rootkit Detector
[indent]
    Close ALL applications and as many items in the task tray that will stop and exit.
  • Please download the following tool: RootRepeal - Rootkit Detector
  • Direct download link is here: RootRepeal.rar
  • If you don't already have a program to open a .RAR compressed file you can download a trial version from here: WinRAR
  • Extract the program file to a new folder such as C:\RootRepeal
  • Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button
  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the same location where you ran it from, such as C:\RootRepeal
  • Save it as your_name_rootrepeal.txt - where your_name is your forum name
  • This makes it more easy to track who the log belongs to.
  • Then open that log and select all and copy/paste it back on your next reply please.
  • Quit the RootRepeal program.
[/indent]

STEP 05
Please download the following scanning tool. GMER
[indent]
  • Open the zip file and copy the file gmer.exe to your Desktop.
  • Double click on gmer.exe and run it.
  • It may take a minute to load and become available.
  • Do not make any changes. Click on the SCAN button and DO NOT use the computer while it's scanning.
  • Once the scan is done click on the SAVE button and browse to your Desktop and save the file as GMER.LOG
  • Zip up the GMER.LOG file and save it as gmerlog.zip and attach it to your reply post.
  • DO NOT directly post this log into a reply. You MUST attach it as a .ZIP file.
  • Click OK and quit the GMER program.

How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista
[/indent]
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#3
sansari
Posted 01 May 2009 - 12:47 AM

    New Member

  • Members
  • Pip
  • 29 posts
here are the logs:

ComboFix.txt

ComboFix 09-04-29.07 - Sania Ansari 30/04/2009 14:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.327 [GMT -4:00]
Running from: c:\documents and settings\Sania Ansari\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\kwave.sys

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.

2009-04-30 00:07 . 2009-04-30 00:07 -------- d-----w c:\program files\Trend Micro
2009-04-29 23:18 . 2009-04-29 23:18 -------- d-----w c:\documents and settings\Sania Ansari\DoctorWeb
2009-04-29 21:31 . 2009-04-29 21:31 -------- d-----w c:\program files\CCleaner
2009-04-29 06:04 . 2009-04-29 05:58 8768 ----a-w c:\windows\system32\drivers\PCASp50.sys
2009-04-29 05:58 . 2009-04-29 05:58 4707 ----a-w c:\windows\system32\z98a.bin
2009-04-26 19:06 . 2009-04-26 19:06 -------- d--h--w C:\VJVod_Cache
2009-04-26 19:06 . 2009-04-26 19:06 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\nagasoft
2009-04-24 04:26 . 2009-04-29 23:23 -------- d-----w c:\windows\system32\nagasoft
2009-04-24 03:02 . 2009-04-24 03:02 -------- d-----w c:\documents and settings\All Users\Application Data\pixelStorm
2009-04-21 03:31 . 2009-04-21 03:31 -------- d-----w c:\program files\Veoh Networks
2009-04-15 05:13 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 05:13 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 05:12 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 05:12 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 05:12 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 05:12 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 05:12 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 05:12 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 05:12 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 05:12 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 05:12 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 05:12 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-09 04:57 . 2009-04-09 04:57 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 19:03 . 2009-01-22 16:05 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-21 07:48 . 2007-07-30 03:20 -------- d-----w c:\program files\Veoh
2009-04-20 03:01 . 2009-04-20 03:01 1263934 ----a-w c:\program files\Malwarebytes' Anti-Malware.rar
2009-04-11 20:25 . 2008-08-10 06:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 21:39 . 2008-03-18 20:38 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-06 19:32 . 2008-08-10 06:14 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-08-10 06:14 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-29 18:01 . 2009-03-29 01:57 -------- d-----w c:\program files\WaronFolvos_at
2009-03-21 00:12 . 2009-03-19 16:04 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-19 16:05 . 2009-03-19 16:05 89872 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-19 16:04 . 2009-03-19 15:55 -------- d-----w c:\program files\Microsoft
2009-03-19 16:04 . 2009-03-19 16:04 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-03-19 16:03 . 2009-03-19 15:54 -------- d-----w c:\program files\Windows Live
2009-03-19 15:59 . 2006-12-05 04:18 -------- d-----w c:\program files\Windows Live Toolbar
2009-03-19 15:58 . 2009-03-19 15:58 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-19 15:58 . 2009-03-19 15:58 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-19 15:54 . 2009-03-19 15:54 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-19 15:32 . 2009-03-19 15:32 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-19 03:57 . 2006-01-03 11:41 -------- d-----w c:\program files\Google
2009-03-14 02:34 . 2007-01-15 02:13 -------- d-----w c:\program files\iTunes
2009-03-14 02:33 . 2009-03-14 02:33 -------- d-----w c:\program files\iPod
2009-03-14 02:33 . 2008-11-25 01:14 -------- d-----w c:\program files\Common Files\Apple
2009-03-14 02:31 . 2009-03-14 02:30 -------- d-----w c:\program files\QuickTime
2009-03-06 14:22 . 2004-08-04 08:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 08:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 08:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 08:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 08:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 08:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 08:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 08:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 23:03 . 2009-02-06 23:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 22:08 . 2009-03-19 16:03 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-06 11:11 . 2004-08-04 08:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-04 08:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 08:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-04 08:00 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-04 08:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-03-18 20:34 . 2008-03-18 20:32 6735008 ----a-w c:\program files\Thunderbird Setup 2.0.0.12.exe
2007-07-17 22:33 . 2007-07-17 22:30 3753079 ----a-w c:\program files\MSReaderSetup.exe
2006-05-27 18:17 . 2006-05-27 18:16 16433280 ----a-w c:\program files\jre-1_5_0_05-windows-i586-p.exe
2006-04-23 12:45 . 2006-04-23 12:45 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_22.35.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-30 19:02 . 2009-04-30 19:02 16384 c:\windows\Temp\Perflib_Perfdata_1e8.dat
+ 2006-04-26 21:19 . 2009-04-30 00:05 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-05-24 15:31 . 2009-04-16 00:03 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-05-24 15:31 . 2009-04-30 00:05 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobiLink Lite"="c:\program files\Novatel Wireless\MobiLink\Lite.exe" [2008-02-20 409672]
"RogersAgent"="c:\program files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 478968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-19 39408]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-02 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-02 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-02 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-05-18 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-13 185784]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 483328]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2005-11-22 61952]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-23 28160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-1-21 25214]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCASp50.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Documents and Settings\\Sania Ansari\\Desktop\\drjava-stable-20060127-2145.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\eclipse-java-europa-winter-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24303:TCP"= 24303:TCP:BitComet 24303 TCP
"24303:UDP"= 24303:UDP:BitComet 24303 UDP

R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-05-05 13352]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 ppsio2;PPDevice; [x]
S2 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-03-15 116416]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a9b2d90-7e25-11dd-8cc8-00163637a041}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5594134c-c18a-11dc-8ba6-00163637a041}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ac2f294-597c-11dc-8b04-00163637a041}]
\Shell\Auto\command - serivces.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL serivces.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a12bd76d-8e10-11db-8995-00163637a041}]
\shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L
.
Contents of the 'Scheduled Tasks' folder

2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Sania Ansari\Application Data\Mozilla\Firefox\Profiles\m43pwysh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search/?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search/?fr=ffds1&p=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 15:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(664)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\xpsp3res.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\Novatel Wireless\Mobilink\Phoenix.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-30 15:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 19:13
ComboFix2.txt 2009-04-30 00:41
ComboFix3.txt 2009-04-29 22:43

Pre-Run: 23,041,298,432 bytes free
Post-Run: 23,035,629,568 bytes free

302 --- E O F --- 2009-04-30 00:07

------------------------------------------------------------------------------------------------------

hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:46 PM, on 30/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Novatel Wireless\MobiLink\Lite.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\SANIA ANSARI\Application Data\Mozilla\Profiles\default\cegjmm6n.slt\prefs.js)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MobiLink Lite] C:\Program Files\Novatel Wireless\MobiLink\Lite.exe
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.idesitv.com/livetv.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: bw+0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 22690 bytes

