Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with gahehani.dll

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected with gahehani.dll

Unread postby cesonnepe » January 19th, 2010, 10:26 pm

My wife's laptop has become infected with a nasty trojan horse virus - gahehani.dll. My AVG virus protection doesn't seem to do any good for this. I am hoping to get help from this forum!

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:21 PM, on 1/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {d0a0a4f0-c3d7-456d-8c64-867e6596dde0} - jusirodo.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [yawovuwuza] Rundll32.exe "gahehani.dll",s
O4 - HKLM\..\Run: [viwigedef] Rundll32.exe "c:\windows\system32\fuwofapi.dll",a
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [mSpotAlltelRemix] "C:\Program Files\Alltel Jump Music\Remix\msptcmd.exe" /runcheck
O4 - S-1-5-18 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1280922703
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\dahogemu.dll vorosuka.dll c:\windows\system32\fuwofapi.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: pewozajew - {5a4df6b5-a476-405c-bdfb-8c7b8c476b93} - c:\windows\system32\dahogemu.dll (file missing)
O21 - SSODL: hasiniden - {a920e91c-62d7-46bd-9f2a-34c51760b673} - c:\windows\system32\sezibehe.dll (file missing)
O21 - SSODL: zivuvesaf - {595a1a8f-dff3-4d94-af72-bb8f576f8bc3} - c:\windows\system32\fuwofapi.dll
O22 - SharedTaskScheduler: mujuzedij - {5a4df6b5-a476-405c-bdfb-8c7b8c476b93} - c:\windows\system32\dahogemu.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {a920e91c-62d7-46bd-9f2a-34c51760b673} - c:\windows\system32\sezibehe.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {595a1a8f-dff3-4d94-af72-bb8f576f8bc3} - c:\windows\system32\fuwofapi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 14543 bytes


Here is the Uninstall log:

32 Bit HP CIO Components Installer
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
Alltel Jump Music 1.1.11
AVG 9.0
Before You Know It 3.6
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCScore
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
Customer Experience Enhancement
Disney Pirates of the Caribbean Online
Dungeon Lords
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
ESSvpaht
ESSvpot
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
HLPIndex
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Help and Support
HP Imaging Device Functions 12.0
HP Pavilion Webcam Demo
HP Pavilion Webcam Tray Icon
HP Photosmart Premier Software 6.0
HP Product Detection
HP PSC & OfficeJet 4.7
HP Quick Launch Buttons 6.00 G2
HP QuickPlay 2.1
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HP User Guides 0027
HP Wireless Assistant 2.00 E1
InterActual Player
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Kodak EasyShare software
KSU
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mouse Suite
Mozilla Firefox (3.5.7)
MPM
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Music Powered by Celltop 1.2.10
muvee autoProducer 4.5
My HP Game Console
Notifier
NVIDIA Drivers
OCR Software by I.R.I.S. 12.0
Office 2003 Trial Assistant
Officejet Pro 8500 A909 Series
OpenOffice.org 3.0
OptiPix™
OTtBPSDK
PCDADDIN
PCDHELP
Photo Viewer
Photo Viewer 2.3
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SFR
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
SHASTA
Shockwave 7.0.2 Player
Shop for HP Supplies
SKIN0001
SKINXSDK
Small Business Resource Guide 2000
SmartAudio
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Spanish To Go v1.2
Synaptics Pointing Device Driver
TBS WMP Plug-in
TEFView 2.65
The Bard's Tale
The Hobbit(TM)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URGE
Verizon Online
Verizon Yahoo! Internet Mail
VPRINTOL
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Wireless Home Network Setup
Yahoo! Install Manager
cesonnepe
Active Member
 
Posts: 12
Joined: January 19th, 2010, 9:59 pm
Advertisement
Register to Remove

Re: Infected with gahehani.dll

Unread postby MWR 3 day Mod » January 24th, 2010, 4:29 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Infected with gahehani.dll

Unread postby deltalima » January 24th, 2010, 11:13 am

Hi cesonnepe,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Infected with gahehani.dll

Unread postby deltalima » January 24th, 2010, 2:55 pm

Hi cesonnepe,

Run Combofix:

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if not, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:

The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exit

Click the YES button.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.

When finished ComboFix will produce a log file please post the contents of the log in your net reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Infected with gahehani.dll

Unread postby cesonnepe » January 24th, 2010, 9:44 pm

Deltalima -

Thank you so much for taking the time to help me out with this!

I disabled my AVG anti-virus software and ran Combofix. It took several hours to run, although it did produce a log report. This report is too large to post here (about 2.5M). It also eliminated all the icons on my desktop.

Any thoughts?? (I am trying running it again to see if the results are different)

Also, Combofix did not ask if I wanted to run a scan, it just ran automatically after I accepted the EULA.

I appreciate your assistance!

Chris S.
cesonnepe
Active Member
 
Posts: 12
Joined: January 19th, 2010, 9:59 pm

Re: Infected with gahehani.dll

Unread postby cesonnepe » January 24th, 2010, 10:32 pm

Deltalima -

I ran Combofix again, and it ran in about 15 - 20 minutes. It still appears to have erased everything off my desktop except the recycle bin!

The log is as follows:

