Jump to content

keali00

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by keali00

  1. keali00
    Seems to be working fine now. So far no redirecting pop-ups. Thank you very much. Can I just delete files/programs: OTL, combofix, defogger, etc... that is located on my desktop or should I just leave it there?
  2. keali00
    ComboFix 10-06-21.01 - Tidal Wave 06/22/2010 2:09.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.495 [GMT -10:00] Running from: c:\documents and settings\Tidal Wave\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system\Pncrt.dll c:\windows\xpsp1hfm.log Infected copy of c:\windows\system32\drivers\termdd.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 ))))))))))))))))))))))))))))))) . 2010-06-21 18:59 . 2010-06-21 18:59 -------- d-----w- C:\_OTL 2010-06-11 21:37 . 2010-06-11 21:37 -------- d-----w- c:\documents and settings\Tidal Wave\Application Data\Malwarebytes 2010-06-11 21:37 . 2010-04-30 01:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-11 21:37 . 2010-06-11 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-11 21:37 . 2010-04-30 01:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-11 21:37 . 2010-06-11 21:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-07 08:28 . 2010-06-07 08:25 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-06-07 08:28 . 2010-06-07 08:28 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-07 08:19 . 2010-06-07 08:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-06-07 08:19 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-06-07 08:18 . 2010-06-07 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-07 08:18 . 2010-06-07 08:19 -------- d-----w- c:\program files\Lavasoft 2010-05-28 20:55 . 2007-06-27 18:00 57344 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\zIMFPRNT.DLL 2010-05-28 20:55 . 2007-06-27 18:00 53248 ----a-w- c:\windows\system32\ZTAG.DLL 2010-05-28 20:55 . 2007-06-27 18:00 61440 ----a-w- c:\windows\system32\zIMF.DLL 2010-05-28 20:54 . 2010-05-28 20:54 -------- d-----w- c:\program files\Hewlett-Packard 2010-05-24 04:07 . 2009-09-01 06:07 65448 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2010-05-24 04:07 . 2009-09-01 06:07 70728 ----a-w- c:\windows\system32\mfevtps.exe 2010-05-24 03:52 . 2010-05-24 03:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-05-24 03:44 . 2010-05-24 03:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2010-05-23 23:26 . 2010-05-23 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2010-05-23 23:26 . 2010-05-24 03:43 -------- d-----w- c:\program files\McAfee Security Scan 2010-05-23 23:16 . 2010-05-23 23:17 -------- d-----w- c:\program files\MSN Toolbar 2010-05-23 23:13 . 2010-05-23 23:18 -------- d-----w- c:\program files\MSN Toolbar Installer 2010-05-23 22:58 . 2010-05-23 22:58 503808 ----a-w- c:\documents and settings\Tidal Wave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56fde05e-n\msvcp71.dll 2010-05-23 22:58 . 2010-05-23 22:58 499712 ----a-w- c:\documents and settings\Tidal Wave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56fde05e-n\jmc.dll 2010-05-23 22:58 . 2010-05-23 22:58 348160 ----a-w- c:\documents and settings\Tidal Wave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56fde05e-n\msvcr71.dll 2010-05-23 22:58 . 2010-05-23 22:58 12800 ----a-w- c:\documents and settings\Tidal Wave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-68e5e850-n\decora-d3d.dll 2010-05-23 22:58 . 2010-05-23 22:58 61440 ----a-w- c:\documents and settings\Tidal Wave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-68e5e850-n\decora-sse.dll 2010-05-23 22:56 . 2010-04-13 03:29 411368 ----a-w- c:\windows\system32\deployJava1.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-07 11:04 . 2009-06-05 20:27 -------- d-----w- c:\program files\AVG 2010-06-07 11:01 . 2009-06-05 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2010-05-24 02:17 . 2009-03-20 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-05-23 23:26 . 2007-10-31 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-05-23 23:17 . 2008-12-18 12:17 -------- d-----w- c:\program files\Microsoft 2010-05-23 23:00 . 2005-11-29 05:23 -------- d-----w- c:\program files\Common Files\Java 2010-05-23 22:55 . 2005-11-29 05:23 -------- d-----w- c:\program files\Java 2010-05-23 21:49 . 2006-02-10 07:14 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-21 11:47 . 2010-05-19 12:29 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-18 12:43 . 2005-11-29 05:51 -------- d-----w- c:\program files\Google 2010-04-29 10:00 . 2009-11-26 04:37 -------- d-----w- c:\documents and settings\Tidal Wave\Application Data\HpUpdate 2009-09-01 06:07 . 2010-05-24 04:07 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-14 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-29 98304] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-12 409600] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-02 233534] "EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304] "Auto EPSON Stylus CX3800 Series on ANELALANI"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-17 136512] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-21 2046816] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-09-01 124240] c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-17 20:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NetworkViewer\\DMNetworkViewer.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/6/2010 10:28 PM 64288] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/5/2009 10:27 AM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/5/2009 10:27 AM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/5/2009 10:27 AM 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/5/2009 10:27 AM 297752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 5:52 AM 1352832] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [8/31/2009 8:07 PM 21256] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/23/2010 6:07 PM 70728] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/21/2005 11:06 PM 231424] R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [9/29/2006 6:05 AM 29312] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2009 4:30 AM 133104] S3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [9/29/2006 6:01 AM 472832] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 2:49 AM 227232] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/23/2010 6:07 PM 65448] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [12/14/2007 8:54 AM 16896] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:33] 2010-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 14:30] 2010-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 14:30] 2010-06-21 c:\windows\Tasks\User_Feed_Synchronization-{E9500AEB-0B20-43BA-BD89-5BF4F85838B8}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 14:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop uSearchURL,(Default) = hxxp://www.google.com/keyword/%s Trusted Zone: line6.net . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) AddRemove-Miro - c:\program files\Participatory Culture Foundation\Miro\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-22 02:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?0?8?0??????? ???B?????????????hLC? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(548) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-06-22 02:26:06 ComboFix-quarantined-files.txt 2010-06-22 12:26 Pre-Run: 46,708,699,136 bytes free Post-Run: 46,771,642,368 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect - - End Of File - - 6F17EDED70D39F996122EF6B9D6AFA44
  3. keali00
    A little better as I am able to post to this log now, but still having redirecting problems.