-------------------------------------------------------------------------------

DDS.txt



DDS (Ver_09-03-16.01) - NTFSx86
Run by Sania Ansari at 15:18:06.43 on 30/04/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.378 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
svchost
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Novatel Wireless\MobiLink\Lite.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sania Ansari\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [MobiLink Lite] c:\program files\novatel wireless\mobilink\Lite.exe
uRun: [RogersAgent] c:\program files\rogers\selfhealing\rogersagent.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.idesitv.com/livetv.ocx
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\saniaa~1\applic~1\mozilla\firefox\profiles\m43pwysh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search/?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search/?fr=ffds1&p=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-19 55152]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2007-8-12 23200]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090429.003\naveng.sys [2009-4-29 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090429.003\navex15.sys [2009-4-29 876144]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-5-5 13352]

=============== Created Last 30 ================

2009-04-29 20:07 <DIR> --d----- c:\program files\Trend Micro
2009-04-29 19:18 <DIR> --d----- c:\documents and settings\sania ansari\DoctorWeb
2009-04-29 18:21 <DIR> a-dshr-- C:\cmdcons
2009-04-29 18:18 161,792 a------- c:\windows\SWREG.exe
2009-04-29 18:18 98,816 a------- c:\windows\sed.exe
2009-04-29 17:31 <DIR> --d----- c:\program files\CCleaner
2009-04-29 02:04 8,768 a------- c:\windows\system32\drivers\PCASp50.sys
2009-04-29 01:58 4,707 a------- c:\windows\system32\z98a.bin
2009-04-26 15:06 <DIR> --d-h--- C:\VJVod_Cache
2009-04-24 00:26 <DIR> --d----- c:\windows\system32\nagasoft
2009-04-23 23:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\pixelStorm
2009-04-20 23:31 <DIR> --d----- c:\program files\Veoh Networks
2009-04-15 01:13 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 01:13 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 01:13 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-04-19 23:01 1,263,934 a------- c:\program files\Malwarebytes' Anti-Malware.rar
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-19 12:05 89,872 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 08:10 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 08:10 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 08:10 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 08:10 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 08:10 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:11 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:39 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 06:10 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2008-03-18 16:34 6,735,008 a------- c:\program files\Thunderbird Setup 2.0.0.12.exe
2007-07-17 18:33 3,753,079 a------- c:\program files\MSReaderSetup.exe
2006-05-27 14:17 16,433,280 a------- c:\program files\jre-1_5_0_05-windows-i586-p.exe
2006-04-24 15:17 0 a------- c:\docume~1\saniaa~1\applic~1\wklnhst.dat
2001-09-10 09:00 139,264 a------- c:\windows\inf\i386\Rtscan.dll
2001-09-10 08:10 61,440 a------- c:\windows\inf\i386\onetUSD.dll
2001-08-17 18:43 32,768 a------- c:\windows\inf\i386\Wiamicro.dll
2001-08-03 18:29 13,824 a------- c:\windows\inf\i386\usbscan.sys
2001-06-29 08:10 163,840 a------- c:\windows\inf\i386\viceo.dll
2006-04-23 08:45 22 a--sh--- c:\windows\sminst\HPCD.sys
2008-09-08 23:34 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080908\index.dat
2008-09-15 00:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080915\index.dat
2008-09-15 00:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

============= FINISH: 15:18:31.50 ===============

------------------------------------------------------------------------------------

Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 23/04/2006 7:14:13 AM
System Uptime: 30/04/2009 3:01:49 PM (0 hours ago)

Motherboard: Quanta | | 30A0
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | U2E1 | 1663/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 85 GiB total, 21.479 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.453 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&192AC53F&0&00E0
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&192AC53F&0&00E0
Service: w39n51

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\91F290C09F00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\91F290C09F00
Service: NIC1394

==== System Restore Points ===================

RP1: 29/04/2009 6:18:17 PM - System Checkpoint
RP2: 29/04/2009 6:19:12 PM - ComboFix created restore point
RP3: 29/04/2009 8:03:17 PM - Software Distribution Service 3.0
RP4: 29/04/2009 8:14:22 PM - ComboFix created restore point
RP5: 30/04/2009 2:52:43 PM - ComboFix created restore point

==== Installed Programs ======================

5 Card Slingo from Hewlett-Packard Laptops (remove only)
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.0.5 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop CS
Adobe Reader 7.0.9
Apple Mobile Device Support
Apple Software Update
Azureus
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
BitComet 0.70
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bonjour
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
BufferChm
CCleaner (remove only)
Choice Guard
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
Crystal Maze from Hewlett-Packard Laptops (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceFunctionQFolder
Disc2Phone
DivX Web Player
DJBCP Codec Pack
Easy Internet Sign-up
eSupportQFolder
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
FullDPAppQFolder
getPlus®_dll
Google Talk (remove only)
Google Toolbar for Internet Explorer
Graphmatica
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
HP Deskjet 5400 series
HP Game Console and games
HP Help and Support
HP Image Zone Express
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP QuickPlay 2.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
HP User Guides--System Recovery
HP User Guides 0009
HP Wireless Assistant 2.00 B3
HPDeskjet5400Series
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
Instantiations GWT Designer 4.0.0
InstantShareDevices
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 10
Java™ 6 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Jewel Quest from Hewlett-Packard Laptops (remove only)
Junk Mail filter update
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
LightScribe 1.4.62.1
LiveUpdate 3.1 (Symantec Corporation)
Logitech Desktop Messenger
Logitech SetPoint
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes' Anti-Malware
MATLAB 7.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Reader
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mobilink Lite
Mozilla (1.7.13)
Mozilla Firefox (3.0.8)
Mozilla Thunderbird (2.0.0.14)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.5
Netscape Browser (remove only)
Norton Confidence Online
Nvu 1.0
Oasis from Hewlett-Packard Laptops (remove only)
Octoshape add-in for Adobe Flash Player
Office 2003 Trial Assistant
OneTouch Version 3.0
OpenOffice.org Installer 1.0
OptionalContentQFolder
PhotoGallery
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
Post-itŪ Software Notes Lite
PrimoPDF
PrimoPDF Redistribution Package
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quick Launch Buttons 5.20 F2
QuickTime
RandMap
RealPlayer
Rhapsody Player Engine
Rogers Self Healing Software (remove only)
Rogers Yahoo! Applications
Rogers Yahoo! Music Jukebox
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
SkinsHP1
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
Smart Menus (Windows Live Toolbar)
SmartAudio
Snowboard SuperJam
SolutionCenter
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
Sony Ericsson PC Suite
SSH Secure Shell
Status
Super Granny from Hewlett-Packard Laptops (remove only)
Symantec AntiVirus
SymNet
Synaptics Pointing Device Driver
Tabbed Browsing (Windows Live Toolbar)
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
TrayApp
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update Manager (remove only)
Update Service
VC80CRTRedist - 8.0.50727.762
Veoh Web Player
VeohTV BETA
VideoLAN VLC media player 0.8.4a
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wireless Home Network Setup
Yahoo! Toolbar
Zuma Deluxe from Hewlett-Packard Laptops (remove only)