ComboFix 10-01-24.01 - Christopher Sonne 01/24/2010 20:46:24.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1485 [GMT -5:00]
Running from: c:\documents and settings\Christopher Sonne\Desktop\ComboFix.exe
AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg9\cfg\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg9\cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg9\cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg9\cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg9\cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\commonpub.log
c:\documents and settings\All Users\Application Data\avg9\Log\commonpub.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\history.xml
c:\documents and settings\All Users\Application Data\avg9\Temp\6cf9bc22-0e5f-4efe-b966-b203a3798990-6c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\861b4209-2dca-4b6e-856e-da0f35e32a4e-70c-oopp.tmp
c:\documents and settings\All Users\Application Data\HP
c:\documents and settings\All Users\Application Data\InstallShield
c:\documents and settings\All Users\Application Data\InstallShield\UpdateService\Database\{4D2778E5-AD01-4e75-A6DA-1D5831514609}.ini
c:\documents and settings\All Users\Application Data\InstallShield\UpdateService\Database\isuspm.ini
c:\documents and settings\All Users\Application Data\Windows Genuine Advantage
c:\documents and settings\All Users\Application Data\Windows Genuine Advantage\data\data.dat
c:\documents and settings\All Users\Documents\My Music
c:\documents and settings\All Users\Documents\My Music\Desktop.ini
c:\documents and settings\All Users\Documents\My Videos
c:\documents and settings\All Users\Documents\My Videos\Desktop.ini
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini
c:\documents and settings\Christopher Sonne\Application Data\$_hpcst$.hpc
c:\documents and settings\Christopher Sonne\Desktop\ComboFix.exe
c:\documents and settings\Christopher Sonne\History
c:\documents and settings\Christopher Sonne\History\desktop.ini
c:\documents and settings\Christopher Sonne\History\History.IE5\desktop.ini
c:\documents and settings\Christopher Sonne\History\History.IE5\index.dat
c:\documents and settings\Christopher Sonne\History\History.IE5\MSHist012010012420100125\index.dat
c:\documents and settings\Christopher Sonne\Local Settings\Application Data\AtStart.txt
c:\documents and settings\Christopher Sonne\Local Settings\Application Data\DSwitch.txt
c:\documents and settings\Christopher Sonne\Local Settings\Application Data\IconCache.db
c:\documents and settings\Christopher Sonne\Local Settings\Application Data\QSwitch.txt
c:\documents and settings\Christopher Sonne\ntuser.ini
c:\documents and settings\LocalService\Local Settings\desktop.ini
c:\documents and settings\LocalService\ntuser.ini
c:\documents and settings\NetworkService\Local Settings\desktop.ini
c:\documents and settings\NetworkService\ntuser.ini
c:\documents and settings\All Users\Application Data\avg9 . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\Chjw\cm-0-p.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\Chjw\cm-1-p.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\Chjw\cm-2-i.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\Chjw\cm-2-p.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\Log\IDP\log\avgfws9_idp_SYSTEM.log . . . . failed to delete
c:\documents and settings\Christopher Sonne\Local Settings\Application Data\Microsoft . . . . failed to delete
c:\documents and settings\Christopher Sonne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat . . . . failed to delete
c:\documents and settings\Christopher Sonne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG . . . . failed to delete
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft . . . . failed to delete
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat . . . . failed to delete
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG . . . . failed to delete
c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft . . . . failed to delete
c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat . . . . failed to delete
c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-12-25 to 2010-01-25 )))))))))))))))))))))))))))))))
.

2010-01-25 02:02 . 2010-01-25 02:02 -------- d-sh--w- c:\documents and settings\Christopher Sonne\History
2010-01-25 02:02 . 2010-01-25 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-25 02:02 . 2010-01-25 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-01-20 02:22 . 2010-01-20 02:22 -------- d-----w- c:\program files\Trend Micro
2010-01-20 01:43 . 2010-01-20 01:47 -------- d-----w- C:\$AVG
2010-01-20 01:42 . 2010-01-20 01:42 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-01-20 01:42 . 2010-01-25 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 01:43 . 2008-11-28 14:52 -------- d-----w- c:\program files\AVG
2010-01-20 01:42 . 2008-11-28 14:53 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-20 01:42 . 2008-11-28 14:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-20 01:42 . 2008-11-28 14:53 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-20 01:42 . 2008-11-28 14:53 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-20 01:42 . 2008-11-28 14:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-20 01:42 . 2008-11-28 14:52 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-20 01:42 . 2008-11-28 14:52 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-07 19:10 . 2009-11-08 04:08 79488 ----a-w- c:\documents and settings\Priscilla\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-10 13:25 . 2007-02-13 04:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-29 07:46 . 2004-08-04 21:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 21:00 17408 ------w- c:\windows\system32\corpol.dll
2008-11-14 15:56 . 2008-11-14 15:56 44360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-14 15:56 . 2008-11-14 15:56 107928 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
2006-10-18 02:08 . 2006-10-18 02:08 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-21 7561216]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-09-20 61440]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-22 198160]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-20 2033432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-20 01:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Documents and Settings\\Priscilla\\Local Settings\\Temp\\HP\\OJP8500vA909_Full_12\\setup\\hpznui01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\\setup\\hpznui01.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/19/2010 8:42 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/28/2008 9:53 AM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/28/2008 9:53 AM 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/28/2008 9:53 AM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/19/2010 8:42 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [1/19/2010 8:42 PM 2304192]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [11/28/2008 9:52 AM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/19/2010 8:42 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/19/2010 8:42 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/19/2010 8:42 PM 25736]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/19/2010 8:42 PM 5832712]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [11/28/2008 9:52 AM 30104]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\CHRIST~1\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\CHRIST~1\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 Flash1;Flash1;c:\swsetup\SP38062\winphlash\FLASH1.sys [3/1/2006 5:54 PM 3456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Christopher Sonne\Application Data\Mozilla\Firefox\Profiles\uh1nbegg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://sso.verizon.net/ssowebapp/VOLPo ... uery=22958
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{D32470A1-B10C-4059-BA53-CF0486F68EBC} - c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0007_55fdbb\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 21:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????H??????????????|?M?|?????M?|??@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(332)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ICO.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\AVG\AVG9\avgchsvx.exe
.
**************************************************************************
.
Completion time: 2010-01-24 21:15:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-25 02:15

Pre-Run: 4,782,161,920 bytes free
Post-Run: 4,713,975,808 bytes free

- - End Of File - - 231E89405DA4A935CC4D561581FA5342
cesonnepe
Active Member
 
Posts: 12
Joined: January 19th, 2010, 9:59 pm

Re: Infected with gahehani.dll

Unread postby deltalima » January 25th, 2010, 3:26 pm

Hi cesonnepe,

Let's put your desktop icons back.

Download this this file

Next double click on CFDQ-UsrPrf.exe to run it.

Do NOT reboot. As infections may have also been restored, immediately after running the tool, download a fresh copy of ComboFix.exe to your desktop from one of these locations:

Link 1
Link 2

  • Disable Anti Virus and any active protection programs
  • Double click ComboFix.exe to run it and post the ComboFix.txt in your next reply
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Infected with gahehani.dll

Unread postby cesonnepe » January 26th, 2010, 11:15 pm

I got my desktop restored - Thanks!

