Redirecting Pop ups

keali00 · June 16, 2010

After following the directions, here is my logs.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Tidal Wave at 1:29:21.15 on Tue 06/15/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.203 [GMT -10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

svchost.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Tidal Wave\Local Settings\Temporary Internet Files\Content.IE5\5EM2G09X\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=laptop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"

mRun: [Auto EPSON Stylus CX3800 Series on ANELALANI] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaca.exe /p44 "auto epson stylus cx3800 series on anelalani" /o20 "\\anelalani\EPSONSty" /M "Stylus CX3800"

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

Trusted Zone: line6.net

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-10-30 343664]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-5 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-5 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-5 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-5 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-5 297752]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2009-8-31 21256]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-8-31 146448]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-8-31 66896]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-5-23 70728]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-21 231424]

R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [2006-9-29 29312]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-10-30 91672]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-10-30 43288]

S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-11 133104]

S3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [2006-9-29 472832]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-23 65448]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2007-12-14 16896]

=============== Created Last 30 ================

2010-06-11 21:37:59 0 d-----w- c:\docume~1\tidalw~1\applic~1\Malwarebytes

2010-06-11 21:37:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-11 21:37:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-06-11 21:37:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-11 21:37:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-07 08:28:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-06-07 08:28:32 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-07 08:19:21 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-06-07 08:18:00 0 d-----w- c:\program files\Lavasoft

2010-05-28 20:55:15 53248 ----a-w- c:\windows\system32\ZTAG.DLL

2010-05-28 20:55:14 61440 ----a-w- c:\windows\system32\zIMF.DLL

2010-05-24 04:07:30 65448 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2010-05-24 04:07:29 70728 ----a-w- c:\windows\system32\mfevtps.exe

2010-05-23 23:26:35 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

2010-05-23 23:26:14 0 d-----w- c:\program files\McAfee Security Scan

2010-05-23 23:16:52 0 d-----w- c:\program files\MSN Toolbar

2010-05-23 23:13:06 0 d-----w- c:\program files\MSN Toolbar Installer

2010-05-23 22:56:23 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-19 12:29:47 664 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

============= FINISH: 1:33:22.69 ===============

ark.zip

sjpritch25 · June 18, 2010

Download OTL.EXE to your desktop.
Double-Click on OTL to run it.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Under Custom scan's and fixes section paste in the below in bold

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

keali00 · June 18, 2010

having hard time posting logs, will try again later.

keali00 · June 18, 2010

OTL logfile created on: 6/10/2010 11:07:50 PM - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Tidal Wave\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 11.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 92.95 Gb Total Space | 41.83 Gb Free Space | 45.00% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: TIDALWAVE

Current User Name: Tidal Wave

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/10 23:07:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe

PRC - [2010/06/06 22:25:07 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010/06/06 22:25:04 | 001,352,320 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010/03/21 10:35:30 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2010/03/19 16:51:17 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

PRC - [2010/01/15 02:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

PRC - [2009/08/31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

PRC - [2009/08/31 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

PRC - [2009/08/31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe

PRC - [2009/08/31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

PRC - [2009/08/31 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

PRC - [2009/08/31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

PRC - [2009/08/17 10:14:33 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/08/17 10:14:31 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2009/08/17 10:14:20 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009/08/17 10:14:12 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

PRC - [2009/08/17 10:13:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2009/08/07 17:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/01/16 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

PRC - [2009/01/16 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe

PRC - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe

PRC - [2009/01/16 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe

PRC - [2008/04/13 14:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

PRC - [2005/10/11 16:17:10 | 000,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

PRC - [2004/10/14 11:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

========== Modules (SafeList) ==========

MOD - [2010/06/10 23:07:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe

MOD - [2008/04/13 14:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/06 22:25:04 | 001,352,320 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2010/01/15 02:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/08/31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)

SRV - [2009/08/31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2009/08/31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)

SRV - [2009/08/31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)

SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009/08/17 10:14:12 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)