==== Event Viewer Messages From Past Week ========

30/04/2009 2:18:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde PCIIde Pcmcia ViaIde
29/04/2009 5:15:37 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mrxdav.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
29/04/2009 5:12:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
29/04/2009 5:12:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
29/04/2009 5:12:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
29/04/2009 5:12:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BITS service.
29/04/2009 5:12:01 PM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: All pipe instances are busy.
29/04/2009 5:12:01 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/04/2009 4:53:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde eabfiltr eeCtrl Fips intelppm jxxe ohci1394 PCIIde Pcmcia SAVRT SAVRTPEL SPBBCDrv SYMTDI ViaIde
29/04/2009 4:19:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AliIde eabfiltr eeCtrl Fips intelppm IPSec jxxe MRxSmb NetBIOS NetBT ohci1394 PCIIde Pcmcia RasAcd Rdbss SAVRT SAVRTPEL SPBBCDrv SYMTDI Tcpip ViaIde
29/04/2009 4:19:09 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
29/04/2009 4:19:09 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/04/2009 4:19:09 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/04/2009 4:19:09 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/04/2009 4:19:09 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
29/04/2009 4:19:09 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/04/2009 4:19:09 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/04/2009 4:18:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
29/04/2009 4:04:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
29/04/2009 4:01:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eabfiltr eeCtrl Fips intelppm jxxe SAVRT SAVRTPEL SPBBCDrv SYMTDI
29/04/2009 4:00:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/04/2009 2:27:35 AM, error: Service Control Manager [7022] - The hpqwmiex service hung on starting.
29/04/2009 2:12:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde jxxe PCIIde Pcmcia ViaIde
29/04/2009 2:11:05 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file beep.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
29/04/2009 2:02:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: jxxe
29/04/2009 2:02:30 AM, error: Dhcp [1002] - The IP address lease 192.168.0.198 for the Network Card with network address 0013021C3495 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
27/04/2009 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
27/04/2009 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
27/04/2009 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
27/04/2009 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
26/04/2009 3:08:50 PM, error: Service Control Manager [7034] - The MATLAB Server service terminated unexpectedly. It has done this 1 time(s).
26/04/2009 3:05:32 PM, error: Dhcp [1002] - The IP address lease 192.168.0.199 for the Network Card with network address 0013021C3495 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
25/04/2009 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
25/04/2009 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
25/04/2009 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
25/04/2009 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
25/04/2009 6:00:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
25/04/2009 6:00:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
25/04/2009 5:00:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
25/04/2009 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
25/04/2009 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
25/04/2009 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
25/04/2009 4:00:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
25/04/2009 4:00:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
25/04/2009 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
25/04/2009 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
25/04/2009 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
25/04/2009 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
25/04/2009 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
25/04/2009 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
25/04/2009 12:45:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
25/04/2009 12:35:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
25/04/2009 10:29:45 PM, error: Service Control Manager [7000] - The PCASp50 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
25/04/2009 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
25/04/2009 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
24/04/2009 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
24/04/2009 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
24/04/2009 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
24/04/2009 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
24/04/2009 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
24/04/2009 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
23/04/2009 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
23/04/2009 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
23/04/2009 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
23/04/2009 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
23/04/2009 7:00:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
23/04/2009 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
23/04/2009 6:00:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
23/04/2009 6:00:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
23/04/2009 5:00:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
23/04/2009 5:00:00 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
23/04/2009 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
23/04/2009 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402

==== End Of File ===========================

-------------------------------------------------------------------------

ntbtlog.txt

Service Pack 3 4 30 2009 15:25:41.375
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver sptd.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver ACPI.sys
Loaded driver pci.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver viaide.sys
Loaded driver aliide.sys
Loaded driver pcmcia.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver ACPIEC.sys
Loaded driver \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver iaStor.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver WudfPf.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver serial.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\DRIVERS\sdbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\rimmptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\rimsptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\rixdptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\CHDAud.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSF_DPV.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Loaded driver \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Loaded driver \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090429.003\navex15.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090429.003\naveng.sys
Loaded driver \??\C:\Program Files\Symantec AntiVirus\savrt.sys
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Did not load driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\Drivers\SYMTDI.SYS
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\Drivers\PCASp50.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\EABFiltr.sys
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Loaded driver \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\System32\Drivers\ppsio2.SYS
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys
Loaded driver \SystemRoot\system32\DRIVERS\secdrv.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090429.003\navex15.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090429.003\naveng.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\System32\Drivers\SYMREDRV.SYS
Loaded driver \SystemRoot\system32\DRIVERS\w39n51.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\DOCUME~1\SANIAA~1\LOCALS~1\Temp\aujasnkj.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys

---------------------------------------------------------------------------------

root repeal in the next post

Attached Files


#4
sansari
Posted 01 May 2009 - 12:47 AM

    New Member

  • Members
  • Pip
  • 29 posts
sansari_rootrepeal.txt

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/04/30 15:35
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000055
Image Path: \Driver\00000055
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9A6D5000 Size: 876544 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x99D0A000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\ServicePackFiles\i386\avc.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Temp\etilqs_blxCqSvzVV2PeMAFdL21
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl
Status: Allocation size mismatch (API: 8192, Raw: 4096)

Path: C:\Documents and Settings\Sania Ansari\My Documents\My Music\[Dc] Dhoom 2 (hindi-Ost) (By.Kaptan Balwant) (Dc ExL) [DholCutz] Oct 2k6\[Ðc] 04 - Sukhbir, Soham Chakrabarthy, Jolly Mukherjee, Mahalaxmi Iyer & Suzanne - Dil Laga Na (By.Kaptan Balwant) [DholCutz].mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Mozilla\Firefox\Profiles\m43pwysh.default\Cache\sessionstore.js
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Mozilla\Firefox\Profiles\m43pwysh.default\Cache\CA99DE9Cd01
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\36\36-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v36-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v36-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\59\59-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v59-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v59-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\00\100-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v100-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v100-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\01\101-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v101-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v101-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\01\14-{3D1423D7-93BF-1556-D2B2-F43A5E93220F}-v1-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v14-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\02\102-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v102-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v102-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\03\103-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v103-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v103-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\04\104-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v104-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v104-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\05\105-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v105-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v105-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\06\106-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v106-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v106-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\07\107-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v107-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v107-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\08\108-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v108-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v108-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\09\109-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v109-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v109-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\11\11-{991D8BAF-9FBA-430D-8A8D-5872CAB14DB3}-v11-{991D8BAF-9FBA-430D-8A8D-5872CAB14DB3}-v11-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\13\13-{991D8BAF-9FBA-430D-8A8D-5872CAB14DB3}-v13-{991D8BAF-9FBA-430D-8A8D-5872CAB14DB3}-v13-Partial.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\15\15-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v15-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v15-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\16\16-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v16-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v16-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\17\17-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v17-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v17-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\18\18-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v18-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v18-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\19\19-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v19-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v19-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\20\20-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v20-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v20-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\21\21-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v21-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v21-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\22\22-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v22-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v22-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\23\23-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v23-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v23-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\24\24-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v24-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v24-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\25\25-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v25-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v25-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\26\26-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v26-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v26-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\27\27-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v27-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v27-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\28\28-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v28-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v28-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\29\29-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v29-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v29-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\30\30-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v30-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v30-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\31\31-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v31-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v31-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\32\32-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v32-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v32-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\33\33-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v33-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v33-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\34\34-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v34-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v34-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\35\35-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v35-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v35-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\37\37-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v37-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v37-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\38\38-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v38-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v38-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\39\39-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v39-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v39-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\40\40-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v40-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v40-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\41\41-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v41-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v41-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\42\42-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v42-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v42-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\43\43-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v43-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v43-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\44\44-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v44-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v44-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\45\45-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v45-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v45-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\46\46-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v46-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v46-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\47\47-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v47-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v47-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\48\48-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v48-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v48-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\49\49-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v49-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v49-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\50\50-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v50-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v50-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\51\51-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v51-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v51-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\52\52-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v52-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v52-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\53\53-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v53-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v53-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\54\54-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v54-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v54-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\55\55-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v55-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v55-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\56\56-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v56-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v56-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\57\57-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v57-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v57-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\58\58-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v58-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v58-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\60\60-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v60-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v60-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\61\61-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v61-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v61-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\62\62-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v62-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v62-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\63\63-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v63-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v63-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\64\64-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v64-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v64-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\65\65-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v65-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v65-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\66\66-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v66-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v66-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\67\67-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v67-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v67-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\68\68-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v68-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v68-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\69\69-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v69-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v69-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\70\70-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v70-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v70-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\71\71-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v71-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v71-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\72\72-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v72-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v72-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\73\73-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v73-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v73-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\74\74-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v74-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v74-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\75\75-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v75-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v75-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\76\76-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v76-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v76-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\77\77-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v77-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v77-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\78\78-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v78-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v78-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\79\79-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v79-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v79-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\80\80-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v80-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v80-Downloaded.frx
Status: LocSSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x86437740

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x864d6ba0

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x864c0b48

#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xf74190b0

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x86ed71b0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xa36b8350

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf741e84e

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf741ebee

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x86491658

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x864fec30

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x86501360

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8630c838

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x86392e30

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf7419090

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x865238e0

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x8633bc58

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf741ecc6

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "<unknown>" at address 0x864abce0