  4. keali00
    OTL logfile created on: 6/21/2010 9:16:17 AM - Run 2 OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Tidal Wave\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 574.00 Mb Available Physical Memory | 56.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 92.95 Gb Total Space | 43.68 Gb Free Space | 46.99% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TIDALWAVE Current User Name: Tidal Wave Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/06/21 08:57:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe PRC - [2010/06/17 10:33:12 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010/06/15 14:57:46 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe PRC - [2010/03/21 10:35:30 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe PRC - [2009/08/31 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe PRC - [2009/08/31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe PRC - [2009/08/31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2009/08/31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe PRC - [2009/08/17 10:14:33 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009/08/17 10:14:20 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009/08/17 10:13:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/01/16 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe PRC - [2009/01/16 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe PRC - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe PRC - [2008/04/13 14:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE PRC - [2005/10/11 16:17:10 | 000,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe PRC - [2004/10/14 11:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe ========== Modules (SafeList) ========== MOD - [2010/06/21 08:57:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe MOD - [2008/04/13 14:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/06/17 10:33:12 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2010/01/15 02:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/08/31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield) SRV - [2009/08/31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2009/08/31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2009/08/31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService) SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Start_Pending] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/08/17 10:14:12 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009/08/17 10:13:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Start_Pending] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV - [2010/06/06 22:25:59 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/08/31 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/08/31 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/08/31 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2009/08/31 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2009/08/31 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009/08/31 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/08/17 10:14:32 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009/08/17 10:14:32 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/06/05 10:27:55 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2007/04/27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [2007/04/27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sntnlusb.sys -- (SNTNLUSB) DRV - [2006/09/29 06:05:40 | 000,029,312 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l6dp.sys -- (L6DP) DRV - [2006/09/29 06:01:58 | 000,472,832 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L6TPortB.sys -- (L6TPortB) DRV - [2005/09/27 12:46:00 | 001,345,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/08/21 23:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2005/08/21 23:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005/08/21 23:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI) DRV - [2005/08/17 22:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2005/08/11 20:47:34 | 000,376,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005/08/02 00:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA) DRV - [2005/08/01 23:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD) DRV - [2005/06/22 08:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005/06/21 06:18:00 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005/06/19 10:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/05/05 10:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2005/05/05 10:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004/10/07 15:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2002/11/25 05:46:16 | 000,016,896 | ---- | M] (Syncrosoft GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2001/08/17 18:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/04/09 05:03:56 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\NSynas32.sys -- (Nsynas32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/07 11:53:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/05/23 13:17:44 | 000,000,000 | ---D | M] [2009/03/24 00:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\Mozilla\Firefox\extensions [2009/03/24 00:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tidal Wave\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009/08/31 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll O1 HOSTS File: ([2010/06/08 00:56:51 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Auto EPSON Stylus CX3800 Series on ANELALANI] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard ) O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop WallPaper: C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell - "" = AutoRun O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{c5576df6-adac-11dc-bc00-000fb0c11bae}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/06/21 08:59:32 | 000,000,000 | ---D | C] -- C:\_OTL [2010/06/21 08:57:30 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe [2010/06/11 13:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tidal Wave\Desktop\Malware Files [2010/06/11 11:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tidal Wave\Application Data\Malwarebytes [2010/06/11 11:37:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/06/11 11:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/06/11 11:37:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/06/11 11:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/06/06 22:28:42 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/06/06 22:28:32 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/06/06 22:19:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010/06/06 22:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010/06/06 22:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010/05/28 10:55:15 | 000,053,248 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG.DLL [2010/05/28 10:55:14 | 000,061,440 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zIMF.DLL [2010/05/28 10:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2010/05/23 18:07:30 | 000,065,448 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys [2010/05/23 18:07:29 | 000,070,728 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe [2010/05/23 17:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2010/05/23 17:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee [2010/05/23 13:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan [2010/05/23 13:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2010/05/23 13:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar [2010/05/23 13:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer [2010/05/23 13:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/05/19 02:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google [2010/05/19 01:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/05/19 01:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/05/18 00:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/05/18 00:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/05/02 11:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tidal Wave\Desktop\Melveen [2010/05/02 11:50:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tidal Wave\Desktop\Stage Management [2010/04/12 10:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tidal Wave\Desktop\2010 Proposals [2 C:\Documents and Settings\Tidal Wave\Desktop\*.tmp files -> C:\Documents and Settings\Tidal Wave\Desktop\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/06/21 09:28:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/06/21 09:16:24 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\ntuser.dat [2010/06/21 09:15:21 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/06/21 09:15:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/21 09:14:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/21 09:14:44 | 1071,894,528 | -HS- | M] () -- C:\hiberfil.sys [2010/06/21 09:13:29 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tidal Wave\ntuser.ini [2010/06/21 09:03:19 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/06/21 08:57:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe [2010/06/21 08:36:51 | 061,273,118 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/06/21 08:35:55 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E9500AEB-0B20-43BA-BD89-5BF4F85838B8}.job [2010/06/21 08:30:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/17 18:47:06 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\BBO10 PROGRAM Duke Aiona 55th BDay EVENT GRID DRAFT Revised 2.doc [2010/06/17 10:38:00 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\BBO10 PROGRAM Duke Aiona 55th BDay EVENT GRID DRAFT Revised.doc [2010/06/15 15:08:06 | 000,080,235 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\ark.zip [2010/06/15 14:43:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\defogger_reenable [2010/06/15 14:42:59 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Defogger.exe [2010/06/15 01:57:49 | 000,004,283 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Attach.zip [2010/06/15 01:37:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\bx5fjl4k.exe [2010/06/14 23:59:31 | 000,443,816 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/14 23:59:31 | 000,384,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/14 23:59:31 | 000,054,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/13 16:42:30 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\~$O10 PROGRAM Duke Aiona 55th BDay EVENT GRID DRAFT Revised.doc [2010/06/13 16:37:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\~$O10 PROGRAM Duke Aiona 55th BDay EVENT GRID DRAFT.doc [2010/06/13 14:54:15 | 