SRV - [2009/08/17 10:13:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV - [2010/06/06 22:25:59 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2009/08/31 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/08/31 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/08/31 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2009/08/31 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2009/08/31 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2009/08/31 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/08/17 10:14:32 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/08/17 10:14:32 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/06/05 10:27:55 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2007/04/27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)

DRV - [2007/04/27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sntnlusb.sys -- (SNTNLUSB)

DRV - [2006/09/29 06:05:40 | 000,029,312 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l6dp.sys -- (L6DP)

DRV - [2006/09/29 06:01:58 | 000,472,832 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L6TPortB.sys -- (L6TPortB)

DRV - [2005/09/27 12:46:00 | 001,345,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/08/21 23:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2005/08/21 23:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2005/08/21 23:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)

DRV - [2005/08/17 22:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2005/08/11 20:47:34 | 000,376,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005/08/02 00:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)

DRV - [2005/08/01 23:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)

DRV - [2005/06/22 08:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)

DRV - [2005/06/21 06:18:00 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2005/06/19 10:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2005/05/05 10:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)

DRV - [2005/05/05 10:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)

DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004/10/07 15:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2002/11/25 05:46:16 | 000,016,896 | ---- | M] (Syncrosoft GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)

DRV - [2001/08/17 18:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/04/09 05:03:56 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\NSynas32.sys -- (Nsynas32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/07 11:53:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/05/23 13:17:44 | 000,000,000 | ---D | M]

[2009/03/24 00:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tidal Wave\Application Data\Mozilla\Firefox\extensions

[2009/03/24 00:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tidal Wave\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2009/08/31 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

O1 HOSTS File: ([2010/06/08 00:56:51 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Auto EPSON Stylus CX3800 Series on ANELALANI] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )

O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [ybnwcqxg] C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\ivmctblrt\rjlcpsotssd.exe File not found

O4 - HKCU..\Run: [ybnwcqxg] C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\ivmctblrt\rjlcpsotssd.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)

O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell - "" = AutoRun

O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{7ed855de-1b90-11df-92a3-000fb0c11bae}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{c5576df6-adac-11dc-bc00-000fb0c11bae}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe

O33 - MountPoints2\{fd74ee86-c663-11dd-bc2b-000fb0c11bae}\Shell\AutoRun\command - "" = pygnun.exe

O33 - MountPoints2\{fd74ee86-c663-11dd-bc2b-000fb0c11bae}\Shell\explore\Command - "" = pygnun.exe

O33 - MountPoints2\{fd74ee86-c663-11dd-bc2b-000fb0c11bae}\Shell\open\Command - "" = pygnun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/10 23:07:23 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe

[2010/06/06 22:28:42 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/06/06 22:28:32 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/06/06 22:19:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

[2010/06/06 22:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/06/06 22:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010/05/28 10:55:15 | 000,053,248 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG.DLL

[2010/05/28 10:55:14 | 000,061,440 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zIMF.DLL

[2010/05/28 10:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard

[2010/05/23 18:07:30 | 000,065,448 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys

[2010/05/23 18:07:29 | 000,070,728 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe

[2010/05/23 17:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/05/23 17:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee

[2010/05/23 13:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan

[2010/05/23 13:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

[2010/05/23 13:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar

[2010/05/23 13:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer

[2010/05/23 13:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/05/23 12:56:23 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/05/23 12:56:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/05/23 12:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/05/23 12:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/05/19 02:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google

[2010/05/19 01:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/05/19 01:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/05/18 00:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/05/18 00:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/05/18 00:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\ivmctblrt

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Tidal Wave\Desktop\*.tmp files -> C:\Documents and Settings\Tidal Wave\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/10 23:16:07 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\f7zg3qm4.exe

[2010/06/10 23:07:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tidal Wave\Desktop\OTL.exe

[2010/06/10 22:57:03 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/10 17:55:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/06/10 17:50:32 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/10 17:50:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/10 17:50:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/10 17:49:56 | 1071,894,528 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/10 16:40:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tidal Wave\ntuser.ini