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x86347e88

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x86346600

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x86500ac0

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x863464b0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xa36b8580

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x86325970

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8639eed0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x862f88b0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8633d6e8

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x86302ef8

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x862c4980 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86443958 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86443958 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86443958 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86443958 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86443958 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86443958 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86443958 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86443958 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86443958 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86443958 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86443958 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x864e0980 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x864e0980 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864e0980 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864e0980 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x864e0980 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864e0980 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x864e0980 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_CLOSE]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_POWER]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_PNP]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x861d6980 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x861d6980 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x861d6980 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x861d6980 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x861d6980 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x861d6980 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x864b6980 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x864b6980 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864b6980 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864b6980 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x864b6980 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864b6980 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x864b6980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x86062980 Size: -

Object: Hidden Code [Driver: Cdfsȅ灎剆ȁఈ浍浓점藄Ā, IRP_MJ_CREATE]
Process: System Address: 0x861397c0 Size: -

Object: Hidden Code [Driver: Cdfsȅ灎剆ȁఈ浍浓점藄Ā, IRP_MJ_CLOSE]
Process: System Address: 0x861397c0 Size: -

Object: Hidden Code [Driver: Cdfsȅ灎剆ȁఈ浍浓점藄Ā, IRP_MJ_READ]
Process: System Address: 0x861397c0 Size: -

Object: Hidden Code [Driver: Cdfsȅ灎剆ȁఈ浍浓점藄Ā, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x861397c0 Size: -

Object: Hidden Code [Driver: Cdfsȅ灎剆ȁఈ浍浓점藄Ā, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x861397c0 Size: -

Object: Hidden Code [Driver: Cdfsȅ灎剆ȁఈ浍浓점藄Ā, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x861397c0 Size: -

Object: Hidden Code [Driver: Cdfsȅ灎剆ȁఈ浍浓점藄Ā, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x861397c0 Size: -

Object: Hidden Code [Driver: Cdfsȅ灎剆ȁఈ浍浓점藄Ā, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x861397c0 Size: -

Object: Hidden Code [Driver: Cdfsȅ灎剆ȁఈ浍浓점藄Ā, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x861397c0 Size: -

Object: Hidden Code [Driver: Cdfsȅ灎剆ȁఈ浍浓점藄Ā, IRP_MJ_SHUTDOWN]
Process: System Address: 0x861397c0 Size: -

Object: Hidden Code [Driver: Cdfsȅ灎剆ȁఈ浍浓점藄Ā, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x861397c0 Size: -

Object: Hidden Code [Driver: Cdfsȅ灎剆ȁఈ浍浓점藄Ā, IRP_MJ_CLEANUP]
Process: System Address: 0x861397c0 Size: -

Object: Hidden Code [Driver: Cdfsȅ灎剆ȁఈ浍浓점藄Ā, IRP_MJ_PNP]
Process: System Address: 0x861397c0 Size: -

-----------------------------------------------------------------------

#5
AdvancedSetup
Posted 01 May 2009 - 10:53 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
STEP 01
Create a NEW folder on your Desktop named: BadFiles


Please download the following scanning tool. GMER
[indent]
  • Open the zip file and copy the file gmer.exe to your Desktop.
  • Double click on gmer.exe and run it.
  • It may take a minute to load and become available.
  • You should see a tab on top with 3 > > > arrows. Click on that.
  • Then click on the Files tab.
  • Browse to the C:\DOCUME~1\SANIAA~1\LOCALS~1\Temp\ folder and locate the following file aujasnkj.sys
  • Then if it's there highlight it and click on the COPY button. A Save As dialog box will open.
  • Browse to your desktop and copy the file to the new BadFiles folder you created earlier by typing in the same name but give it an extension of .bad
  • Zip up all the files in the BadFiles folder and save it as Infection.zip and attach it to your reply post.
  • DO NOT attempt to attach or upload any file directly. You MUST attach it as a .ZIP file.
  • Click OK and quit the GMER program.

How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista
[/indent]
STEP 02
Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines
KILLALL::

AtJob::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a9b2d90-7e25-11dd-8cc8-00163637a041}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5594134c-c18a-11dc-8ba6-00163637a041}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ac2f294-597c-11dc-8b04-00163637a041}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a12bd76d-8e10-11db-8995-00163637a041}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"=-

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:
Posted Image
  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disconnect from the Internet.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  • It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 03
Please either uninstall or fully disable these P2P programs
Azureus
BitComet 0.70

STEP 04
Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA
J2SE Runtime Environment 5.0 Update 10
Java™ 6 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1

Then run this tool to help cleanup any left over Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply

    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

STEP 05
Hang in there while we check out the file you attached and see what's up with it and add it to MBAM if needed.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#6
sansari
Posted 01 May 2009 - 08:08 PM

    New Member

  • Members
  • Pip
  • 29 posts
hi again,

I couldn't locate the following file so haven't attached any badfiles.

C:\DOCUME~1\SANIAA~1\LOCALS~1\Temp\ folder and locate the following file aujasnkj.sys

ComboFix.txt

ComboFix 09-05-01.1 - Sania Ansari 01/05/2009 15:28.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.414 [GMT -4:00]
Running from: c:\documents and settings\Sania Ansari\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sania Ansari\Desktop\CFscript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sania Ansari\Application Data\wiaserva.log
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\kwave.sys
c:\windows\system32\wbem\grpconv.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-04-30 19:34 . 2009-04-30 19:54 -------- d-----w C:\RootRepeal
2009-04-30 00:07 . 2009-04-30 00:07 -------- d-----w c:\program files\Trend Micro
2009-04-29 23:18 . 2009-04-29 23:18 -------- d-----w c:\documents and settings\Sania Ansari\DoctorWeb
2009-04-29 21:31 . 2009-04-29 21:31 -------- d-----w c:\program files\CCleaner
2009-04-29 06:04 . 2009-04-29 05:58 8768 ----a-w c:\windows\system32\drivers\PCASp50.sys
2009-04-29 05:58 . 2009-04-29 05:58 4707 ----a-w c:\windows\system32\z98a.bin
2009-04-26 19:06 . 2009-04-26 19:06 -------- d--h--w C:\VJVod_Cache
2009-04-26 19:06 . 2009-04-26 19:06 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\nagasoft
2009-04-24 04:26 . 2009-04-29 23:23 -------- d-----w c:\windows\system32\nagasoft
2009-04-24 03:02 . 2009-04-24 03:02 -------- d-----w c:\documents and settings\All Users\Application Data\pixelStorm
2009-04-21 03:31 . 2009-04-21 03:31 -------- d-----w c:\program files\Veoh Networks
2009-04-15 05:13 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 05:13 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 05:12 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 05:12 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 05:12 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 05:12 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 05:12 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 05:12 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 05:12 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 05:12 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 05:12 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 05:12 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-09 04:57 . 2009-04-09 04:57 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 19:34 . 2009-01-22 16:05 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-21 07:48 . 2007-07-30 03:20 -------- d-----w c:\program files\Veoh
2009-04-20 03:01 . 2009-04-20 03:01 1263934 ----a-w c:\program files\Malwarebytes' Anti-Malware.rar
2009-04-11 20:25 . 2008-08-10 06:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 21:39 . 2008-03-18 20:38 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-06 19:32 . 2008-08-10 06:14 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-08-10 06:14 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-29 18:01 . 2009-03-29 01:57 -------- d-----w c:\program files\WaronFolvos_at
2009-03-21 00:12 . 2009-03-19 16:04 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-19 16:05 . 2009-03-19 16:05 89872 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-19 16:04 . 2009-03-19 15:55 -------- d-----w c:\program files\Microsoft
2009-03-19 16:04 . 2009-03-19 16:04 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-03-19 16:03 . 2009-03-19 15:54 -------- d-----w c:\program files\Windows Live
2009-03-19 15:59 . 2006-12-05 04:18 -------- d-----w c:\program files\Windows Live Toolbar
2009-03-19 15:58 . 2009-03-19 15:58 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-19 15:58 . 2009-03-19 15:58 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-19 15:54 . 2009-03-19 15:54 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-19 15:32 . 2009-03-19 15:32 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-19 03:57 . 2006-01-03 11:41 -------- d-----w c:\program files\Google
2009-03-14 02:34 . 2007-01-15 02:13 -------- d-----w c:\program files\iTunes
2009-03-14 02:33 . 2009-03-14 02:33 -------- d-----w c:\program files\iPod
2009-03-14 02:33 . 2008-11-25 01:14 -------- d-----w c:\program files\Common Files\Apple
2009-03-14 02:31 . 2009-03-14 02:30 -------- d-----w c:\program files\QuickTime
2009-03-06 14:22 . 2004-08-04 08:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 08:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 08:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 08:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 08:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 08:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 08:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 08:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 23:03 . 2009-02-06 23:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 22:08 . 2009-03-19 16:03 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-06 11:11 . 2004-08-04 08:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-04 08:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 08:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-04 08:00 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-04 08:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-03-18 20:34 . 2008-03-18 20:32 6735008 ----a-w c:\program files\Thunderbird Setup 2.0.0.12.exe
2007-07-17 22:33 . 2007-07-17 22:30 3753079 ----a-w c:\program files\MSReaderSetup.exe
2006-05-27 18:17 . 2006-05-27 18:16 16433280 ----a-w c:\program files\jre-1_5_0_05-windows-i586-p.exe
2006-04-23 12:45 . 2006-04-23 12:45 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_22.35.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-01 19:34 . 2009-05-01 19:34 16384 c:\windows\temp\Perflib_Perfdata_708.dat
+ 2006-04-26 21:19 . 2009-04-30 00:05 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-05-24 15:31 . 2009-04-16 00:03 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-05-24 15:31 . 2009-04-30 00:05 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-04-26 21:19 . 2009-04-16 00:03 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2006-04-26 21:19 . 2009-04-30 00:05 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobiLink Lite"="c:\program files\Novatel Wireless\MobiLink\Lite.exe" [2008-02-20 409672]
"RogersAgent"="c:\program files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 478968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-19 39408]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-02 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-02 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-02 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-05-18 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-13 185784]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 483328]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2005-11-22 61952]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-23 28160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-1-21 25214]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCASp50.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Documents and Settings\\Sania Ansari\\Desktop\\drjava-stable-20060127-2145.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\eclipse-java-europa-winter-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24303:TCP"= 24303:TCP:BitComet 24303 TCP
"24303:UDP"= 24303:UDP:BitComet 24303 UDP