000,192,101 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\BB PROGRAM.pdf [2010/06/13 14:52:03 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\BBO10 PROGRAM Duke Aiona 55th BDay EVENT GRID DRAFT.doc [2010/06/11 00:40:21 | 000,902,318 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\A Touch of Gold 8x10.jpg [2010/06/06 22:28:21 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/06/06 22:25:59 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/06/06 22:19:14 | 000,000,922 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk [2010/06/06 22:19:14 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/06/06 15:01:54 | 000,018,694 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.pdf [2010/06/06 15:01:19 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.doc [2010/06/04 04:55:16 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Pipeline Fundraiser.doc [2010/06/04 00:36:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Microsoft Office Word 2003.lnk [2010/06/04 00:07:19 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\MELE WORKSHOP PRESS RELEASE-1.doc [2010/05/28 10:37:30 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\My Documents\MELE Volunteer.xls [2010/05/25 10:45:16 | 001,690,534 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HI pdf file.pdf [2010/05/25 10:39:59 | 006,589,245 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\design for HI.psd [2010/05/24 23:13:44 | 004,317,936 | -H-- | M] () -- C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\IconCache.db [2010/05/23 17:44:05 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk [2010/05/23 17:44:05 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010/05/23 11:49:40 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/05/21 01:47:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/21 00:00:40 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Hoku Volunteer List.xls [2010/05/20 12:51:34 | 000,521,362 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Aiona BB timeline.pdf [2010/05/18 02:45:20 | 000,001,952 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/05/13 15:41:54 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\DA BB 10.doc [2010/05/13 10:56:19 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Specs Prospective Bidders.doc [2010/05/07 14:04:09 | 000,194,560 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Friends of Duke.doc [2010/05/04 14:32:48 | 000,090,070 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\PACRIM Application.pdf [2010/05/02 11:47:27 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/29 21:34:38 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\CorelDRAW X4.lnk [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/29 15:19:56 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\~$HF - 2010 LEI OF STARS - The Hawaiian Music Hall of Fame - entertainers line up[1].doc [2010/04/29 15:19:05 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\~$HF - 2010 LEI OF STARS - The Hawaiian Music Hall of Fame - overall[1].doc [2010/04/16 03:15:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/04/09 01:50:07 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\My Documents\Budget Planning ChecklistV1.doc [2010/04/09 01:49:47 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Mele Songwriters Priority List.doc [2010/03/26 09:47:43 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010/03/25 18:45:39 | 000,041,376 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Ellie_Happy Baby_2010.02.JPG [2 C:\Documents and Settings\Tidal Wave\Desktop\*.tmp files -> C:\Documents and Settings\Tidal Wave\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/17 17:54:17 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\BBO10 PROGRAM Duke Aiona 55th BDay EVENT GRID DRAFT Revised 2.doc [2010/06/15 15:08:06 | 000,080,235 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\ark.zip [2010/06/15 14:43:31 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Defogger.exe [2010/06/15 14:43:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\defogger_reenable [2010/06/15 01:57:49 | 000,004,283 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Attach.zip [2010/06/15 01:37:34 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\bx5fjl4k.exe [2010/06/13 16:42:30 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\~$O10 PROGRAM Duke Aiona 55th BDay EVENT GRID DRAFT Revised.doc [2010/06/13 16:42:29 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\BBO10 PROGRAM Duke Aiona 55th BDay EVENT GRID DRAFT Revised.doc [2010/06/13 16:37:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\~$O10 PROGRAM Duke Aiona 55th BDay EVENT GRID DRAFT.doc [2010/06/13 14:54:14 | 000,192,101 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\BB PROGRAM.pdf [2010/06/13 14:52:12 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\BBO10 PROGRAM Duke Aiona 55th BDay EVENT GRID DRAFT.doc [2010/06/11 00:40:13 | 000,902,318 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\A Touch of Gold 8x10.jpg [2010/06/06 22:30:47 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/06/06 22:19:14 | 000,000,922 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk [2010/06/06 22:19:14 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/06/06 15:01:49 | 000,018,694 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.pdf [2010/06/04 04:55:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Pipeline Fundraiser.doc [2010/06/04 03:58:42 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.doc [2010/06/04 00:08:04 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\MELE WORKSHOP PRESS RELEASE-1.doc [2010/05/28 10:37:30 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\My Documents\MELE Volunteer.xls [2010/05/25 10:45:13 | 001,690,534 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HI pdf file.pdf [2010/05/25 10:39:59 | 006,589,245 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\design for HI.psd [2010/05/23 13:26:21 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk [2010/05/23 13:26:21 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010/05/23 11:47:36 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/05/21 00:00:40 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Hoku Volunteer List.xls [2010/05/20 12:51:34 | 000,521,362 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Aiona BB timeline.pdf [2010/05/19 02:29:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/18 02:45:20 | 000,001,952 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/05/13 11:40:50 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\DA BB 10.doc [2010/05/11 21:17:23 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Specs Prospective Bidders.doc [2010/05/07 14:04:05 | 000,194,560 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Friends of Duke.doc [2010/05/04 14:32:48 | 000,090,070 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\PACRIM Application.pdf [2010/04/29 15:19:56 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\~$HF - 2010 LEI OF STARS - The Hawaiian Music Hall of Fame - entertainers line up[1].doc [2010/04/29 15:19:05 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\~$HF - 2010 LEI OF STARS - The Hawaiian Music Hall of Fame - overall[1].doc [2010/04/09 01:50:07 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\My Documents\Budget Planning ChecklistV1.doc [2010/04/09 01:02:21 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Mele Songwriters Priority List.doc [2010/03/25 18:45:39 | 000,041,376 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Ellie_Happy Baby_2010.02.JPG [2009/04/08 20:30:45 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2007/10/30 20:47:09 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig [2006/08/03 01:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI [2006/03/30 10:35:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2006/03/30 10:33:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini [2006/02/09 21:25:01 | 000,000,076 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI [2006/02/06 21:20:34 | 000,000,498 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/11/28 19:48:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005/11/28 19:48:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005/11/28 19:48:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005/11/28 19:48:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005/11/28 19:48:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005/11/28 19:48:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005/11/28 19:33:18 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/08/17 07:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/08/17 07:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/08/05 19:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/07/01 01:47:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/06/01 04:46:30 | 011,194,368 | ---- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL [2005/06/01 04:46:30 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\AGISSI.DLL [2005/06/01 04:46:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL [2004/06/24 01:20:02 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI [2004/01/05 20:11:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BsiUt232.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2008/03/10 21:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton [2009/06/23 13:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2009/05/04 02:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitstream [2006/02/06 21:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software [2005/11/28 19:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream [2007/09/01 15:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2007/12/14 08:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6 [2005/11/28 19:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies [2006/02/06 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited [2010/06/06 22:19:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2008/03/10 21:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\Ableton [2009/06/05 10:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\AVGTOOLBAR [2009/08/12 23:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/03/25 15:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\EssentialPIM [2006/04/29 14:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\InterVideo [2006/02/13 20:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\Leadertech [2007/12/14 09:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\Line 6 [2006/08/03 01:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\muvee Technologies [2006/02/09 21:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\MyFamily.com [2009/03/24 00:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\Participatory Culture Foundation [2007/12/14 09:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\Steinberg [2010/06/21 09:28:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2010/06/21 08:35:55 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E9500AEB-0B20-43BA-BD89-5BF4F85838B8}.job ========== Purity Check ========== < End of report >