Here is the Combofix log:

ComboFix 10-01-26.02 - Christopher Sonne 01/26/2010 21:58:53.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1317 [GMT -5:00]
Running from: c:\documents and settings\Christopher Sonne\Desktop\ComboFix.exe
AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-27 02:19 . 2010-01-27 02:19 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\mSpot
2010-01-27 02:01 . 2010-01-27 02:01 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2010-01-27 02:01 . 2010-01-27 02:01 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Yahoo
2010-01-27 02:01 . 2010-01-27 02:01 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\QuickPlay
2010-01-27 02:01 . 2010-01-27 02:01 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Myst V End of Ages
2010-01-27 02:01 . 2010-01-27 02:01 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\MTV Networks
2010-01-27 02:00 . 2010-01-27 02:00 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Mozilla
2010-01-27 01:58 . 2010-01-27 01:58 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Joost
2010-01-27 01:58 . 2010-01-27 01:58 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\IsolatedStorage
2010-01-27 01:58 . 2010-01-27 01:58 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\inXile entertainment
2010-01-27 01:58 . 2010-01-27 01:58 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Identities
2010-01-27 01:44 . 2010-01-27 01:44 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\HP
2010-01-27 01:43 . 2010-01-27 01:43 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Google
2010-01-27 01:43 . 2010-01-27 01:43 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\AVG Security Toolbar
2010-01-27 01:43 . 2010-01-27 01:43 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\ApplicationHistory
2010-01-27 01:43 . 2010-01-27 01:43 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Apple Computer
2010-01-27 01:43 . 2010-01-27 01:43 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Adobe
2010-01-27 01:43 . 2009-08-11 21:16 73656 ----a-w- c:\documents and settings\Priscilla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 01:43 . 2006-09-06 00:50 132 ----a-w- c:\documents and settings\Priscilla\Local Settings\Application Data\fusioncache.dat
2010-01-27 01:32 . 2010-01-27 01:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-01-27 01:32 . 2010-01-27 01:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2010-01-27 01:32 . 2010-01-27 01:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\HP
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Microsoft
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\IsolatedStorage
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\HP
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory
2010-01-27 01:31 . 2009-11-09 03:55 73656 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 01:31 . 2007-04-30 22:37 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Application Data\Lavasoft
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Application Data\Intuit
2010-01-27 01:30 . 2010-01-27 01:30 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\QuickPlay
2010-01-27 01:30 . 2010-01-27 01:30 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2010-01-27 01:30 . 2010-01-27 01:30 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\Mozilla
2010-01-27 01:29 . 2010-01-27 01:29 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\IsolatedStorage
2010-01-27 01:29 . 2010-01-27 01:29 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\HP
2010-01-27 01:29 . 2010-01-27 01:29 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\Google
2010-01-27 01:29 . 2010-01-27 02:55 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\ApplicationHistory
2010-01-27 01:29 . 2010-01-27 01:29 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\Autodesk
2010-01-27 01:29 . 2010-01-27 01:29 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\Apple Computer
2010-01-27 01:29 . 2010-01-27 01:29 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\Adobe
2010-01-27 01:29 . 2010-01-20 01:11 73656 ----a-w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 01:29 . 2006-08-23 08:20 140 ----a-w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\fusioncache.dat
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\UVC
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\The Hobbit
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\OpenOffice.org2
2010-01-27 01:28 . 2009-02-11 02:53 1 ----a-w- c:\documents and settings\Christopher Sonne\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\OpenOffice.org
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\Leadertech
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\Intuit
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\HpUpdate
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\HP
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\GTek
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\AVG9
2010-01-27 01:26 . 2008-03-08 05:22 127 ----a-w- c:\documents and settings\Bill\Local Settings\Application Data\fusioncache.dat
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\Bill\Application Data\OpenOffice.org2
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\Bill\Application Data\Leadertech
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\Bill\Application Data\Intuit
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\Bill\Application Data\HP
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\All Users\DRM
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-27 01:23 . 2010-01-27 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-01-27 01:23 . 2010-01-27 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2010-01-27 01:23 . 2010-01-27 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-01-27 01:23 . 2010-01-27 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Transparent
2010-01-27 01:21 . 2008-10-25 13:21 7168 ----a-w- c:\documents and settings\All Users\Application Data\HP\LGT\Data\Models\Images\B8800\hpqlgtmsm.dll
2010-01-25 02:37 . 2010-01-25 00:08 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\mSpot
2010-01-25 02:36 . 2010-01-27 02:00 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Microsoft
2010-01-25 02:36 . 2010-01-24 23:50 -------- d-sh--w- c:\documents and settings\Priscilla\History
2010-01-25 02:02 . 2010-01-27 01:27 -------- d-sh--w- c:\documents and settings\Christopher Sonne\History
2010-01-25 02:02 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-25 02:02 . 2010-01-24 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-01-20 02:22 . 2010-01-20 02:22 -------- d-----w- c:\program files\Trend Micro
2010-01-20 01:43 . 2010-01-20 01:47 -------- d-----w- C:\$AVG
2010-01-20 01:42 . 2010-01-20 01:42 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-01-20 01:42 . 2010-01-27 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 02:46 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2010-01-27 02:25 . 2006-07-29 10:00 -------- d-----w- c:\program files\Hp
2010-01-27 02:23 . 2006-07-29 10:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 01:27 . 2010-01-27 01:27 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\ArchosLink
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SBSI
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-01-27 01:21 . 2010-01-27 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-01-27 01:21 . 2010-01-27 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-27 01:21 . 2010-01-27 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-25 02:03 . 2010-01-27 01:27 402 ----a-w- c:\documents and settings\Christopher Sonne\Application Data\_$_hpcst$_.hpc.zip
2010-01-20 01:43 . 2008-11-28 14:52 -------- d-----w- c:\program files\AVG
2010-01-20 01:42 . 2008-11-28 14:53 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-20 01:42 . 2008-11-28 14:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-20 01:42 . 2008-11-28 14:53 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-20 01:42 . 2008-11-28 14:53 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-20 01:42 . 2008-11-28 14:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-20 01:42 . 2008-11-28 14:52 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-20 01:42 . 2008-11-28 14:52 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-07 19:10 . 2009-11-08 04:08 79488 ----a-w- c:\documents and settings\Priscilla\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-06 03:46 . 2010-01-27 01:35 1 ----a-w- c:\documents and settings\Priscilla\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-17 20:07 . 2010-01-27 01:27 0 ----a-w- c:\documents and settings\Bill\Local Settings\Application Data\prvlcl.dat
2009-12-10 13:25 . 2007-02-13 04:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-29 07:46 . 2004-08-04 21:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 21:00 17408 ------w- c:\windows\system32\corpol.dll
2008-11-14 15:56 . 2008-11-14 15:56 44360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-14 15:56 . 2008-11-14 15:56 107928 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
2006-10-18 02:08 . 2006-10-18 02:08 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-21 7561216]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-09-20 61440]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-22 198160]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-20 2033432]