R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-05-05 13352]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 ppsio2;PPDevice; [x]
S2 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-03-15 116416]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Sania Ansari\Application Data\Mozilla\Firefox\Profiles\m43pwysh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search/?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search/?fr=ffds1&p=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 15:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4080)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\MATLAB71\webserver\bin\win32\matlabserver.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\MATLAB71\bin\win32\MATLAB.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\Novatel Wireless\Mobilink\Phoenix.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-01 15:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-01 19:48
ComboFix2.txt 2009-04-30 19:13
ComboFix3.txt 2009-04-30 00:41
ComboFix4.txt 2009-04-29 22:43

Pre-Run: 23,033,929,728 bytes free
Post-Run: 23,033,466,880 bytes free

342 --- E O F --- 2009-04-30 00:07


---------------------------------------------------------------

JavaRa.log


JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri May 01 15:58:23 2009

Found and removed: C:\Program Files\Java\jre1.5.0_05

Found and removed: Software\JavaSoft\Java2D\1.5.0

Found and removed: Software\JavaSoft\Java2D\1.5.0_05

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_12

Found and removed: SOFTWARE\Classes\JavaPlugin.150_05

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_05\

------------------------------------

Finished reporting.

#7
AdvancedSetup
Posted 02 May 2009 - 03:37 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Please run the following to remove any tools that might have been used during the scaning and cleaning of your system.

STEP A
[indent]Uninstall ComboFix.exe
  • Click START then RUN
  • Now type Combofix /u (if you renamed Combofix.exe use that name instead) in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • [indent]Posted Image[/indent]
  • When shown the disclaimer, Select "2"
Remove this folder C:\QooBox if the uninstall instructions don't work and delete Combofix.exe AND check your system time and reset if needed[/indent]

STEP B
[indent]Uninstall GMER
Click on START - RUN and type in or copy/paste %windir%\gmer_uninstall.cmd to remove GMER.[/indent]

STEP C
[indent]Uninstall other tools
Please Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe to run it.
  • While connected to the Internet, Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
  • It should ask if you want to clean up, select Yes and allow the system to clean up these items.
    NOW please reboot your computer to finish the cleanup process
[/indent]



Then download and run this Anti-Virus scanner please.

Please download to your Desktop: Dr.Web CureIt
  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked
  • On the Log file tab leave the Log to file checked.
  • Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log
  • Log mode = Append
  • Encoding = ANSI
  • Details Leave Names of file packers and Statistics checked.
  • Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.
  • On the General tab leave the Scan Priority on High
  • Click the Apply button at the bottom, and then the OK button.
  • On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.
  • In this mode it will scan Boot sectors of all disks, All removable media, and all local drives
  • The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.
  • When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.
  • Click 'Yes to all' if it asks if you want to cure/move the files.
  • This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.
    [indent]Posted Image[/indent]



Then try and run and update MBAM and post back the log.


Update and Scan with Malwarebytes' Anti-Malware
  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Then post back the MBAM log and a new Hijackthis log.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#8
sansari
Posted 03 May 2009 - 12:08 AM

    New Member

  • Members
  • Pip
  • 29 posts
DrWeb.csv and hijackthis.log

gameconsoleservice.exe;c:\program files\wildtangent\apps\gamechannel\games\074eef5f-3be8-4112-b253-c5d6cde2924c;Probably MULDROP.Trojan;Deleted.;
SetupGamesClient.exe\data004;C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe;Probably MULDROP.Trojan;;
SetupGamesClient.exe;C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers;Archive contains infected objects;;
minuwet.exe;C:\Documents and Settings\Sania Ansari\Desktop;Trojan.PWS.Banker.2833;Deleted.;
minuwet.exe;C:\Documents and Settings\Sania Ansari\My Documents\CS448\Sania\CS490\research\case;Trojan.PWS.Banker.8301;Deleted.;
minuwet.exe;C:\Documents and Settings\Sania Ansari\My Documents\CS490\faahs stuff\research\case;Trojan.PWS.Banker.8301;Deleted.;
TSsetup.exe\data002;C:\Program Files\Online Services\Aol\Canada\comps\tpspd\TSsetup.exe;Probably DLOADER.Trojan;;
TSsetup.exe;C:\Program Files\Online Services\Aol\Canada\comps\tpspd;Archive contains infected objects;;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Program Files\Online Services\Aol\United States\AOL90\comps\coach;Archive contains infected objects;;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90E\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Program Files\Online Services\Aol\United States\AOL90E\comps\coach;Archive contains infected objects;;
TSsetup.exe\data002;C:\Program Files\Online Services\Canada\AOL-MAX\comps\tpspd\TSsetup.exe;Probably DLOADER.Trojan;;
TSsetup.exe;C:\Program Files\Online Services\Canada\AOL-MAX\comps\tpspd;Archive contains infected objects;;
GameConsoleService.exe;C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C;Probably MULDROP.Trojan;Invalid path to file ;
Brandit.exe;C:\SWSETUP\BrandIt\Disk1;Probably STPAGE.Trojan;;
A0004323.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11;Trojan.PWS.Banker.2833;Deleted.;
A0000016.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2;Tool.Prockill;;
A0000041.EXE;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2;Program.PsExec.170;;
A0000070.bat;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2;Probably BATCH.Virus;;
A0000110.sys;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2;Trojan.Fakealert.4098;Deleted.;
A0000111.dll;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2;Probably DLOADER.Trojan;;
A0001192.EXE;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4;Program.PsExec.170;;
A0001222.bat;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4;Probably BATCH.Virus;;
A0001288.bat;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4;Probably BATCH.Virus;;
A0001360.EXE;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP5;Program.PsExec.170;;
A0001391.bat;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP5;Probably BATCH.Virus;;
A0001479.sys;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP5;Trojan.Fakealert.458;Deleted.;
A0001545.EXE;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP5;Program.PsExec.170;;
A0001575.bat;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP5;Probably BATCH.Virus;;


hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:45 PM, on 02/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Novatel Wireless\MobiLink\Lite.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\SANIA ANSARI\Application Data\Mozilla\Profiles\default\cegjmm6n.slt\prefs.js)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MobiLink Lite] C:\Program Files\Novatel Wireless\MobiLink\Lite.exe
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.idesitv.com/livetv.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: bw+0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 22572 bytes