  5. keali00
    Its not allowing me to cut and paste Extras.txt. Keeps sending me to a diagnostic page and internet not connected, but it allows me to post other replies and OTL.txt. Will try attaching to this post. Extras.Txt
  6. keali00
    OTL logfile created on: 6/10/2010 11:07:50 PM - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Tidal Wave\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 11.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 92.95 Gb Total Space | 41.83 Gb Free Space | 45.00% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TIDALWAVE Current User Name: Tidal Wave Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/10 23:07:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe PRC - [2010/06/06 22:25:07 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010/06/06 22:25:04 | 001,352,320 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010/03/21 10:35:30 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2010/03/19 16:51:17 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe PRC - [2010/01/15 02:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe PRC - [2009/08/31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe PRC - [2009/08/31 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe PRC - [2009/08/31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe PRC - [2009/08/31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2009/08/31 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2009/08/31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009/08/17 10:14:33 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009/08/17 10:14:31 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2009/08/17 10:14:20 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009/08/17 10:14:12 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2009/08/17 10:13:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009/08/07 17:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/01/16 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe PRC - [2009/01/16 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe PRC - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe PRC - [2009/01/16 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe PRC - [2008/04/13 14:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE PRC - [2005/10/11 16:17:10 | 000,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe PRC - [2004/10/14 11:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe ========== Modules (SafeList) ========== MOD - [2010/06/10 23:07:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe MOD - [2008/04/13 14:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/06/06 22:25:04 | 001,352,320 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2010/01/15 02:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/08/31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield) SRV - [2009/08/31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2009/08/31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2009/08/31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService) SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/08/17 10:14:12 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009/08/17 10:13:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV - [2010/06/06 22:25:59 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/08/31 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/08/31 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/08/31 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2009/08/31 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2009/08/31 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009/08/31 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/08/17 10:14:32 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009/08/17 10:14:32 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/06/05 10:27:55 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2007/04/27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [2007/04/27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sntnlusb.sys -- (SNTNLUSB) DRV - [2006/09/29 06:05:40 | 000,029,312 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l6dp.sys -- (L6DP) DRV - [2006/09/29 06:01:58 | 000,472,832 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L6TPortB.sys -- (L6TPortB) DRV - [2005/09/27 12:46:00 | 001,345,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/08/21 23:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2005/08/21 23:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005/08/21 23:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI) DRV - [2005/08/17 22:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2005/08/11 20:47:34 | 000,376,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005/08/02 00:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA) DRV - [2005/08/01 23:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD) DRV - [2005/06/22 08:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005/06/21 06:18:00 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005/06/19 10:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/05/05 10:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2005/05/05 10:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004/10/07 15:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2002/11/25 05:46:16 | 000,016,896 | ---- | M] (Syncrosoft GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2001/08/17 18:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/04/09 05:03:56 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\NSynas32.sys -- (Nsynas32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/07 11:53:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/05/23 13:17:44 | 000,000,000 | ---D | M] [2009/03/24 00:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\Mozilla\Firefox\extensions [2009/03/24 00:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tidal Wave\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009/08/31 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll O1 HOSTS File: ([2010/06/08 00:56:51 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Auto EPSON Stylus CX3800 Series on ANELALANI] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard ) O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [ybnwcqxg] C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\ivmctblrt\rjlcpsotssd.exe File not found O4 - HKCU..\Run: [ybnwcqxg] C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\ivmctblrt\rjlcpsotssd.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop WallPaper: C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell - "" = AutoRun O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{c5576df6-adac-11dc-bc00-000fb0c11bae}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe O33 - MountPoints2\{fd74ee86-c663-11dd-bc2b-000fb0c11bae}\Shell\AutoRun\command - "" = pygnun.exe O33 - MountPoints2\{fd74ee86-c663-11dd-bc2b-000fb0c11bae}\Shell\explore\Command - "" = pygnun.exe O33 - MountPoints2\{fd74ee86-c663-11dd-bc2b-000fb0c11bae}\Shell\open\Command - "" = pygnun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/10 23:07:23 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe [2010/06/06 22:28:42 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/06/06 22:28:32 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/06/06 22:19:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010/06/06 22:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010/06/06 22:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010/05/28 10:55:15 | 000,053,248 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG.DLL [2010/05/28 10:55:14 | 000,061,440 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zIMF.DLL [2010/05/28 10:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2010/05/23 18:07:30 | 000,065,448 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys [2010/05/23 18:07:29 | 000,070,728 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe [2010/05/23 17:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2010/05/23 17:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee [2010/05/23 13:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan [2010/05/23 13:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2010/05/23 13:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar [2010/05/23 13:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer [2010/05/23 13:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/05/23 12:56:23 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/05/23 12:56:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/05/23 12:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/05/23 12:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/05/19 02:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google [2010/05/19 01:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/05/19 01:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/05/18 00:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/05/18 00:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/05/18 00:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\ivmctblrt [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Tidal Wave\Desktop\*.tmp files -> C:\Documents and Settings\Tidal Wave\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/10 23:16:07 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\f7zg3qm4.exe [2010/06/10 23:07:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe [2010/06/10 22:57:03 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/06/10 17:55:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/06/10 17:50:32 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/06/10 17:50:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/10 17:50:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/10 17:49:56 | 1071,894,528 | -HS- | M] () -- C:\hiberfil.sys [2010/06/10 16:40:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tidal Wave\ntuser.ini [2010/06/10 16:40:44 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\ntuser.dat [2010/06/10 15:10:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/10 14:42:26 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E9500AEB-0B20-43BA-BD89-5BF4F85838B8}.job [2010/06/07 23:55:56 | 060,827,902 