c:\documents and settings\Christopher Sonne\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe [2006-8-23 98304]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-20 01:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Documents and Settings\\Priscilla\\Local Settings\\Temp\\HP\\OJP8500vA909_Full_12\\setup\\hpznui01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\\setup\\hpznui01.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/19/2010 8:42 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/28/2008 9:53 AM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/28/2008 9:53 AM 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/28/2008 9:53 AM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/19/2010 8:42 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [1/19/2010 8:42 PM 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/19/2010 8:42 PM 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [11/28/2008 9:52 AM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/19/2010 8:42 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/19/2010 8:42 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/19/2010 8:42 PM 25736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [11/28/2008 9:52 AM 30104]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\CHRIST~1\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\CHRIST~1\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 Flash1;Flash1;c:\swsetup\SP38062\winphlash\FLASH1.sys [3/1/2006 5:54 PM 3456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Christopher Sonne\Application Data\Mozilla\Firefox\Profiles\uh1nbegg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://sso.verizon.net/ssowebapp/VOLPo ... uery=22958
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 22:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????H??????????????|?M?|?????M?|??@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1348)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-26 22:16:43
ComboFix-quarantined-files.txt 2010-01-27 03:16
ComboFix2.txt 2010-01-25 02:15

Pre-Run: 8,861,372,416 bytes free
Post-Run: 8,813,907,968 bytes free

- - End Of File - - 821BDB401792FF60AAF5A622692C53C6
cesonnepe
Active Member
 
Posts: 12
Joined: January 19th, 2010, 9:59 pm

Re: Infected with gahehani.dll

Unread postby deltalima » January 27th, 2010, 3:56 pm

Hi cesonnepe,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with two logs from the OTL scan in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Infected with gahehani.dll

Unread postby cesonnepe » January 28th, 2010, 6:45 am

Here are the various scan logs:

OTL:

OTL logfile created on: 1/27/2010 3:35:58 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Christopher Sonne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.05 Gb Total Space | 10.24 Gb Free Space | 15.99% Space Free | Partition Type: NTFS
Drive D: | 9.45 Gb Total Space | 1.24 Gb Free Space | 13.13% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 983.70 Mb Total Space | 383.70 Mb Free Space | 39.01% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CES_LAPTOP
Current User Name: Christopher Sonne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Christopher Sonne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Hp\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
PRC - C:\WINDOWS\system32\ICO.EXE (Primax Electronics Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Christopher Sonne\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (KodakCCS) -- File not found
SRV - (Autodesk Licensing Service) -- File not found
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files\Hp\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\Hp\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- C:\Program Files\Hp\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies )
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (GcKernel) -- C:\WINDOWS\system32\drivers\gckernel.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (grmnusb) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (MCSTRM) -- C:\WINDOWS\system32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (Flash1) -- C:\SwSetup\SP38062\winphlash\FLASH1.sys ()
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (BTNetFilter) -- C:\WINDOWS\system32\drivers\BTNetFilter.sys ()
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation)
DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation)
DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys ()
DRV - (BT) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys (IVT Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (SONYPVU1) Sony USB Filter Driver (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage

IE - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\S-1-5-21-1421354407-2458812674-931217484-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://sso.verizon.net/ssowebapp/VOLPortalLogin?ActualTarget=https://netservices.verizon.net/portal/verizon/protected/afterssologin.jsp?a=b|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official|http://www.weatherunderground.com/cgi-bin/findweather/getForecast?query=22958"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.1.0.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/19 20:42:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/01/19 20:42:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/31 22:12:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/10 08:39:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/10 08:39:54 | 00,000,000 | ---D | M]