******************************************************
mbam.log and hijack this


Malwarebytes' Anti-Malware 1.36
Database version: 2069
Windows 5.1.2600 Service Pack 3

02/05/2009 7:55:11 PM
mbam-log-2009-05-02 (19-55-11).txt

Scan type: Quick Scan
Objects scanned: 86183
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot.

hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:19 PM, on 02/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Novatel Wireless\MobiLink\Lite.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\SANIA ANSARI\Application Data\Mozilla\Profiles\default\cegjmm6n.slt\prefs.js)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MobiLink Lite] C:\Program Files\Novatel Wireless\MobiLink\Lite.exe
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.idesitv.com/livetv.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: bw+0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 22513 bytes


On reboot i ran mbam again and the files were still there..

#9
AdvancedSetup
Posted 05 May 2009 - 04:51 PM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Okay well my guess is that you rebooted before we were able to grab that bad file and it renames itself on reboot.

Lets isolate the system. Remove all external USB drives from the system and do not share or connect the computer on a network with any other computers.

Then download and burn this (use a friends or work computer if needed)

Avira AntiVir Rescue System
[indent]Requires access to a working computer with a CD/DVD burner to create a bootable CD.
  • Download the Avira AntiVir Rescue System from here
  • Place a blank CD in your burner and double-click on the downloaded file named rescuecd.exe
  • The program will automatically burn the CD for you.
  • Place the burned CD into the affected computer and start the computer from this CD.
  • On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
  • Click on the Configuration button.
    • Select Scan all files
    • Select Try to repair infected files and Rename files, if they cannot be removed
    • Select Scan for dialers
    • Select Scan for joke programs (Jokes)
    • Select Scan for games
    • Select Scan for spyware (SPR)
  • Click on Virus scanner
  • Click on Start scanner at the bottom of the screen
  • Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings
The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Possible solutions to Screen Resolution and other issues
  • Please see the post here if you're unable to view the entire screen of Avira.
  • You can also review this one Fixed Rescue CD Resolution Probs with Dell Video
  • Currently only the German keyboard is supported. Command Line not working English keyboards require work arounds.
  • Some computers attempt to mount the floppy even though they don't have one. You may need to go in to the BIOS and disable the floppy drive in order to mount your hard drive for scanning.
[/indent]

Then run and update MBAM and post back it's log again.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#10
sansari
Posted 05 May 2009 - 07:18 PM

    New Member

  • Members
  • Pip
  • 29 posts
I tried burning it but it says 'burning device not compatible'. Is there an alternative to this?

#11
AdvancedSetup
Posted 06 May 2009 - 12:31 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Well we can go through the process steps again if you want. The Avira method would often be quicker is why I offered it.

After running Step 2 to restart and obtain a new bootlog file, do not reboot the computer if at all possible.
Do not attach any USB drives to the system and keep other computers off of the same network if possible.


STEP 01
Delete your curent copy of Combofix.exe and download a NEW fresh copy and run it.
Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe

STEP 02
    Please create a BOOTLOG
  • Delete the following file if it exists. C:\Windows\ntbtlog.txt
  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  • Select "Enable Boot Logging" option and press enter.
  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
     
    If you're already running inside Windows you can enable it the following way.
     
  • Click on START - RUN and type in MSCONFIG go to the BOOT.INI tab and place a check mark by /BOOTLOG
  • Click on OK and you will be prompted to RESTART Windows. Please do restart now.
  • After Windows restarts open the file C:\Windows\ntbtlog.txt with Notepad
  • From the Edit menu choose Select All then Edit, COPY and post that back on your next reply.
  • NOTE: If the file is over about 150 lines or so then DELETE the C:\Windows\ntbtlog.txt file and restart the computer and post the NEW one it creates.
  • NOTE: Vista users can type in the Search and it will show on the menu, then Right click and choose Run as Adminsitrator
  • The tab is called BOOT on Vista. Then choose Boot log

STEP 03
RootRepeal - Rootkit Detector
[indent]
    Close ALL applications and as many items in the task tray that will stop and exit.
  • Please download the following tool: RootRepeal - Rootkit Detector
  • Direct download link is here: RootRepeal.rar
  • If you don't already have a program to open a .RAR compressed file you can download a trial version from here: WinRAR
  • Extract the program file to a new folder such as C:\RootRepeal
  • Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button
  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the same location where you ran it from, such as C:\RootRepeal
  • Save it as your_name_rootrepeal.txt - where your_name is your forum name
  • This makes it more easy to track who the log belongs to.
  • Then open that log and select all and copy/paste it back on your next reply please.
  • Quit the RootRepeal program.
[/indent]


STEP 04
Please download the following scanning tool. GMER
[indent]
  • Open the zip file and copy the file gmer.exe to your Desktop.
  • Double click on gmer.exe and run it.
  • It may take a minute to load and become available.
  • Do not make any changes. Click on the SCAN button and DO NOT use the computer while it's scanning.
  • Once the scan is done click on the SAVE button and browse to your Desktop and save the file as GMER.LOG
  • Zip up the GMER.LOG file and save it as gmerlog.zip and attach it to your reply post.
  • DO NOT directly post this log into a reply. You MUST attach it as a .ZIP file.
  • Click OK and quit the GMER program.

How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista
[/indent]

STEP 05
[indent]Click on START - RUN and type in SIGVERIF and click OK
This is a Microsoft File Signature Verification program that will check some file status for us.
  • Click on the START button and let it run.
  • It will popup a box when it's done to show the status, you can close that box.
  • Close the File Signature Verification application.
  • Find and attach the file C:\WINDOWS\SIGVERIF.TXT to your reply.
  • DO NOT post the log directly into your reply, attach the file please.
[/indent]
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#12
sansari
Posted 06 May 2009 - 04:14 AM

    New Member

  • Members
  • Pip
  • 29 posts
I was following the instructions as listed but while running gmer scan, a blue screen appeared saying 'problem has been detected... ' (before I could read the whole thing the screen disappeared and computer rebooted by itself. I am not sure if i should be running gmer again?
I am attaching the rest of the logs though.

ComboFix

ComboFix 09-05-05.03 - Sania Ansari 05/05/2009 22:12.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.500 [GMT -4:00]
Running from: c:\documents and settings\Sania Ansari\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\kwave.sys

.
((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.