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/06/06 22:28:21 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/06/06 22:25:59 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/06/06 22:19:14 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/06/06 15:01:54 | 000,018,694 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.pdf [2010/06/06 15:01:19 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.doc [2010/06/04 04:55:16 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Pipeline Fundraiser.doc [2010/06/04 00:36:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Microsoft Office Word 2003.lnk [2010/06/04 00:07:19 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\MELE WORKSHOP PRESS RELEASE-1.doc [2010/05/28 10:37:30 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\My Documents\MELE Volunteer.xls [2010/05/25 10:45:16 | 001,690,534 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HI pdf file.pdf [2010/05/25 10:39:59 | 006,589,245 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\design for HI.psd [2010/05/24 23:13:44 | 004,317,936 | -H-- | M] () -- C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\IconCache.db [2010/05/23 17:44:05 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk [2010/05/23 17:44:05 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010/05/23 11:49:40 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/05/21 01:47:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/21 00:00:40 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Hoku Volunteer List.xls [2010/05/20 12:51:34 | 000,521,362 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Aiona BB timeline.pdf [2010/05/18 02:45:20 | 000,001,952 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/05/13 15:41:54 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\DA BB 10.doc [2010/05/13 10:56:19 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Specs Prospective Bidders.doc [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Tidal Wave\Desktop\*.tmp files -> C:\Documents and Settings\Tidal Wave\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/06 22:30:47 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/06/06 22:19:14 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/06/06 15:01:49 | 000,018,694 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.pdf [2010/06/04 04:55:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Pipeline Fundraiser.doc [2010/06/04 03:58:42 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.doc [2010/06/04 00:08:04 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\MELE WORKSHOP PRESS RELEASE-1.doc [2010/05/28 10:37:30 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\My Documents\MELE Volunteer.xls [2010/05/25 10:45:13 | 001,690,534 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HI pdf file.pdf [2010/05/25 10:39:59 | 006,589,245 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\design for HI.psd [2010/05/23 13:26:21 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk [2010/05/23 13:26:21 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010/05/23 11:47:36 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/05/21 00:00:40 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Hoku Volunteer List.xls [2010/05/20 12:51:34 | 000,521,362 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Aiona BB timeline.pdf [2010/05/19 02:29:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/18 02:45:20 | 000,001,952 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/05/13 11:40:50 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\DA BB 10.doc [2009/04/08 20:30:45 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2007/10/30 20:47:09 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig [2006/08/03 01:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI [2006/03/30 10:35:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2006/03/30 10:33:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini [2006/02/09 21:25:01 | 000,000,076 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI [2006/02/06 21:20:34 | 000,000,498 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/11/28 19:48:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005/11/28 19:48:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005/11/28 19:48:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005/11/28 19:48:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005/11/28 19:48:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005/11/28 19:48:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005/11/28 19:33:18 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/08/17 07:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/08/17 07:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/08/05 19:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/07/01 01:47:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/06/01 04:46:30 | 011,194,368 | ---- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL [2005/06/01 04:46:30 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\AGISSI.DLL [2005/06/01 04:46:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL [2004/08/10 05:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004/08/10 05:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004/08/10 05:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004/08/10 05:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004/08/10 05:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2004/06/24 01:20:02 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI [2004/01/05 20:11:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BsiUt232.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI < End of report >
  7. keali00
    OTL logfile created on: 6/10/2010 11:07:50 PM - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Tidal Wave\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 11.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 92.95 Gb Total Space | 41.83 Gb Free Space | 45.00% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TIDALWAVE Current User Name: Tidal Wave Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/10 23:07:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe PRC - [2010/06/06 22:25:07 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010/06/06 22:25:04 | 001,352,320 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010/03/21 10:35:30 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2010/03/19 16:51:17 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe PRC - [2010/01/15 02:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe PRC - [2009/08/31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe PRC - [2009/08/31 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe PRC - [2009/08/31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe PRC - [2009/08/31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2009/08/31 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2009/08/31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009/08/17 10:14:33 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009/08/17 10:14:31 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2009/08/17 10:14:20 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009/08/17 10:14:12 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2009/08/17 10:13:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009/08/07 17:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/01/16 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe PRC - [2009/01/16 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe PRC - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe PRC - [2009/01/16 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe PRC - [2008/04/13 14:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE PRC - [2005/10/11 16:17:10 | 000,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe PRC - [2004/10/14 11:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe ========== Modules (SafeList) ========== MOD - [2010/06/10 23:07:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe MOD - [2008/04/13 14:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/06/06 22:25:04 | 001,352,320 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2010/01/15 02:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/08/31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield) SRV - [2009/08/31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2009/08/31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2009/08/31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService) SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/08/17 10:14:12 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009/08/17 10:13:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV - [2010/06/06 22:25:59 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/08/31 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/08/31 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/08/31 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2009/08/31 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2009/08/31 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009/08/31 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/08/17 10:14:32 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009/08/17 10:14:32 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/06/05 10:27:55 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2007/04/27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [2007/04/27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sntnlusb.sys -- (SNTNLUSB) DRV - [2006/09/29 06:05:40 | 000,029,312 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l6dp.sys -- (L6DP) DRV - [2006/09/29 06:01:58 | 000,472,832 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L6TPortB.sys -- (L6TPortB) DRV - [2005/09/27 12:46:00 | 001,345,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/08/21 23:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2005/08/21 23:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005/08/21 23:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI) DRV - [2005/08/17 22:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2005/08/11 20:47:34 | 000,376,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005/08/02 00:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA) DRV - [2005/08/01 23:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD) DRV - [2005/06/22 08:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005/06/21 06:18:00 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005/06/19 10:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/05/05 10:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2005/05/05 10:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004/10/07 15:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2002/11/25 05:46:16 | 000,016,896 | ---- | M] (Syncrosoft GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2001/08/17 18:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/04/09 05:03:56 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\NSynas32.sys -- (Nsynas32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/07 11:53:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/05/23 13:17:44 | 000,000,000 | ---D | M] [2009/03/24 00:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\Mozilla\Firefox\extensions [2009/03/24 00:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tidal Wave\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009/08/31 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll O1 HOSTS File: ([2010/06/08 00:56:51 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Auto EPSON Stylus CX3800 Series on ANELALANI] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard ) O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [ybnwcqxg] C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\ivmctblrt\rjlcpsotssd.exe File not found O4 - HKCU..