[2009/02/05 09:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Sonne\Application Data\Mozilla\Extensions
[2009/04/26 19:34:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Sonne\Application Data\Mozilla\Firefox\Profiles\uh1nbegg.default\extensions
[2007/08/12 08:27:52 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Sonne\Application Data\Mozilla\Firefox\Profiles\uh1nbegg.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/01/10 11:40:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/14 10:56:59 | 00,044,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/11/14 10:56:59 | 00,107,928 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/06/19 04:16:24 | 00,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
[2008/11/14 10:56:58 | 00,057,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2008/06/19 04:16:24 | 00,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
[2006/11/29 15:02:22 | 00,142,848 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrk7.dll
[2008/08/20 18:21:30 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/03/09 18:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/01/24 21:02:26 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\Christopher Sonne\Start Menu\Programs\StartUp\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 1280922703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Wave Aqua.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave Aqua.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/27 15:32:21 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christopher Sonne\Desktop\OTL.exe
[2010/01/27 14:43:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\Apple Computer
[2010/01/27 14:28:11 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/26 21:19:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\mSpot
[2010/01/26 20:32:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/01/26 20:32:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/26 20:32:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2010/01/26 20:32:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
[2010/01/26 20:31:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\The Hobbit
[2010/01/26 20:31:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\Symantec
[2010/01/26 20:31:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\PLU250
[2010/01/26 20:31:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\My Videos
[2010/01/26 20:30:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\My Music
[2010/01/26 20:30:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\My Garmin
[2010/01/26 20:30:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\Bluetooth
[2010/01/26 20:30:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\QuickPlay
[2010/01/26 20:30:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/01/26 20:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\Mozilla
[2010/01/26 20:29:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\IsolatedStorage
[2010/01/26 20:29:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\HP
[2010/01/26 20:29:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\Google
[2010/01/26 20:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\Autodesk
[2010/01/26 20:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\ApplicationHistory
[2010/01/26 20:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\Apple Computer
[2010/01/26 20:29:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\Adobe
[2010/01/26 20:29:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Desktop\Tab Software & Music
[2010/01/26 20:28:49 | 00,561,152 | ---- | C] (Joshua F. Madison) -- C:\Documents and Settings\Christopher Sonne\Desktop\Convert.exe
[2010/01/26 20:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\UVC
[2010/01/26 20:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\The Hobbit
[2010/01/26 20:28:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\OpenOffice.org2
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\OpenOffice.org
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\Leadertech
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\Intuit
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\HpUpdate
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\HP
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\GTek
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\AVG9
[2010/01/26 20:27:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\ArchosLink
[2010/01/26 20:26:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\DRM
[2010/01/26 20:26:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/01/26 20:23:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/01/26 20:23:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/01/26 20:23:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2010/01/26 20:23:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/01/26 20:22:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/01/26 20:22:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/01/26 20:22:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2010/01/26 20:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/01/26 20:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/01/26 20:22:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/01/26 20:22:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/01/26 20:22:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/01/26 20:22:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2010/01/26 20:22:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/01/26 20:21:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/01/26 20:21:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/26 20:20:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/01/24 21:02:39 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Christopher Sonne\History
[2010/01/24 21:02:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/01/24 21:02:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/01/24 21:02:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/01/24 21:02:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/01/24 21:02:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/01/24 18:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/24 17:58:41 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/24 17:55:35 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/24 17:55:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/24 17:55:35 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/24 17:55:35 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/24 17:55:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/24 17:55:13 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/19 21:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/19 20:43:12 | 00,000,000 | ---D | C] -- C:\$AVG
[2010/01/19 20:42:43 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/01/19 20:42:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/11/28 09:35:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/28 09:35:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/05/18 13:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2005/09/24 11:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/27 15:09:16 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Christopher Sonne\Desktop\r30utlb5.exe
[2010/01/27 15:08:34 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Sonne\Desktop\OTL.exe
[2010/01/27 14:45:39 | 03,932,160 | -H-- | M] () -- C:\Documents and Settings\Christopher Sonne\ntuser.dat
[2010/01/27 14:25:28 | 00,001,405 | ---- | M] () -- C:\hpqp.ini
[2010/01/26 22:23:42 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/26 22:16:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/26 22:09:26 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/26 21:57:27 | 05,923,840 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/01/26 21:57:20 | 04,490,240 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/01/26 21:54:20 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/01/26 21:54:12 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/26 21:54:08 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/26 21:49:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/26 21:49:49 | 20,789,12512 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/26 21:48:24 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Christopher Sonne\ntuser.ini
[2010/01/26 21:48:02 | 02,679,064 | -H-- | M] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\IconCache.db
[2010/01/26 20:14:46 | 03,837,551 | R--- | M] () -- C:\Documents and Settings\Christopher Sonne\Desktop\ComboFix.exe
[2010/01/26 20:04:06 | 00,660,480 | ---- | M] () -- C:\Documents and Settings\Christopher Sonne\Desktop\CFDQ-UsrPrf.exe
[2010/01/24 21:39:16 | 00,002,688 | ---- | M] () -- C:\WINDOWS\System32\settings.aaw
[2010/01/24 21:39:16 | 00,000,960 | ---- | M] () -- C:\WINDOWS\System32\history.aaw
[2010/01/24 21:03:07 | 00,000,402 | ---- | M] () -- C:\Documents and Settings\Christopher Sonne\Application Data\_$_hpcst$_.hpc.zip
[2010/01/24 21:02:39 | 00,002,508 | ---- | M] () -- C:\Documents and Settings\Christopher Sonne\Application Data\$_hpcst$.hpc
[2010/01/24 21:02:26 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/24 17:58:45 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2010/01/19 20:53:17 | 00,557,283 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/01/19 20:43:01 | 48,053,597 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/19 20:42:56 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/19 20:42:56 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/19 20:42:56 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/19 20:42:56 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/19 20:42:44 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/01/19 20:42:43 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/01/19 20:42:43 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/19 20:42:43 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/01/19 20:42:43 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/19 20:42:15 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/01/19 20:42:15 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/01/19 20:11:18 | 00,073,656 | ---- | M] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/19 20:05:04 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tizuliho
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\tizuliho
[2010/01/27 15:32:25 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\r30utlb5.exe
[2010/01/26 20:32:01 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/01/26 20:31:45 | 00,000,864 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Start Menu\Programs\StartUp\OpenOffice.org 3.0.lnk
[2010/01/26 20:30:49 | 00,010,344 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\My Documents\Fence Estimate.ods
[2010/01/26 20:30:49 | 00,000,343 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\My Documents\acad.err
[2010/01/26 20:29:20 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/26 20:29:20 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\fusioncache.dat
[2010/01/26 20:29:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\FnF4.txt
[2010/01/26 20:28:50 | 00,898,048 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\Spreadsheet_Redevelopment_Beta_revised 03-04-09.xls
[2010/01/26 20:28:50 | 00,897,536 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\Spreadsheet_Beta_revised 03-04-09.xls
[2010/01/26 20:28:50 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\Windows Media Player.lnk
[2010/01/26 20:28:50 | 00,000,179 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\Removable Disk (F).lnk
[2010/01/26 20:28:49 | 00,207,360 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\Engineering.civil.survey.RFP.Scan.doc
[2010/01/26 20:28:49 | 00,151,552 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\FormulaConvsTest_8_16_06.doc
[2010/01/26 20:28:49 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\House of Prayer_v2.xls
[2010/01/26 20:28:49 | 00,002,044 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\Microsoft Office Excel 2003.lnk
[2010/01/26 20:28:30 | 09,509,338 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\ArchosLinkSetup_2_0_0_0.exe
[2010/01/26 20:27:47 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Application Data\AdobeDLM.log
[2010/01/26 20:27:47 | 00,000,402 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Application Data\_$_hpcst$_.hpc.zip
[2010/01/26 20:27:47 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Application Data\WorkingFolders.xml
[2010/01/26 20:27:47 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Application Data\dm.ini
[2010/01/26 20:26:46 | 00,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2010/01/26 20:26:46 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/01/26 20:26:46 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2010/01/26 20:26:46 | 00,000,631 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk
[2010/01/26 20:26:31 | 05,923,840 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/01/26 20:26:29 | 04,490,240 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/01/26 20:26:29 | 00,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play The Hobbit(TM).lnk
[2010/01/26 20:26:29 | 00,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Alltel Jump Music.lnk
[2010/01/26 20:26:29 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/26 20:26:29 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/01/26 20:26:29 | 00,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/01/26 20:26:29 | 00,000,959 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pirates of the Caribbean Online.lnk
[2010/01/26 20:26:29 | 00,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InterActual Player.lnk
[2010/01/26 20:26:29 | 00,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EOS Utility.lnk
[2010/01/26 20:26:29 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/01/26 20:21:49 | 03,837,551 | R--- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\ComboFix.exe
[2010/01/26 20:20:55 | 00,004,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/01/26 20:18:42 | 00,660,480 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\CFDQ-UsrPrf.exe
[2010/01/26 20:12:03 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\DSwitch.txt
[2010/01/26 20:12:02 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\QSwitch.txt
[2010/01/26 20:12:02 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\AtStart.txt
[2010/01/24 21:36:41 | 00,000,278 | -HS- | C] () -- C:\Documents and Settings\Christopher Sonne\ntuser.ini
[2010/01/24 21:02:39 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Application Data\$_hpcst$.hpc
[2010/01/24 19:19:11 | 00,002,688 | ---- | C] () -- C:\WINDOWS\System32\settings.aaw
[2010/01/24 19:19:11 | 00,000,960 | ---- | C] () -- C:\WINDOWS\System32\history.aaw
[2010/01/24 17:58:45 | 00,000,223 | ---- | C] () -- C:\Boot.bak
[2010/01/24 17:58:42 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/24 17:55:35 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/24 17:55:35 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/24 17:55:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/24 17:55:35 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/24 17:55:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/22 13:23:30 | 00,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/22 21:48:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/01/01 16:57:23 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/01/14 16:47:06 | 00,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/08/12 08:56:56 | 00,001,481 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2007/05/18 13:13:01 | 00,008,181 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2007/05/18 13:13:01 | 00,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2007/02/12 22:26:29 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007/02/12 22:26:29 | 00,011,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2007/02/06 22:31:15 | 00,001,091 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2007/02/06 22:04:32 | 00,000,141 | ---- | C] () -- C:\WINDOWS\asym.ini
[2007/02/06 22:04:32 | 00,000,049 | ---- | C] () -- C:\WINDOWS\mtb30.ini
[2007/01/05 19:43:02 | 00,000,054 | ---- | C] () -- C:\WINDOWS\TOPO2.INI
[2007/01/05 19:23:23 | 00,000,112 | ---- | C] () -- C:\WINDOWS\Topo.INI
[2006/12/30 22:37:55 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/29 15:02:25 | 00,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/09/30 06:30:50 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/09/09 19:01:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2006/08/24 21:59:01 | 00,000,027 | ---- | C] () -- C:\WINDOWS\SmartAudio.INI
[2006/07/29 08:07:18 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/07/29 08:04:35 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/07/29 07:36:29 | 00,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/29 07:23:11 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/29 05:02:07 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/07/29 05:01:54 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/29 05:01:54 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/29 05:01:54 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/29 05:01:54 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/29 05:01:53 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/27 12:00:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/27 11:20:24 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/27 11:17:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/02 13:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
< End of report >