2009-05-05 01:27 . 2009-05-05 01:27 -------- d-----w c:\program files\SpywareBlaster
2009-04-30 19:34 . 2009-04-30 19:54 -------- d-----w C:\RootRepeal
2009-04-30 00:07 . 2009-04-30 00:07 -------- d-----w c:\program files\Trend Micro
2009-04-29 23:18 . 2009-05-02 19:51 -------- d-----w c:\documents and settings\Sania Ansari\DoctorWeb
2009-04-29 21:31 . 2009-04-29 21:31 -------- d-----w c:\program files\CCleaner
2009-04-29 06:04 . 2009-04-29 05:58 8768 ----a-w c:\windows\system32\drivers\PCASp50.sys
2009-04-29 05:58 . 2009-04-29 05:58 4707 ----a-w c:\windows\system32\z98a.bin
2009-04-26 19:06 . 2009-04-26 19:06 -------- d--h--w C:\VJVod_Cache
2009-04-26 19:06 . 2009-04-26 19:06 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\nagasoft
2009-04-24 04:26 . 2009-04-29 23:23 -------- d-----w c:\windows\system32\nagasoft
2009-04-24 03:02 . 2009-04-24 03:02 -------- d-----w c:\documents and settings\All Users\Application Data\pixelStorm
2009-04-21 03:31 . 2009-04-21 03:31 -------- d-----w c:\program files\Veoh Networks
2009-04-15 05:13 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 05:13 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 05:12 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 05:12 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 05:12 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 05:12 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 05:12 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 05:12 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 05:12 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 05:12 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 05:12 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 05:12 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-09 04:57 . 2009-04-09 04:57 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 02:11 . 2009-01-22 16:05 -------- d-----w c:\program files\Symantec AntiVirus
2009-05-02 03:21 . 2007-01-28 01:52 -------- d-----w c:\program files\PrimoPDF
2009-05-01 19:50 . 2006-04-27 04:39 -------- d-----w c:\program files\BitComet
2009-05-01 19:50 . 2006-08-14 00:01 -------- d-----w c:\program files\Azureus
2009-04-21 07:48 . 2007-07-30 03:20 -------- d-----w c:\program files\Veoh
2009-04-20 03:01 . 2009-04-20 03:01 1263934 ----a-w c:\program files\Malwarebytes' Anti-Malware.rar
2009-04-11 20:25 . 2008-08-10 06:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 21:39 . 2008-03-18 20:38 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-06 19:32 . 2008-08-10 06:14 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-08-10 06:14 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-29 18:01 . 2009-03-29 01:57 -------- d-----w c:\program files\WaronFolvos_at
2009-03-21 00:12 . 2009-03-19 16:04 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-19 16:05 . 2009-03-19 16:05 89872 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-19 16:04 . 2009-03-19 15:55 -------- d-----w c:\program files\Microsoft
2009-03-19 16:04 . 2009-03-19 16:04 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-03-19 16:03 . 2009-03-19 15:54 -------- d-----w c:\program files\Windows Live
2009-03-19 15:59 . 2006-12-05 04:18 -------- d-----w c:\program files\Windows Live Toolbar
2009-03-19 15:58 . 2009-03-19 15:58 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-19 15:58 . 2009-03-19 15:58 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-19 15:54 . 2009-03-19 15:54 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-19 15:32 . 2009-03-19 15:32 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-19 03:57 . 2006-01-03 11:41 -------- d-----w c:\program files\Google
2009-03-14 02:34 . 2007-01-15 02:13 -------- d-----w c:\program files\iTunes
2009-03-14 02:33 . 2009-03-14 02:33 -------- d-----w c:\program files\iPod
2009-03-14 02:33 . 2008-11-25 01:14 -------- d-----w c:\program files\Common Files\Apple
2009-03-14 02:31 . 2009-03-14 02:30 -------- d-----w c:\program files\QuickTime
2009-03-06 14:22 . 2004-08-04 08:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 08:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 08:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 08:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 08:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 08:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 08:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 08:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 23:03 . 2009-02-06 23:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 22:08 . 2009-03-19 16:03 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-06 11:11 . 2004-08-04 08:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-04 08:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 08:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-04 08:00 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-03-18 20:34 . 2008-03-18 20:32 6735008 ----a-w c:\program files\Thunderbird Setup 2.0.0.12.exe
2007-07-17 22:33 . 2007-07-17 22:30 3753079 ----a-w c:\program files\MSReaderSetup.exe
2006-05-27 18:17 . 2006-05-27 18:16 16433280 ----a-w c:\program files\jre-1_5_0_05-windows-i586-p.exe
2006-04-23 12:45 . 2006-04-23 12:45 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobiLink Lite"="c:\program files\Novatel Wireless\MobiLink\Lite.exe" [2008-02-20 409672]
"RogersAgent"="c:\program files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 478968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-19 39408]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-02 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-02 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-02 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-05-18 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-13 185784]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 483328]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2005-11-22 61952]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-23 28160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-1-21 25214]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCASp50.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\Sania Ansari\\Desktop\\drjava-stable-20060127-2145.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\eclipse-java-europa-winter-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24303:TCP"= 24303:TCP:BitComet 24303 TCP
"24303:UDP"= 24303:UDP:BitComet 24303 UDP

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [19/03/2009 12:03 PM 55152]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [12/08/2007 8:02 PM 23200]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [14/03/2007 8:48 PM 116416]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 5:53 PM 226656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/02/2009 2:02 AM 101936]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 6:08 PM 533360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [05/05/2008 2:35 PM 13352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Sania Ansari\Application Data\Mozilla\Firefox\Profiles\m43pwysh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search/?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search/?fr=ffds1&p=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 22:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3932)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Novatel Wireless\Mobilink\Phoenix.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2009-05-06 22:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-06 02:25

Pre-Run: 29,498,544,128 bytes free
Post-Run: 29,487,284,224 bytes free

249 --- E O F --- 2009-04-30 00:07



----------------------------------------------------

ntblog.txt

Service Pack 3 5 5 2009 22:27:41.359
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver sptd.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver ACPI.sys
Loaded driver pci.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver viaide.sys
Loaded driver aliide.sys
Loaded driver pcmcia.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver ACPIEC.sys
Loaded driver \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver iaStor.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver WudfPf.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver serial.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\w39n51.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\DRIVERS\sdbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\rimmptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\rimsptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\rixdptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\CHDAud.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSF_DPV.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Loaded driver \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Loaded driver \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090504.005\navex15.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090504.005\naveng.sys
Loaded driver \??\C:\Program Files\Symantec AntiVirus\savrt.sys
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Did not load driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\Drivers\SYMTDI.SYS
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\Drivers\PCASp50.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\EABFiltr.sys
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Loaded driver \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\System32\Drivers\ppsio2.SYS
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys
Loaded driver \SystemRoot\system32\DRIVERS\secdrv.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\DOCUME~1\SANIAA~1\LOCALS~1\Temp\aujasnkj.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys

----------------------------------

sansari_rootrepeal

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/05/05 22:34
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000056
Image Path: \Driver\00000056
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA1702000 Size: 876544 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA13D7000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\ServicePackFiles\i386\avc.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\temp\etilqs_BZA8irDWq2WCeJiy41AI
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl
Status: Allocation size mismatch (API: 8192, Raw: 4096)

Path: C:\Documents and Settings\Sania Ansari\My Documents\My Music\[Dc] Dhoom 2 (hindi-Ost) (By.Kaptan Balwant) (Dc ExL) [DholCutz] Oct 2k6\[Ðc] 04 - Sukhbir, Soham Chakrabarthy, Jolly Mukherjee, Mahalaxmi Iyer & Suzanne - Dil Laga Na (By.Kaptan Balwant) [DholCutz].mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\36\36-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v36-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v36-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\59\59-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v59-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v59-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\00\100-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v100-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v100-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\01\101-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v101-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v101-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\01\14-{3D1423D7-93BF-1556-D2B2-F43A5E93220F}-v1-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v14-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\02\102-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v102-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v102-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\03\103-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v103-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v103-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\04\104-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v104-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v104-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\05\105-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v105-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v105-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\06\106-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v106-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v106-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\07\107-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v107-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v107-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\08\108-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v108-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v108-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\09\109-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v109-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v109-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\11\11-{991D8BAF-9FBA-430D-8A8D-5872CAB14DB3}-v11-{991D8BAF-9FBA-430D-8A8D-5872CAB14DB3}-v11-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\13\13-{991D8BAF-9FBA-430D-8A8D-5872CAB14DB3}-v13-{991D8BAF-9FBA-430D-8A8D-5872CAB14DB3}-v13-Partial.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\15\15-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v15-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v15-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\16\16-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v16-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v16-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\17\17-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v17-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v17-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\18\18-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v18-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v18-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\19\19-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v19-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v19-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\20\20-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v20-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v20-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\21\21-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v21-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v21-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\22\22-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v22-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v22-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\23\23-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v23-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v23-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\24\24-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v24-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v24-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\25\25-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v25-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v25-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\26\26-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v26-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v26-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\27\27-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v27-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v27-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\28\28-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v28-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v28-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\29\29-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v29-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v29-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\30\30-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v30-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v30-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\31\31-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v31-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v31-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\32\32-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v32-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v32-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\33\33-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v33-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v33-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\34\34-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v34-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v34-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\35\35-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v35-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v35-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\37\37-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v37-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v37-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\38\38-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v38-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v38-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\39\39-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v39-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v39-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\40\40-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v40-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v40-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\41\41-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v41-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v41-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\42\42-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v42-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v42-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\43\43-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v43-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v43-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\44\44-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v44-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v44-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\45\45-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v45-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v45-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\46\46-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v46-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v46-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\47\47-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v47-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v47-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\48\48-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v48-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v48-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\49\49-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v49-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v49-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\50\50-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v50-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v50-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\51\51-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v51-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v51-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\52\52-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v52-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v52-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\53\53-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v53-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v53-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\54\54-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v54-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v54-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\55\55-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v55-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v55-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\56\56-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v56-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v56-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\57\57-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v57-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v57-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\58\58-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v58-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v58-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\60\60-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v60-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v60-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\61\61-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v61-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v61-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\62\62-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v62-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v62-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\63\63-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v63-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v63-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\64\64-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v64-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v64-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\65\65-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v65-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v65-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\66\66-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v66-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v66-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\67\67-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v67-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v67-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\68\68-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v68-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v68-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\69\69-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v69-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v69-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\70\70-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v70-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v70-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\71\71-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v71-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v71-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\72\72-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v72-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v72-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\73\73-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v73-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v73-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\74\74-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v74-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v74-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\75\75-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v75-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v75-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\76\76-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v76-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v76-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\77\77-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v77-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v77-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\78\78-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v78-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v78-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\79\79-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v79-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v79-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\80\80-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v80-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v80-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sania Ansari\Local Settings\Application Data\Microsoft\Messenger\friend2die4@hotmail.com\SharingMetadata\asad_ar@hotmail.com\DFSR\Staging\CS{3D1423D7-93BF-1556-D2B2-F43A5E93220F}\81\81-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v81-{9395B887-CE03-4A3B-BF5C-03C7642B95FA}-v81-Downloaded.frx
Status: Locked to the Windows API!SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x86460f18