[2010/06/10 16:40:44 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\ntuser.dat

[2010/06/10 15:10:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/10 14:42:26 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E9500AEB-0B20-43BA-BD89-5BF4F85838B8}.job

[2010/06/07 23:55:56 | 060,827,902 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/06/06 22:28:21 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/06/06 22:25:59 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/06/06 22:19:14 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/06/06 15:01:54 | 000,018,694 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.pdf

[2010/06/06 15:01:19 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.doc

[2010/06/04 04:55:16 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Pipeline Fundraiser.doc

[2010/06/04 00:36:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Microsoft Office Word 2003.lnk

[2010/06/04 00:07:19 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\MELE WORKSHOP PRESS RELEASE-1.doc

[2010/05/28 10:37:30 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\My Documents\MELE Volunteer.xls

[2010/05/25 10:45:16 | 001,690,534 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\HI pdf file.pdf

[2010/05/25 10:39:59 | 006,589,245 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\design for HI.psd

[2010/05/24 23:13:44 | 004,317,936 | -H-- | M] () -- C:\Documents and Settings\Tidal Wave\Local Settings\Application Data\IconCache.db

[2010/05/23 17:44:05 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

[2010/05/23 17:44:05 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2010/05/23 11:49:40 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/05/21 01:47:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/05/21 00:00:40 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Hoku Volunteer List.xls

[2010/05/20 12:51:34 | 000,521,362 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Aiona BB timeline.pdf

[2010/05/18 02:45:20 | 000,001,952 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2010/05/13 15:41:54 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\DA BB 10.doc

[2010/05/13 10:56:19 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Tidal Wave\Desktop\Specs Prospective Bidders.doc

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Tidal Wave\Desktop\*.tmp files -> C:\Documents and Settings\Tidal Wave\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 22:30:47 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/06/06 22:19:14 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/06/06 15:01:49 | 000,018,694 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.pdf

[2010/06/04 04:55:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Pipeline Fundraiser.doc

[2010/06/04 03:58:42 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HB Lounge Fundraisers.doc

[2010/06/04 00:08:04 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\MELE WORKSHOP PRESS RELEASE-1.doc

[2010/05/28 10:37:30 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\My Documents\MELE Volunteer.xls

[2010/05/25 10:45:13 | 001,690,534 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\HI pdf file.pdf

[2010/05/25 10:39:59 | 006,589,245 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\design for HI.psd

[2010/05/23 13:26:21 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

[2010/05/23 13:26:21 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2010/05/23 11:47:36 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/05/21 00:00:40 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Hoku Volunteer List.xls

[2010/05/20 12:51:34 | 000,521,362 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\Aiona BB timeline.pdf

[2010/05/19 02:29:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/05/18 02:45:20 | 000,001,952 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2010/05/13 11:40:50 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Tidal Wave\Desktop\DA BB 10.doc

[2009/04/08 20:30:45 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2007/10/30 20:47:09 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig

[2006/08/03 01:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI

[2006/03/30 10:35:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2006/03/30 10:33:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini

[2006/02/09 21:25:01 | 000,000,076 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI

[2006/02/06 21:20:34 | 000,000,498 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/11/28 19:48:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005/11/28 19:48:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005/11/28 19:48:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005/11/28 19:48:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005/11/28 19:48:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005/11/28 19:48:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005/11/28 19:33:18 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005/08/17 07:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/08/17 07:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/08/05 19:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005/07/01 01:47:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/06/01 04:46:30 | 011,194,368 | ---- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL

[2005/06/01 04:46:30 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\AGISSI.DLL

[2005/06/01 04:46:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL

[2004/08/10 05:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2004/08/10 05:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2004/08/10 05:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2004/08/10 05:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2004/08/10 05:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2004/06/24 01:20:02 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI

[2004/01/05 20:11:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BsiUt232.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

keali00 · June 18, 2010