OTL Extras Log:

OTL Extras logfile created on: 1/27/2010 3:35:58 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Christopher Sonne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.05 Gb Total Space | 10.24 Gb Free Space | 15.99% Space Free | Partition Type: NTFS
Drive D: | 9.45 Gb Total Space | 1.24 Gb Free Space | 13.13% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 983.70 Mb Total Space | 383.70 Mb Free Space | 39.01% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CES_LAPTOP
Current User Name: Christopher Sonne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Documents and Settings\Priscilla\Local Settings\Temp\HP\OJP8500vA909_Full_12\setup\hpznui01.exe" = C:\Documents and Settings\Priscilla\Local Settings\Temp\HP\OJP8500vA909_Full_12\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe" = C:\Program Files\Hp\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Hp\HP Software Update\HPWUCli.exe" = C:\Program Files\Hp\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Documents and Settings\Priscilla\Local Settings\Temp\HP\OJP8500vA909_Full_12\setup\hpznui01.exe" = C:\Documents and Settings\Priscilla\Local Settings\Temp\HP\OJP8500vA909_Full_12\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe" = C:\Program Files\Hp\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{023FFB0A-C5DB-4930-B3E4-D48266C21738}" = The Hobbit(TM)
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0C23BEBC-0429-4254-A83F-15C591AB768A}" = HP Pavilion Webcam Tray Icon
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 G2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.1
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}" = HP User Guides 0027
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE53BB2F-FD8F-48b9-AC90-207D0D8EE028}" = 8500A909a
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF679535-E8F2-42C4-9C33-0A13CAFCAF8E}" = Before You Know It 3.6
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F54F8559-F5CD-4007-9E9D-3F52902F9DE1}" = OptiPix™
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Alltel Jump Music 1.1.11" = Alltel Jump Music 1.1.11
"AVG9Uninstall" = AVG 9.0
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_wis30B5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"EOS Utility" = Canon Utilities EOS Utility
"HijackThis" = HijackThis 2.0.2
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{023FFB0A-C5DB-4930-B3E4-D48266C21738}" = The Hobbit(TM)
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InterActual Player" = InterActual Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mSpot" = Music Powered by Celltop 1.2.10
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Viewer" = Photo Viewer 2.3
"PhotoStitch" = Canon Utilities PhotoStitch
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shockwave 7.0.2 Player" = Shockwave 7.0.2 Player
"Small Business Resource Guide 2000" = Small Business Resource Guide 2000
"Spanish To Go v1.2" = Spanish To Go v1.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TEFView_is1" = TEFView 2.65
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Mail" = Verizon Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2010 10:19:41 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =

Error - 1/26/2010 10:19:41 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =

Error - 1/26/2010 10:19:42 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =

Error - 1/26/2010 10:19:42 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =

Error - 1/26/2010 10:19:43 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =

Error - 1/26/2010 10:19:43 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =

Error - 1/26/2010 10:19:43 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =

Error - 1/26/2010 10:19:43 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =

Error - 1/26/2010 10:19:44 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =

Error - 1/26/2010 10:19:44 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =

[ System Events ]
Error - 12/20/2009 7:41:14 PM | Computer Name = CES_LAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/8/2010 11:35:01 AM | Computer Name = CES_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/8/2010 11:35:12 AM | Computer Name = CES_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/17/2010 3:55:15 PM | Computer Name = CES_LAPTOP | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/17/2010 4:01:37 PM | Computer Name = CES_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/17/2010 4:01:47 PM | Computer Name = CES_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/24/2010 9:36:15 PM | Computer Name = CES_LAPTOP | Source = Service Control Manager | ID = 7034
Description = The AVG Firewall service terminated unexpectedly. It has done this
1 time(s).