#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xf74190b0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xa56d9350

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf741e84e

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf741ebee

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf7419090

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf741ecc6

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "<unknown>" at address 0x864ccb88

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x863903f0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xa56d9580

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86fcf1d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x863753d8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x864181d8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x864181d8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x864181d8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x864181d8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x864181d8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864181d8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864181d8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x864181d8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x864181d8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864181d8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x864181d8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x864d0980 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x864d0980 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864d0980 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864d0980 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x864d0980 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864d0980 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x864d0980 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_CLOSE]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_POWER]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_PNP]
Process: System Address: 0x86fd01d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86fd11d8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x862fc708 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x862fc708 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862fc708 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x862fc708 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x862fc708 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x862fc708 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x864f4980 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x864f4980 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864f4980 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864f4980 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x864f4980 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864f4980 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x864f4980 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x86283498 Size: -

Object: Hidden Code [Driver: CdfsЅఄ灐†kbdclass.sys, IRP_MJ_CREATE]
Process: System Address: 0x862a07a8 Size: -

Object: Hidden Code [Driver: CdfsЅఄ灐†kbdclass.sys, IRP_MJ_CLOSE]
Process: System Address: 0x862a07a8 Size: -

Object: Hidden Code [Driver: CdfsЅఄ灐†kbdclass.sys, IRP_MJ_READ]
Process: System Address: 0x862a07a8 Size: -

Object: Hidden Code [Driver: CdfsЅఄ灐†kbdclass.sys, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x862a07a8 Size: -

Object: Hidden Code [Driver: CdfsЅఄ灐†kbdclass.sys, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x862a07a8 Size: -

Object: Hidden Code [Driver: CdfsЅఄ灐†kbdclass.sys, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x862a07a8 Size: -

Object: Hidden Code [Driver: CdfsЅఄ灐†kbdclass.sys, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x862a07a8 Size: -

Object: Hidden Code [Driver: CdfsЅఄ灐†kbdclass.sys, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x862a07a8 Size: -

Object: Hidden Code [Driver: CdfsЅఄ灐†kbdclass.sys, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862a07a8 Size: -

Object: Hidden Code [Driver: CdfsЅఄ灐†kbdclass.sys, IRP_MJ_SHUTDOWN]
Process: System Address: 0x862a07a8 Size: -

Object: Hidden Code [Driver: CdfsЅఄ灐†kbdclass.sys, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x862a07a8 Size: -

Object: Hidden Code [Driver: CdfsЅఄ灐†kbdclass.sys, IRP_MJ_CLEANUP]
Process: System Address: 0x862a07a8 Size: -

Object: Hidden Code [Driver: CdfsЅఄ灐†kbdclass.sys, IRP_MJ_PNP]
Process: System Address: 0x862a07a8 Size: -

#13
AdvancedSetup
Posted 06 May 2009 - 04:43 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Please post the log for STEP 5
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#14
sansari
Posted 06 May 2009 - 05:05 AM

    New Member

  • Members
  • Pip
  • 29 posts
The SigVERIF.txt file is too big to attach and you asked not to paste it. Can you allow me to zip and upload it?

#15
AdvancedSetup
Posted 06 May 2009 - 05:09 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Yes, please zip it and upload it. You should be able to attach it to your post as a ZIP file.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#16
AdvancedSetup
Posted 06 May 2009 - 05:11 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Are you running some CD-ROM emulation program like Daemon Tools ?
I see you have the sptd.sys file installed which is often installed by Daemon Tools or similar software.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#17
sansari
Posted 06 May 2009 - 05:16 AM

    New Member

  • Members
  • Pip
  • 29 posts
I have attached the file.

Attached Files


#18
sansari
Posted 06 May 2009 - 05:21 AM

    New Member

  • Members
  • Pip
  • 29 posts
I had Daemon tools installed on my computer couple of yrs back and I had uninstalled it as well. I dont believe I have it on my computer now unless its hiding somewhere because I remember deleting it and I dont see it anywhere as well.

#19
AdvancedSetup
Posted 06 May 2009 - 05:38 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Okay the Sig file looks good. Let me review your logs and I'll post back a new script soon. Do not restart the computer or we'll need to run this routine again. Hopefully the GMER reboot did not affect it.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#20
AdvancedSetup
Posted 06 May 2009 - 05:56 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
STEP 01
With all other applications closed (Taskbar empty), open HijackThis again
and run Do a system scan only and place a check mark on the following items.

  • O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
  • O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.idesitv.com/livetv.ocx
  • O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
  • O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
  • O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
  • O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
  • O18 - Protocol: bw+0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw+0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw-0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw-0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw00 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw00s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw10 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw10s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw20 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw20s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw30 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw30s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw40 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw40s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw50 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw50s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw60 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw60s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw70 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw70s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw80 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw80s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw90 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bw90s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwa0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwa0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwb0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwb0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwc0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwc0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwd0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwd0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwe0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwe0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwf0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwf0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
  • O18 - Protocol: bwg0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwg0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwh0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwh0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwi0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwi0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwj0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwj0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwk0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwk0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwl0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwl0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwm0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwm0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwn0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwn0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwo0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwo0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwp0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwp0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwq0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwq0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwr0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwr0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bws0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bws0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwt0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwt0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwu0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwu0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwv0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwv0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bww0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bww0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwx0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwx0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwy0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwy0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwz0 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: bwz0s - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  • O18 - Protocol: offline-8876480 - {8BADB5DD-F757-46FC-BB14-03FD742ED5B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    Then Quit All Browsers including the one you're reading this in now.
    Then click on Fix checked and then quit HJT

STEP 02
Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines
KILLALL::

Folder::
c:\documents and settings\Sania Ansari\DoctorWeb

File::
c:\windows\system32\z98a.bin
c:\program files\jre-1_5_0_05-windows-i586-p.exe
c:\windows\system32\drivers\ggflt.sys
C:\DOCUME~1\SANIAA~1\LOCALS~1\Temp\aujasnkj.sys
C:\Windows\system32\drivers\sptd.sys

Driver::
ggflt
vvdsvc
00000056
sptd

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vvdsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vvdsvc]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sptd]

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:
Posted Image
  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disconnect from the Internet.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  • It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.


STEP 03
Update and Scan with Malwarebytes' Anti-Malware
  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Then post back the MBAM log and a new Hijackthis log.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us