\Run: [ybnwcqxg] C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\ivmctblrt\rjlcpsotssd.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop WallPaper: C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell - "" = AutoRun O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{c5576df6-adac-11dc-bc00-000fb0c11bae}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe O33 - MountPoints2\{fd74ee86-c663-11dd-bc2b-000fb0c11bae}\Shell\AutoRun\command - "" = pygnun.exe O33 - MountPoints2\{fd74ee86-c663-11dd-bc2b-000fb0c11bae}\Shell\explore\Command - "" = pygnun.exe O33 - MountPoints2\{fd74ee86-c663-11dd-bc2b-000fb0c11bae}\Shell\open\Command - "" = pygnun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/10 23:07:23 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe [2010/06/06 22:28:42 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/06/06 22:28:32 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/06/06 22:19:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010/06/06 22:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010/06/06 22:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010/05/28 10:55:15 | 000,053,248 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG.DLL [2010/05/28 10:55:14 | 000,061,440 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zIMF.DLL [2010/05/28 10:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2010/05/23 18:07:30 | 000,065,448 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys [2010/05/23 18:07:29 | 000,070,728 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe [2010/05/23 17:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2010/05/23 17:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee [2010/05/23 13:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan [2010/05/23 13:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2010/05/23 13:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar [2010/05/23 13:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer [2010/05/23 13:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/05/23 12:56:23 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/05/23 12:56:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/05/23 12:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/05/23 12:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/05/19 02:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google [2010/05/19 01:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/05/19 01:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/05/18 00:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/05/18 00:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/05/18 00:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\ivmctblrt [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Tidal Wave\Desktop\*.tmp files -> C:\Documents and Settings\Tidal Wave\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/10 23:16:07 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\f7zg3qm4.exe [2010/06/10 23:07:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe [2010/06/10 22:57:03 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/06/10 17:55:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/06/10 17:50:32 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/06/10 17:50:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/10 17:50:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/10 17:49:56 | 1071,894,528 | -HS- | M] () -- C:\hiberfil.sys [2010/06/10 16:40:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tidal Wave\ntuser.ini [2010/06/10 16:40:44 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\ntuser.dat [2010/06/10 15:10:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/10 14:42:26 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E9500AEB-0B20-43BA-BD89-5BF4F85838B8}.job [2010/06/07 23:55:56 | 060,827,902 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/06/06 22:28:21 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/06/06 22:25:59 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/06/06 22:19:14 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/06/06 15:01:54 | 000,018,694 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.pdf [2010/06/06 15:01:19 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.doc [2010/06/04 04:55:16 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Pipeline Fundraiser.doc [2010/06/04 00:36:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Microsoft Office Word 2003.lnk [2010/06/04 00:07:19 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\MELE WORKSHOP PRESS RELEASE-1.doc [2010/05/28 10:37:30 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\My Documents\MELE Volunteer.xls [2010/05/25 10:45:16 | 001,690,534 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HI pdf file.pdf [2010/05/25 10:39:59 | 006,589,245 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\design for HI.psd [2010/05/24 23:13:44 | 004,317,936 | -H-- | M] () -- C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\IconCache.db [2010/05/23 17:44:05 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk [2010/05/23 17:44:05 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010/05/23 11:49:40 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/05/21 01:47:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/21 00:00:40 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Hoku Volunteer List.xls [2010/05/20 12:51:34 | 000,521,362 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Aiona BB timeline.pdf [2010/05/18 02:45:20 | 000,001,952 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/05/13 15:41:54 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\DA BB 10.doc [2010/05/13 10:56:19 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Specs Prospective Bidders.doc [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Tidal Wave\Desktop\*.tmp files -> C:\Documents and Settings\Tidal Wave\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/06 22:30:47 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/06/06 22:19:14 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/06/06 15:01:49 | 000,018,694 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.pdf [2010/06/04 04:55:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Pipeline Fundraiser.doc [2010/06/04 03:58:42 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.doc [2010/06/04 00:08:04 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\MELE WORKSHOP PRESS RELEASE-1.doc [2010/05/28 10:37:30 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\My Documents\MELE Volunteer.xls [2010/05/25 10:45:13 | 001,690,534 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HI pdf file.pdf [2010/05/25 10:39:59 | 006,589,245 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\design for HI.psd [2010/05/23 13:26:21 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk [2010/05/23 13:26:21 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010/05/23 11:47:36 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/05/21 00:00:40 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Hoku Volunteer List.xls [2010/05/20 12:51:34 | 000,521,362 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Aiona BB timeline.pdf [2010/05/19 02:29:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/18 02:45:20 | 000,001,952 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/05/13 11:40:50 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\DA BB 10.doc [2009/04/08 20:30:45 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2007/10/30 20:47:09 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig [2006/08/03 01:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI [2006/03/30 10:35:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2006/03/30 10:33:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini [2006/02/09 21:25:01 | 000,000,076 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI [2006/02/06 21:20:34 | 000,000,498 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/11/28 19:48:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005/11/28 19:48:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005/11/28 19:48:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005/11/28 19:48:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005/11/28 19:48:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005/11/28 19:48:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005/11/28 19:33:18 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/08/17 07:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/08/17 07:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/08/05 19:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/07/01 01:47:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/06/01 04:46:30 | 011,194,368 | ---- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL [2005/06/01 04:46:30 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\AGISSI.DLL [2005/06/01 04:46:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL [2004/08/10 05:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004/08/10 05:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004/08/10 05:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004/08/10 05:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004/08/10 05:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2004/06/24 01:20:02 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI [2004/01/05 20:11:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BsiUt232.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI < End of report >
  8. keali00
    having hard time posting logs, will try again later.
  9. keali00
    After following the directions, here is my logs. DDS (Ver_10-03-17.01) - NTFSx86 Run by Tidal Wave at 1:29:21.15 on Tue 06/15/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.203 [GMT -10:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Tidal Wave\Local Settings\Temporary Internet Files\Content.IE5\5EM2G09X\dds[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=laptop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" mRun: [Auto EPSON Stylus CX3800 Series on ANELALANI] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaca.exe /p44 "auto epson stylus cx3800 series on anelalani" /o20 "\\anelalani\EPSONSty" /M "Stylus CX3800" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe" mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL Trusted Zone: line6.net DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-10-30 343664] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-5 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-5 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-5 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-5 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-5 297752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2009-8-31 21256] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-8-31 146448] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-8-31 66896] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-5-23 70728] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-21 231424] R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [2006-9-29 29312] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-10-30 91672] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-10-30 43288] S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-11 133104] S3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [2006-9-29 472832] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-23 65448] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2007-12-14 16896] =============== Created Last 30 ================ 2010-06-11 21:37:59 0 d-----w- c:\docume~1\tidalw~1\applic~1\Malwarebytes 2010-06-11 21:37:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-11 21:37:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-06-11 21:37:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-11 21:37:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-07 08:28:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-06-07 08:28:32 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-07 08:19:21 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-06-07 08:18:00 0 d-----w- c:\program files\Lavasoft 2010-05-28 20:55:15 53248 ----a-w- c:\windows\system32\ZTAG.DLL 2010-05-28 20:55:14 61440 ----a-w- c:\windows\system32\zIMF.DLL 2010-05-24 04:07:30 65448 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2010-05-24 04:07:29 70728 ----a-w- c:\windows\system32\mfevtps.exe 2010-05-23 23:26:35 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan 2010-05-23 23:26:14 0 d-----w- c:\program files\McAfee Security Scan 2010-05-23 23:16:52 0 d-----w- c:\program files\MSN Toolbar 2010-05-23 23:13:06 0 d-----w- c:\program files\MSN Toolbar Installer 2010-05-23 22:56:23 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-19 12:29:47 664 ----a-w- c:\windows\system32\d3d9caps.dat ==================== Find3M ==================== ============= FINISH: 1:33:22.69 =============== ark.zip
  10. keali00
    After reading some previous post I ran OTL & GMER here are the following logs: Please let me know if you can help. OTL logfile created on: 6/10/2010 11:07:50 PM - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Tidal Wave\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 11.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 92.95 Gb Total Space | 41.83 Gb Free Space | 45.00% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TIDALWAVE Current User Name: Tidal Wave Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/10 23:07:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe PRC - [2010/06/06 22:25:07 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010/06/06 22:25:04 | 001,352,320 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010/03/21 10:35:30 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2010/03/19 16:51:17 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe PRC - [2010/01/15 02:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe PRC - [2009/08/31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe PRC - [2009/08/31 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe PRC - [2009/08/31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe PRC - [2009/08/31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2009/08/31 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2009/08/31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009/08/17 10:14:33 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009/08/17 10:14:31 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2009/08/17 10:14:20 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009/08/17 10:14:12 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2009/08/17 10:13:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009/08/07 17:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/01/16 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe PRC - [2009/01/16 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe PRC - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe PRC - [2009/01/16 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe PRC - [2008/04/13 14:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE PRC - [2005/10/11 16:17:10 | 000,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe PRC - [2004/10/14 11:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe ========== Modules (SafeList) ========== MOD - [2010/06/10 23:07:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe MOD - [2008/04/13 14:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/06/06 22:25:04 | 001,352,320 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2010/01/15 02:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/08/31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield) SRV - [2009/08/31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2009/08/31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2009/08/31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService) SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/08/17 10:14:12 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009/08/17 10:13:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV - [2010/06/06 22:25:59 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/08/31 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/08/31 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/08/31 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2009/08/31 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2009/08/31 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009/08/31 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/08/17 10:14:32 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009/08/17 10:14:32 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/06/05 10:27:55 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2007/04/27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [2007/04/27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sntnlusb.sys -- (SNTNLUSB) DRV - [2006/09/29 06:05:40 | 000,029,312 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l6dp.sys -- (L6DP) DRV - [2006/09/29 06:01:58 | 000,472,832 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L6TPortB.sys -- (L6TPortB) DRV - [2005/09/27 12:46:00 | 001,345,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/08/21 23:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2005/08/21 23:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005/08/21 23:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI) DRV - [2005/08/17 22:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2005/08/11 20:47:34 | 000,376,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005/08/02 00:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA) DRV - [2005/08/01 23:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD) DRV - [2005/06/22 08:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005/06/21 06:18:00 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005/06/19 10:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/05/05 10:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2005/05/05 10:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004/10/07 15:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2002/11/25 05:46:16 | 000,016,896 | ---- | M] (Syncrosoft GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2001/08/17 18:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/04/09 05:03:56 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\NSynas32.sys -- (Nsynas32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/07 11:53:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/05/23 13:17:44 | 000,000,000 | ---D | M] [2009/03/24 00:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\Mozilla\Firefox\extensions [2009/03/24 00:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tidal Wave\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009/08/31 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll O1 HOSTS File: ([2010/06/08 00:56:51 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Auto EPSON Stylus CX3800 Series on ANELALANI] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard ) O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [ybnwcqxg] C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\ivmctblrt\rjlcpsotssd.exe File not found O4 - HKCU..\Run: [ybnwcqxg] C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\ivmctblrt\rjlcpsotssd.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop WallPaper: C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell - "" = AutoRun O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{c5576df6-adac-11dc-bc00-000fb0c11bae}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe O33 - MountPoints2\{fd74ee86-c663-11dd-bc2b-000fb0c11bae}\Shell\AutoRun\command - "" = pygnun.exe O33 - MountPoints2\{fd74ee86-c663-11dd-bc2b-000fb0c11bae}\Shell\explore\Command - "" = pygnun.exe O33 - MountPoints2\{fd74ee86-c663-11dd-bc2b-000fb0c11bae}\Shell\open\Command - "" = pygnun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/10 23:07:23 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe [2010/06/06 22:28:42 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/06/06 22:28:32 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/06/06 22:19:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010/06/06 22:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010/06/06 22:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010/05/28 10:55:15 | 000,053,248 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG.DLL [2010/05/28 10:55:14 | 000,061,440 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zIMF.DLL [2010/05/28 10:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2010/05/23 18:07:30 | 000,065,448 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys [2010/05/23 18:07:29 | 000,070,728 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe [2010/05/23 17:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2010/05/23 17:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee [2010/05/23 13:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan [2010/05/23 13:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2010/05/23 13:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar [2010/05/23 13:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer [2010/05/23 13:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/05/23 12:56:23 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/05/23 12:56:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/05/23 12:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/05/23 12:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/05/19 02:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google [2010/05/19 01:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/05/19 01:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/05/18 00:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/05/18 00:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/05/18 00:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\ivmctblrt [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Tidal Wave\Desktop\*.tmp files -> C:\Documents and Settings\Tidal Wave\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/10 23:16:07 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\f7zg3qm4.exe [2010/06/10 23:07:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe [2010/06/10 22:57:03 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/06/10 17:55:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/06/10 17:50:32 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/06/10 17:50:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/10 17:50:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/10 17:49:56 | 1071,894,528 | -HS- | M] () -- C:\hiberfil.sys [2010/06/10 16:40:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tidal Wave\ntuser.ini [2010/06/10 16:40:44 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\ntuser.dat [2010/06/10 15:10:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/10 14:42:26 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E9500AEB-0B20-43BA-BD89-5BF4F85838B8}.job [2010/06/07 23:55:56 | 060,827,902 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/06/06 22:28:21 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/06/06 22:25:59 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/06/06 22:19:14 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/06/06 15:01:54 | 000,018,694 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.pdf [2010/06/06 15:01:19 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.doc [2010/06/04 04:55:16 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Pipeline Fundraiser.doc [2010/06/04 00:36:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Microsoft Office Word 2003.lnk [2010/06/04 00:07:19 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\MELE WORKSHOP PRESS RELEASE-1.doc [2010/05/28 10:37:30 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\My Documents\MELE Volunteer.xls [2010/05/25 10:45:16 | 001,690,534 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HI pdf file.pdf [2010/05/25 10:39:59 | 006,589,245 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\design for HI.psd [2010/05/24 23:13:44 | 004,317,936 | -H-- | M] () -- C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\IconCache.db [2010/05/23 17:44:05 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk [2010/05/23 17:44:05 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010/05/23 11:49:40 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/05/21 01:47:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/21 00:00:40 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Hoku Volunteer List.xls [2010/05/20 12:51:34 | 000,521,362 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Aiona BB timeline.pdf [2010/05/18 02:45:20 | 000,001,952 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/05/13 15:41:54 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\DA BB 10.doc [2010/05/13 10:56:19 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Specs Prospective Bidders.doc [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Tidal Wave\Desktop\*.tmp files -> C:\Documents and Settings\Tidal Wave\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/06 22:30:47 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/06/06 22:19:14 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/06/06 15:01:49 | 000,018,694 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.pdf [2010/06/04 04:55:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Pipeline Fundraiser.doc [2010/06/04 03:58:42 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.doc [2010/06/04 00:08:04 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\MELE WORKSHOP PRESS RELEASE-1.doc [2010/05/28 10:37:30 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\My Documents\MELE Volunteer.xls [2010/05/25 10:45:13 | 001,690,534 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HI pdf file.pdf [2010/05/25 10:39:59 | 006,589,245 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\design for HI.psd [2010/05/23 13:26:21 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk [2010/05/23 13:26:21 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010/05/23 11:47:36 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/05/21 00:00:40 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Hoku Volunteer List.xls [2010/05/20 12:51:34 | 000,521,362 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Aiona BB timeline.pdf [2010/05/19 02:29:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/18 02:45:20 | 000,001,952 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/05/13 11:40:50 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\DA BB 10.doc [2009/04/08 20:30:45 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2007/10/30 20:47:09 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig [2006/08/03 01:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI [2006/03/30 10:35:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2006/03/30 10:33:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini [2006/02/09 21:25:01 | 000,000,076 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI [2006/02/06 21:20:34 | 000,000,498 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/11/28 19:48:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005/11/28 19:48:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005/11/28 19:48:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005/11/28 19:48:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005/11/28 19:48:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005/11/28 19:48:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005/11/28 19:33:18 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/08/17 07:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/08/17 07:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/08/05 19:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/07/01 01:47:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/06/01 04:46:30 | 011,194,368 | ---- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL [2005/06/01 04:46:30 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\AGISSI.DLL [2005/06/01 04:46:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL [2004/08/10 05:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004/08/10 05:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004/08/10 05:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004/08/10 05:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004/08/10 05:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2004/06/24 01:20:02 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI [2004/01/05 20:11:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BsiUt232.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI < End of report > GMER 1.0.15.15281 - http://www.gmer.net Rootkit quick scan 2010-06-10 23:19:08 Windows 5.1.2600 Service Pack 3 Running: f7zg3qm4.exe; Driver: C:\DOCUME~1\TIDALW~1\LOCALS~1\Temp\pwriypow.sys ---- System - GMER 1.0.15 ---- Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF73097BA] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF7309610] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF7309624] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF730968C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF73096B8] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF7309726] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF7309710] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xF730973C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF73097FA] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF7309768] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7309662] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF73095D4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF73095E8] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF73097CE] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF73097A4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF73096FA] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF73096E4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF73096A2] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xF7309790] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xF730977C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF730964E] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF730963A] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7309829] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xF7309752] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7309810] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF73097E4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) Device -> \Driver\atapi \Device\Harddisk0\DR0 86F1DCEC ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ----
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.