Error - 1/24/2010 9:36:42 PM | Computer Name = CES_LAPTOP | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 1/24/2010 10:34:12 PM | Computer Name = CES_LAPTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000000D'
while processing the file 'BOOT.INI' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 1/26/2010 9:10:53 PM | Computer Name = CES_LAPTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >


GMER Log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-28 05:45:58
Windows 5.1.2600 Service Pack 3
Running: r30utlb5.exe; Driver: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\pwdoakob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF0459470]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xF0459520]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF04595C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF0459660]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5C57360, 0x2216ED, 0xE8000020]
? C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0011b107a366 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b107a366 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a366
Reg HKLM\SOFTWARE\Classes\CLSID\{1B8B7182-BE22-8BCC-2BB6-E005ECD5FE7E}\LocalService@ ShellHWDetection
Reg HKLM\SOFTWARE\Classes\CLSID\{1B8B7182-BE22-8BCC-2BB6-E005ECD5FE7E}\LocalService@ThreadingModel Free
Reg HKLM\SOFTWARE\Classes\CLSID\{1B8B7182-BE22-8BCC-2BB6-E005ECD5FE7E}\ProgID@ AutoplayHandlerProperties.1
Reg HKLM\SOFTWARE\Classes\CLSID\{1B8B7182-BE22-8BCC-2BB6-E005ECD5FE7E}\VersionIndependentProgID@ AutoplayHandlerProperties

---- EOF - GMER 1.0.15 ----
cesonnepe
Active Member
 
Posts: 12
Joined: January 19th, 2010, 9:59 pm

Re: Infected with gahehani.dll

Unread postby deltalima » January 28th, 2010, 11:38 am

Hi cesonnepe,

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Malwarebytes Anti-Malware:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please post the Malwarebytes log and the OTL log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Infected with gahehani.dll

Unread postby cesonnepe » January 28th, 2010, 7:38 pm

Here are the results from the OTL Fix log and the Malwarebytes log (note that no malware was found).


OTL Fix Log:


========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall" | 1 /E : value set successfully!

OTL by OldTimer - Version 3.1.27.0 log created on 01282010_181220


Malwarebytes Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3654
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

1/28/2010 6:40:26 PM
mbam-log-2010-01-28 (18-40-26).txt

Scan type: Quick Scan
Objects scanned: 144026
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
cesonnepe
Active Member
 
Posts: 12
Joined: January 19th, 2010, 9:59 pm

Re: Infected with gahehani.dll

Unread postby deltalima » January 29th, 2010, 6:56 am

Hi cesonnepe,

ComboFix - CFScript
WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!


You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    KILLALL::
    Collect::
    c:\docume~1\CHRIST~1\LOCALS~1\Temp\ewdmaudn.sys
    Driver::
    ewdmaudn
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

    Image

    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!

    When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
  5. Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Infected with gahehani.dll

Unread postby cesonnepe » January 29th, 2010, 7:43 am

When I performed the last task, my computer rebooted after the scan (I was not in the room, so I don't know if there was any dialogue that came up prior to rebooting). Upon logging back into the computer, I see the Combofix screen is up saying it is preparing the Log Report. I will post this report as soon as it finishes generating it.

I don't know if the reboot signifies a problem, and if I need to rerun Combofix...
cesonnepe
Active Member
 
Posts: 12
Joined: January 19th, 2010, 9:59 pm

Re: Infected with gahehani.dll

Unread postby cesonnepe » January 29th, 2010, 7:54 am

Here is the ComboFix log:

ComboFix 10-01-26.02 - Christopher Sonne 01/29/2010 6:26.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1346 [GMT -5:00]
Running from: c:\documents and settings\Christopher Sonne\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Christopher Sonne\Desktop\CFScript.txt
AV: AVG Internet Security 3-pack *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EWDMAUDN
-------\Service_ewdmaudn


((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))
.

2010-01-28 23:14 . 2010-01-28 23:14 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\Malwarebytes
2010-01-28 23:14 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 23:14 . 2010-01-28 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-28 23:14 . 2010-01-28 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 23:14 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-28 23:12 . 2010-01-28 23:12 -------- d-----w- C:\_OTL
2010-01-27 19:43 . 2010-01-27 19:43 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\Apple Computer
2010-01-27 02:19 . 2010-01-27 02:19 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\mSpot
2010-01-27 02:01 . 2010-01-27 02:01 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2010-01-27 02:01 . 2010-01-27 02:01 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Yahoo
2010-01-27 02:01 . 2010-01-27 02:01 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\QuickPlay
2010-01-27 02:01 . 2010-01-27 02:01 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Myst V End of Ages
2010-01-27 02:01 . 2010-01-27 02:01 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\MTV Networks
2010-01-27 02:00 . 2010-01-27 02:00 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Mozilla
2010-01-27 01:58 . 2010-01-27 01:58 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Joost
2010-01-27 01:58 . 2010-01-27 01:58 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\IsolatedStorage
2010-01-27 01:58 . 2010-01-27 01:58 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\inXile entertainment
2010-01-27 01:58 . 2010-01-27 01:58 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Identities
2010-01-27 01:44 . 2010-01-27 01:44 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\HP
2010-01-27 01:43 . 2010-01-27 01:43 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Google
2010-01-27 01:43 . 2010-01-27 01:43 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\AVG Security Toolbar
2010-01-27 01:43 . 2010-01-27 01:43 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\ApplicationHistory
2010-01-27 01:43 . 2010-01-27 01:43 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Apple Computer
2010-01-27 01:43 . 2010-01-27 01:43 -------- d-----w- c:\documents and settings\Priscilla\Local Settings\Application Data\Adobe
2010-01-27 01:43 . 2009-08-11 21:16 73656 ----a-w- c:\documents and settings\Priscilla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 01:43 . 2006-09-06 00:50 132 ----a-w- c:\documents and settings\Priscilla\Local Settings\Application Data\fusioncache.dat
2010-01-27 01:32 . 2010-01-27 01:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-01-27 01:32 . 2010-01-27 01:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2010-01-27 01:32 . 2010-01-27 01:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\HP
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Microsoft
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\IsolatedStorage
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\HP
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory
2010-01-27 01:31 . 2009-11-09 03:55 73656 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 01:31 . 2007-04-30 22:37 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Application Data\Lavasoft
2010-01-27 01:31 . 2010-01-27 01:31 -------- d-----w- c:\documents and settings\Guest\Application Data\Intuit
2010-01-27 01:30 . 2010-01-27 01:30 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\QuickPlay
2010-01-27 01:30 . 2010-01-27 01:30 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2010-01-27 01:30 . 2010-01-27 01:30 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\Mozilla
2010-01-27 01:29 . 2010-01-27 01:29 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\IsolatedStorage
2010-01-27 01:29 . 2010-01-27 01:29 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\HP
2010-01-27 01:29 . 2010-01-27 01:29 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\Google
2010-01-27 01:29 . 2010-01-29 11:45 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\ApplicationHistory
2010-01-27 01:29 . 2010-01-27 01:29 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\Autodesk
2010-01-27 01:29 . 2010-01-27 01:29 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\Apple Computer
2010-01-27 01:29 . 2010-01-27 01:29 -------- d-----w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\Adobe
2010-01-27 01:29 . 2010-01-20 01:11 73656 ----a-w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 01:29 . 2006-08-23 08:20 140 ----a-w- c:\documents and settings\Christopher Sonne\Local Settings\Application Data\fusioncache.dat
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\UVC
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\The Hobbit
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\OpenOffice.org2
2010-01-27 01:28 . 2010-01-27 20:33 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\HP
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\OpenOffice.org
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\Leadertech
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\Intuit
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\HpUpdate
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\GTek
2010-01-27 01:28 . 2010-01-27 01:28 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\AVG9
2010-01-27 01:26 . 2008-03-08 05:22 127 ----a-w- c:\documents and settings\Bill\Local Settings\Application Data\fusioncache.dat
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\Bill\Application Data\OpenOffice.org2
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\Bill\Application Data\Leadertech
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\Bill\Application Data\Intuit
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\Bill\Application Data\HP
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\All Users\DRM
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-27 01:23 . 2010-01-27 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-01-27 01:23 . 2010-01-27 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2010-01-27 01:23 . 2010-01-27 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-01-27 01:23 . 2010-01-27 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Transparent
2010-01-27 01:22 . 2010-01-27 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SBSI
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-01-25 02:02 . 2010-01-24 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-01-20 02:22 . 2010-01-20 02:22 -------- d-----w- c:\program files\Trend Micro
2010-01-20 01:43 . 2010-01-20 01:47 -------- d-----w- C:\$AVG
2010-01-20 01:42 . 2010-01-20 01:42 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-01-20 01:42 . 2010-01-27 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 19:31 . 2010-01-27 01:28 1 ----a-w- c:\documents and settings\Christopher Sonne\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-27 02:25 . 2006-07-29 10:00 -------- d-----w- c:\program files\Hp
2010-01-27 02:23 . 2006-07-29 10:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 01:27 . 2010-01-27 01:27 -------- d-----w- c:\documents and settings\Christopher Sonne\Application Data\ArchosLink
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-01-27 01:22 . 2010-01-27 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-01-27 01:22 . 2010-01-25 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-27 01:21 . 2010-01-27 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-01-27 01:21 . 2010-01-27 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-27 01:21 . 2010-01-27 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-25 02:03 . 2010-01-27 01:27 402 ----a-w- c:\documents and settings\Christopher Sonne\Application Data\_$_hpcst$_.hpc.zip
2010-01-20 01:43 . 2008-11-28 14:52 -------- d-----w- c:\program files\AVG
2010-01-20 01:42 . 2008-11-28 14:53 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-20 01:42 . 2008-11-28 14:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-20 01:42 . 2008-11-28 14:53 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-20 01:42 . 2008-11-28 14:53 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-20 01:42 . 2008-11-28 14:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-20 01:42 . 2008-11-28 14:52 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-20 01:42 . 2008-11-28 14:52 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-07 19:10 . 2009-11-08 04:08 79488 ----a-w- c:\documents and settings\Priscilla\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-06 03:46 . 2010-01-27 01:35 1 ----a-w- c:\documents and settings\Priscilla\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-17 20:07 . 2010-01-27 01:27 0 ----a-w- c:\documents and settings\Bill\Local Settings\Application Data\prvlcl.dat
2009-12-10 13:25 . 2007-02-13 04:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2008-11-14 15:56 . 2008-11-14 15:56 44360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-14 15:56 . 2008-11-14 15:56 107928 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
2006-10-18 02:08 . 2006-10-18 02:08 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-21 7561216]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-09-20 61440]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-22 198160]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-20 2033432]

c:\documents and settings\Christopher Sonne\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe [2006-8-23 98304]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-20 01:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"="0"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Documents and Settings\\Priscilla\\Local Settings\\Temp\\HP\\OJP8500vA909_Full_12\\setup\\hpznui01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\\setup\\hpznui01.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/19/2010 8:42 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/28/2008 9:53 AM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/28/2008 9:53 AM 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/28/2008 9:53 AM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/19/2010 8:42 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [1/19/2010 8:42 PM 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/19/2010 8:42 PM 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [11/28/2008 9:52 AM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/19/2010 8:42 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/19/2010 8:42 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/19/2010 8:42 PM 25736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [11/28/2008 9:52 AM 30104]
S3 Flash1;Flash1;c:\swsetup\SP38062\winphlash\FLASH1.sys [3/1/2006 5:54 PM 3456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Christopher Sonne\Application Data\Mozilla\Firefox\Profiles\uh1nbegg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://sso.verizon.net/ssowebapp/VOLPo ... uery=22958
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 06:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????H??????????????|?M?|?????M?|??@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3656)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ICO.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-01-29 06:56:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-29 11:56
ComboFix2.txt 2010-01-27 03:16
ComboFix3.txt 2010-01-25 02:15

Pre-Run: 10,912,153,600 bytes free
Post-Run: 10,854,100,992 bytes free

- - End Of File - - 098C6EE27C52FC132A2387F07949ECE5
cesonnepe
Active Member
 
Posts: 12
Joined: January 19th, 2010, 9:59 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 481 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware