Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus Please Help


  • Please log in to reply
4 replies to this topic

#1 baker21

baker21

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 09 March 2012 - 02:18 PM

This is driving me Crazy.. I have the google re-direct virus and I can not get Rid Of it..

I followed tutorials and tried everything, Hitman, mbam, and I need help with using combo fix or hijackthis to remove it..

I ran RKill and it stopped a process called groupconv.exe...

I ran anti virus, TDDS kill, and MBAM with no luck..

I have downloaded OTL and have a detailed report..

I will post the detailed OTL report and the RKILL report and Hijack reports..

I haven't made any CHANGES myself, because I don't know what is bad and what is not..

I do not know what stuff should be removed and what shouldn't.. Please Help

BC AdBot (Login to Remove)

 


#2 baker21

baker21
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 09 March 2012 - 02:37 PM

OTL logfile created on: 3/9/2012 2:25:48 PM - Run 2
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Baker\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 78.84% Memory free
16.00 Gb Paging File | 13.79 Gb Available in Paging File | 86.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.30 Gb Total Space | 219.39 Gb Free Space | 23.86% Space Free | Partition Type: NTFS
Drive D: | 12.11 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
Drive F: | 15.02 Gb Total Space | 10.52 Gb Free Space | 70.01% Space Free | Partition Type: FAT32
Drive K: | 29.83 Gb Total Space | 3.32 Gb Free Space | 11.13% Space Free | Partition Type: NTFS

Computer Name: BAKER-HP | User Name: Baker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/09 02:31:59 | 000,302,592 | ---- | M] () -- C:\Users\Baker\Desktop\Gmer.exe
PRC - [2012/03/09 02:27:45 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Baker\Desktop\OTL.exe
PRC - [2012/02/23 05:57:09 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/31 13:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/03 08:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/12/09 16:16:00 | 000,161,336 | ---- | M] (Google) -- C:\Users\Baker\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 23:05:28 | 000,442,656 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/22 22:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/02/02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe
PRC - [2011/02/02 13:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011/01/10 15:28:54 | 007,328,112 | ---- | M] (Bartels Media GmbH) -- C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
PRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/06/25 13:54:44 | 000,063,488 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/27 09:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/11/21 19:29:34 | 000,233,984 | ---- | M] (Tanuki Software, Ltd.) -- C:\Program Files\Red5\wrapper.exe
PRC - [2009/11/08 22:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/05/14 09:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe
PRC - [2009/04/09 14:19:08 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/19 12:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE


========== Modules (No Company Name) ==========

MOD - [2012/03/09 02:31:59 | 000,302,592 | ---- | M] () -- C:\Users\Baker\Desktop\Gmer.exe
MOD - [2012/02/21 21:34:04 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/16 09:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/30 17:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/22 22:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/03/01 22:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 22:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 22:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 22:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 22:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/01/10 15:28:50 | 000,379,760 | ---- | M] () -- C:\Program Files (x86)\PhraseExpress\pexlang.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/15 20:53:47 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/05/24 22:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/05/24 22:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/15 11:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009/11/21 19:29:34 | 000,233,984 | ---- | M] (Tanuki Software, Ltd.) [Auto | Running] -- C:\Program Files\Red5\wrapper.exe -- (Red5)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/09 14:29:24 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/04/09 14:19:08 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/04/03 11:46:52 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.exe -- (nlsInterface)
SRV - [2012/01/31 13:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 23:05:28 | 000,442,656 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/02 13:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/06/29 22:51:12 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/06/25 13:54:44 | 000,063,488 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 09:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.ScreenshotReader.9.0)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/19 12:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (ASTSRV)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/25 23:02:20 | 004,186,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:64bit: - [2011/05/25 23:02:18 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/05/24 23:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/24 21:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/30 13:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/02 16:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/25 10:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/09/30 12:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 12:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/04/07 18:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 23:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 23:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/18 22:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/11/08 22:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/09 14:21:36 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/04/09 14:21:32 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/04/09 14:21:30 | 000,165,960 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009/04/09 14:18:04 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/04/09 14:10:34 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2007/02/16 13:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6BAAF23D-F3FA-438B-97FE-79D5A8F0A268}
IE:64bit: - HKLM\..\SearchScopes\{3ABC08C7-14C7-45CB-80BC-13F08766994C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{6BAAF23D-F3FA-438B-97FE-79D5A8F0A268}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{CDA54AAD-5F6E-4D8B-B3A8-77C2158F2A09}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{F5B4F5BF-20B3-4A88-A44D-DD980D7C5193}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {6BAAF23D-F3FA-438B-97FE-79D5A8F0A268}
IE - HKLM\..\SearchScopes\{3ABC08C7-14C7-45CB-80BC-13F08766994C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm026YYus&ptb=9CFFE309-8573-4A5D-9955-D07D64349E01&psa=&ind=2011012417&ptnrS=XNxdm026YYus&si=21231&st=sb&n=77dd9d41&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6BAAF23D-F3FA-438B-97FE-79D5A8F0A268}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{CDA54AAD-5F6E-4D8B-B3A8-77C2158F2A09}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{F5B4F5BF-20B3-4A88-A44D-DD980D7C5193}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\..\SearchScopes,DefaultScope = {6BAAF23D-F3FA-438B-97FE-79D5A8F0A268}
IE - HKCU\..\SearchScopes\{3ABC08C7-14C7-45CB-80BC-13F08766994C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm026YYus&ptb=9CFFE309-8573-4A5D-9955-D07D64349E01&psa=&ind=2011012417&ptnrS=XNxdm026YYus&si=21231&st=sb&n=77dd9d41&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{6BAAF23D-F3FA-438B-97FE-79D5A8F0A268}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{CDA54AAD-5F6E-4D8B-B3A8-77C2158F2A09}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{F5B4F5BF-20B3-4A88-A44D-DD980D7C5193}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://dealingdeuces.net/admincp/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {06997db0-c027-4d5f-bd37-b0d9230226ea}:0.62
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {f69e22c7-bc50-414a-9269-0f5c344cd94c}:0.8
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110329release
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "207.62.217.252"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Baker\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Baker\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Baker\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Baker\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Baker\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/03/09 03:13:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/06 00:42:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/09 03:13:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/09/30 21:45:44 | 000,000,000 | ---D | M]

[2010/09/30 22:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Baker\AppData\Roaming\Mozilla\Extensions
[2012/03/07 00:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Baker\AppData\Roaming\Mozilla\Firefox\Profiles\4f1iu8dg.default\extensions
[2012/02/11 18:31:42 | 000,000,000 | ---D | M] (FT PureWhite) -- C:\Users\Baker\AppData\Roaming\Mozilla\Firefox\Profiles\4f1iu8dg.default\extensions\{2f149710-41a6-11e0-9207-0800200c9a66}
[2011/12/08 09:50:46 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Baker\AppData\Roaming\Mozilla\Firefox\Profiles\4f1iu8dg.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012/02/28 01:51:47 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Baker\AppData\Roaming\Mozilla\Firefox\Profiles\4f1iu8dg.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2011/12/16 20:12:44 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Baker\AppData\Roaming\Mozilla\Firefox\Profiles\4f1iu8dg.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012/02/28 01:51:49 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Users\Baker\AppData\Roaming\Mozilla\Firefox\Profiles\4f1iu8dg.default\extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
[2012/02/17 19:17:00 | 000,000,000 | ---D | M] (FT SleekDark) -- C:\Users\Baker\AppData\Roaming\Mozilla\Firefox\Profiles\4f1iu8dg.default\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66}
[2011/01/08 00:12:54 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Baker\AppData\Roaming\Mozilla\Firefox\Profiles\4f1iu8dg.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012/02/23 14:14:08 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Baker\AppData\Roaming\Mozilla\Firefox\Profiles\4f1iu8dg.default\extensions\foxmarks@kei.com
[2011/02/25 13:35:30 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\Baker\AppData\Roaming\Mozilla\Firefox\Profiles\4f1iu8dg.default\extensions\smartbookmarksbar@remy.juteau
[2012/03/06 00:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/03 20:10:49 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/09 03:13:25 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
() (No name found) -- C:\USERS\BAKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4F1IU8DG.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\BAKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4F1IU8DG.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\BAKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4F1IU8DG.DEFAULT\EXTENSIONS\{64D9B72C-E42A-490E-9181-221E1E035A14}.XPI
() (No name found) -- C:\USERS\BAKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4F1IU8DG.DEFAULT\EXTENSIONS\{B442F4C0-C292-4998-AABE-48608A73BA75}.XPI
() (No name found) -- C:\USERS\BAKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4F1IU8DG.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\BAKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4F1IU8DG.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\BAKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4F1IU8DG.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\BAKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4F1IU8DG.DEFAULT\EXTENSIONS\INSPECTOR@MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\BAKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4F1IU8DG.DEFAULT\EXTENSIONS\OVMRVPBKDK@OVMRVPBKDK.ORG.XPI
() (No name found) -- C:\USERS\BAKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4F1IU8DG.DEFAULT\EXTENSIONS\RAINBOW@COLORS.ORG.XPI
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Baker\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Baker\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Baker\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Baker\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ArchiCAD (Enabled) = C:\Users\Baker\AppData\Local\Google\Chrome\Application\plugins\npGDLMozilla.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Baker\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Baker\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Baker\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Baker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Baker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: Web Developer = C:\Users\Baker\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.3.1_0\
CHR - Extension: YouTube = C:\Users\Baker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\Baker\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Chrome Web Developer Tools = C:\Users\Baker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmlldeibipeppiabbdjajcneipfbocm\0.1.4_0\
CHR - Extension: Developer Dashboard = C:\Users\Baker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccdfphjeghnmboiflcjipplmkejpmmj\1_0\
CHR - Extension: Color Pick = C:\Users\Baker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg\0.0.1.28_0\
CHR - Extension: Bookmark bar switcher = C:\Users\Baker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcacnohhaamchlpkihbdifkfjjimcnkl\0.3_0\

O1 HOSTS File: ([2012/03/09 13:37:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [googletalk] C:\Users\Baker\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21E6D558-CAB6-47AD-810B-453D62A4F706}: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A82FF4B5-C5F8-4C7B-9111-40BBD1CFE97B}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/09 13:46:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/09 03:45:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/09 03:45:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/09 03:45:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/09 03:44:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/09 03:36:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/09 03:35:39 | 004,431,495 | R--- | C] (Swearware) -- C:\Users\Baker\Desktop\ComboFix.exe
[2012/03/09 02:47:38 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Users\Baker\Desktop\LSPFix.exe
[2012/03/09 02:33:41 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/03/09 02:27:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Baker\Desktop\OTL.exe
[2012/03/09 01:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/03/09 00:26:21 | 000,000,000 | ---D | C] -- C:\Users\Baker\Desktop\DealingDeuces Sites
[2012/03/08 15:12:03 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{AD7266DA-00F4-4FAB-AB38-08C374ABFB2F}
[2012/03/08 15:11:49 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{CE7482E7-5AB4-4231-B2E4-0C18C62C14DE}
[2012/03/07 15:13:53 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{8F4B7FE3-DB32-425C-AE28-42F66FC9D837}
[2012/03/07 15:13:40 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{B8174852-4FBE-4815-908B-8639C198FF7A}
[2012/03/06 13:56:15 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{D481D5F4-49DA-4A2A-A3BC-A9E6BE816C94}
[2012/03/06 13:56:00 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{7918428F-B094-46F1-891C-2D6AD365D69F}
[2012/03/06 02:40:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/06 02:35:50 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\58311095.sys
[2012/03/06 02:35:38 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Baker\Desktop\TDSSKiller.exe
[2012/03/06 02:04:20 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Roaming\Malwarebytes
[2012/03/06 02:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/06 02:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/06 02:04:08 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/06 02:04:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/06 01:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2012/03/06 01:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2012/03/06 01:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/06 01:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012/03/06 01:00:49 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/05 23:21:56 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{EF00526D-7997-42F6-8359-507CA53A15B5}
[2012/03/05 23:21:43 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{83245C95-2D7C-4DB3-B4CC-654823D5D4A8}
[2012/03/05 11:21:12 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{70976967-D4E4-4357-A9F4-658F1A7B8796}
[2012/03/05 11:20:59 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{BA013541-EAB4-40EF-8C97-5CB4647C88EA}
[2012/03/04 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{8C8E9981-21B4-491B-BE92-E6D802C7CB4B}
[2012/03/04 00:20:24 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{5C7E3ACA-FB3B-4A57-BA8A-077FF6FD28E7}
[2012/03/03 12:20:09 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{E115CDE8-517A-44B8-A9E3-FABAA466088D}
[2012/03/03 12:19:56 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{C29806FE-7FEF-4209-A694-5F8A0B103EC1}
[2012/03/03 00:19:41 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{6BC491BD-27E0-42C7-8D0D-EE9B027EA8DD}
[2012/03/03 00:19:28 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{AE943C92-7FB0-4451-8A6C-D9D0535E269A}
[2012/03/02 12:19:13 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{6AF45A39-C97A-4690-B230-549B10C43A6A}
[2012/03/02 12:19:00 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{65A27F3A-9B1B-48C3-BF75-9E4563BEEA46}
[2012/03/02 10:59:49 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{A00C4E98-BD7F-4F8A-88DA-290B79134766}
[2012/03/02 10:59:35 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{54197620-DAED-4B67-88BB-ABEF0F67C815}
[2012/03/01 13:41:58 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{FDE0657E-853A-419F-8257-0DD1C80DBD07}
[2012/03/01 13:41:36 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{077C95CD-90BD-4B30-9D46-51EB12052489}
[2012/02/29 20:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/02/29 18:18:33 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\Alien Skin
[2012/02/29 18:12:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alien Skin
[2012/02/29 18:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alien Skin
[2012/02/29 11:15:07 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{B47980A0-48B8-4A1E-93DD-75DA98D2E834}
[2012/02/29 11:14:54 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{DD6D9DA7-6C58-4D18-8799-A89C056A998E}
[2012/02/27 16:41:00 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{E5AA6EA8-6BB1-47D0-8EDE-393B025A3274}
[2012/02/27 16:40:47 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{EB79C94A-5481-4EE9-B03F-96B58E499A28}
[2012/02/27 15:05:40 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/02/27 15:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/02/27 14:57:09 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{197671D4-9830-4B4D-AE07-6C1C05EFECAF}
[2012/02/27 14:56:57 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{C3F05374-B67A-4AFF-A94A-6A5C2850E2F3}
[2012/02/27 01:56:49 | 000,000,000 | ---D | C] -- C:\Users\Baker\Desktop\Proofs
[2012/02/27 01:55:49 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{47E68724-3B48-42AA-9E7C-9D15E63A1EAB}
[2012/02/27 01:55:33 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{F3FE5A95-7147-44A5-8112-742F723F9F40}
[2012/02/26 17:12:41 | 000,000,000 | ---D | C] -- C:\Users\Baker\Documents\Tutorials
[2012/02/26 17:11:10 | 000,000,000 | ---D | C] -- C:\Users\Baker\Desktop\Excerise Files
[2012/02/26 17:05:42 | 000,000,000 | ---D | C] -- C:\Users\Baker\Desktop\Custom Playing Card Artwork
[2012/02/26 17:03:08 | 000,000,000 | ---D | C] -- C:\Users\Baker\Desktop\jQuery Scripts
[2012/02/26 15:41:15 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Roaming\com.adobe.dmp.contentviewer
[2012/02/26 15:38:40 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/26 13:28:44 | 000,000,000 | ---D | C] -- C:\Users\Baker\Adobe Flash Builder 4.5
[2012/02/26 13:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2012/02/26 13:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5
[2012/02/26 01:17:52 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Roaming\vlc
[2012/02/26 00:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/02/25 14:01:45 | 000,000,000 | ---D | C] -- C:\Users\Baker\Desktop\JQ-Slider
[2012/02/25 08:29:32 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{BA20133C-598F-480A-A313-43F0C8431631}
[2012/02/25 08:29:19 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{C9B46E68-A426-416E-9CC7-A7E572D54C6A}
[2012/02/25 00:13:46 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{B4F52ADF-2927-4378-92B6-88824935D417}
[2012/02/25 00:13:33 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{E873FBB5-A518-4DFC-80A9-BB3C1EF29E60}
[2012/02/24 17:48:54 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\APN
[2012/02/24 17:47:33 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2012/02/24 17:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2012/02/23 23:30:44 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{A100A5F3-4FAE-4531-9057-8B53D2443E43}
[2012/02/23 23:30:27 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{95E9CD9E-09FA-4BA7-803E-3BFA9A727137}
[2012/02/23 06:23:06 | 000,000,000 | ---D | C] -- C:\Users\Baker\Torrents For DealingDeuces
[2012/02/22 22:22:47 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{11D80063-948C-4ADB-9D0E-B182375FEE29}
[2012/02/22 22:22:35 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{9F0EA087-E406-42AA-A43B-6EB8D347D824}
[2012/02/22 05:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraCompare
[2012/02/22 05:20:58 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Roaming\IDMComp
[2012/02/22 05:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
[2012/02/22 05:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions
[2012/02/21 20:59:11 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{2340B4AA-69AD-4EAC-898C-8569585A8579}
[2012/02/21 20:58:58 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{7096908F-8221-4CE3-847F-7B32BE99DEFC}
[2012/02/21 20:31:40 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{00477EB0-42FB-4737-B038-407D35427676}
[2012/02/21 20:31:27 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{CAEA1EB8-CD1F-4B69-A72F-69E57698119E}
[2012/02/21 20:04:03 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{1A0BBA17-1064-4911-B0E8-9B69540401E7}
[2012/02/21 20:03:51 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{5A2489DB-EF38-41CD-A2D4-26806AA18D51}
[2012/02/20 14:45:20 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{E2065923-5A32-4278-9FB7-4CE71245061A}
[2012/02/20 14:45:07 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{265D8078-F0A6-48E9-97E9-DEEA11819DDD}
[2012/02/18 22:28:59 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{5E72CED5-9351-4CE3-8449-4DA0D86A8693}
[2012/02/18 22:28:46 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{3F9ACADA-C130-4B62-A6F7-8251580F2FC2}
[2012/02/17 10:13:37 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{85241437-696F-4678-A0BA-C2B375501B68}
[2012/02/17 10:13:24 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{74006DB7-92D1-405C-B505-28E5750D7F0C}
[2012/02/17 09:54:47 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{C0E19AA0-8316-4E71-BB05-A8595442E767}
[2012/02/17 09:54:34 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{5148E600-61B3-4AFD-8A1C-3FE2A2E01C4E}
[2012/02/17 00:35:55 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{FCF5EA4C-9DC6-465A-A8AC-BEE31679B07A}
[2012/02/17 00:35:42 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{5434164E-608E-4DA3-90F4-BDBE24069B59}
[2012/02/17 00:21:39 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{4ADBA248-121E-48EA-AB7C-444A5A159714}
[2012/02/17 00:21:26 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{7A953020-AA71-40C3-BA57-2251706248DB}
[2012/02/16 22:59:25 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{A590BA30-C7E5-4ED1-B4AF-C1CE58AC7C76}
[2012/02/16 22:59:12 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{9BCD075E-71EE-401E-87A1-54C2F7D97FD5}
[2012/02/16 20:55:52 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{58982E37-008D-4E4A-82F6-488ACB539B63}
[2012/02/16 20:55:38 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{BC2C00B7-7601-4954-BA2F-FDDC94A2E828}
[2012/02/16 13:57:47 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{8CBD1517-7ECA-47BA-BE4B-5713987D0F21}
[2012/02/16 13:57:33 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{26DD0804-33F3-48F9-AD94-BA575BF9A0DE}
[2012/02/15 03:04:17 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 03:04:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 03:04:12 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/15 03:04:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 03:04:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 03:04:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 03:04:10 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/15 03:04:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/15 03:04:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 03:04:08 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/15 03:04:08 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/14 20:32:04 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/14 20:32:02 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/14 20:32:01 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/14 20:31:49 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/13 17:54:29 | 000,000,000 | ---D | C] -- C:\Users\Baker\Tracker
[2012/02/13 17:35:47 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{A0E05CA2-A7B8-4A8B-AEDE-A9DA45195A7B}
[2012/02/13 17:35:34 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{DFCBED2A-CD9B-494B-9166-6DA38D979DF3}
[2012/02/13 16:30:39 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{9B36EA74-1CC6-4571-B4A0-81DC4D74EB00}
[2012/02/13 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{55A75ADB-6DB4-49D7-9BB0-0C4BB2ABABC3}
[2012/02/13 13:01:25 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{942C4B63-C744-4CBC-9DA6-FA93DF83485F}
[2012/02/13 13:01:12 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{A78929E5-9599-4343-9CB4-BB1B4D9D6B0C}
[2012/02/10 14:33:50 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Roaming\uTorrent
[2012/02/10 14:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/02/10 14:22:17 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\Conduit
[2012/02/10 11:40:54 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{0FB4E003-DE2C-464D-8989-543EC35D9692}
[2012/02/10 11:40:41 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{DC39A725-2C4D-4872-892F-57E93EEC413E}
[2012/02/09 14:41:21 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{B2374358-E38A-46DF-88AC-D9C8D1C12E1E}
[2012/02/09 14:41:07 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{4E30764F-BE7E-430D-AFD5-4B9AE37DC4C0}
[2012/02/08 14:47:11 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{4D98E087-B934-4F2B-B0AD-C4FD6557E554}
[2012/02/08 14:46:58 | 000,000,000 | ---D | C] -- C:\Users\Baker\AppData\Local\{C55B3C87-3183-4DC0-A330-A488C180347B}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/09 14:20:10 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1625869450-1961050837-4073168303-1001Core.job
[2012/03/09 14:14:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1625869450-1961050837-4073168303-1001UA.job
[2012/03/09 14:12:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/09 13:37:43 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/09 13:37:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/09 13:36:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/09 13:12:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 13:12:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 04:02:36 | 2146,914,303 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/09 03:35:53 | 004,431,495 | R--- | M] (Swearware) -- C:\Users\Baker\Desktop\ComboFix.exe
[2012/03/09 03:13:39 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/03/09 02:47:47 | 000,186,880 | ---- | M] (CEXX.ORG) -- C:\Users\Baker\Desktop\LSPFix.exe
[2012/03/09 02:33:41 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/03/09 02:31:59 | 000,302,592 | ---- | M] () -- C:\Users\Baker\Desktop\Gmer.exe
[2012/03/09 02:27:45 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Baker\Desktop\OTL.exe
[2012/03/09 02:10:20 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2012/03/09 01:48:20 | 001,008,141 | ---- | M] () -- C:\Users\Baker\Desktop\rkill.exe
[2012/03/09 00:15:14 | 000,000,132 | ---- | M] () -- C:\Users\Baker\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/08 21:00:53 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/03/08 18:15:11 | 000,002,405 | ---- | M] () -- C:\Users\Baker\Desktop\Google Chrome.lnk
[2012/03/06 02:51:26 | 000,005,248 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/03/06 02:35:50 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\58311095.sys
[2012/03/06 02:20:06 | 001,943,188 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/03/06 02:04:11 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 01:55:35 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2012/03/06 00:42:22 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/05 11:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Baker\Desktop\TDSSKiller.exe
[2012/03/01 20:03:50 | 000,000,727 | ---- | M] () -- C:\Users\Baker\Documents\joomlart slideshow.rtf
[2012/02/29 20:11:27 | 007,287,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/29 18:28:17 | 000,000,256 | -H-- | M] () -- C:\Windows\€nlsPreferences.dat
[2012/02/28 00:42:44 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/28 00:42:44 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/28 00:42:44 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/26 13:15:29 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Content Viewer.lnk
[2012/02/26 03:59:56 | 000,238,888 | ---- | M] () -- C:\Users\Baker\Documents\mozila.png
[2012/02/26 03:59:20 | 000,367,102 | ---- | M] () -- C:\Users\Baker\Documents\ie.png
[2012/02/26 00:39:31 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/02/25 18:36:33 | 000,054,373 | ---- | M] () -- C:\Users\Baker\Documents\Untitled-2.png
[2012/02/24 17:47:34 | 000,001,001 | ---- | M] () -- C:\Users\Baker\Desktop\KMPlayer.lnk
[2012/02/22 05:25:00 | 000,002,088 | ---- | M] () -- C:\Users\Baker\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraCompare Professional.lnk
[2012/02/22 05:25:00 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\UltraCompare Professional.lnk
[2012/02/22 05:21:11 | 000,002,094 | ---- | M] () -- C:\Users\Baker\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk
[2012/02/22 05:21:11 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2012/02/22 00:30:48 | 000,000,132 | ---- | M] () -- C:\Users\Baker\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/02/21 21:34:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/19 02:58:41 | 000,000,473 | ---- | M] () -- C:\Toshiba HDD (B) - Shortcut.lnk
[2012/02/16 13:15:50 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/02/13 20:34:30 | 000,002,010 | ---- | M] () -- C:\Users\Baker\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/10 14:34:13 | 000,000,933 | ---- | M] () -- C:\Users\Baker\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/02/10 14:34:13 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/09 03:45:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/09 03:45:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/09 03:45:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/09 03:45:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/09 03:45:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/09 02:31:54 | 000,302,592 | ---- | C] () -- C:\Users\Baker\Desktop\Gmer.exe
[2012/03/09 02:05:30 | 001,008,141 | ---- | C] () -- C:\Users\Baker\Desktop\rkill.exe
[2012/03/06 02:51:26 | 000,005,248 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/03/06 02:16:49 | 001,943,188 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/03/06 02:04:11 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 01:55:35 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2012/03/06 01:41:16 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2012/03/01 20:03:49 | 000,000,727 | ---- | C] () -- C:\Users\Baker\Documents\joomlart slideshow.rtf
[2012/02/26 13:16:40 | 000,001,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/02/26 13:15:29 | 000,001,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2012/02/26 13:15:29 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Content Viewer.lnk
[2012/02/26 13:01:05 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/02/26 03:59:53 | 000,238,888 | ---- | C] () -- C:\Users\Baker\Documents\mozila.png
[2012/02/26 03:59:17 | 000,367,102 | ---- | C] () -- C:\Users\Baker\Documents\ie.png
[2012/02/26 00:39:31 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/02/25 18:36:31 | 000,054,373 | ---- | C] () -- C:\Users\Baker\Documents\Untitled-2.png
[2012/02/24 17:47:34 | 000,001,001 | ---- | C] () -- C:\Users\Baker\Desktop\KMPlayer.lnk
[2012/02/22 05:25:00 | 000,002,088 | ---- | C] () -- C:\Users\Baker\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraCompare Professional.lnk
[2012/02/22 05:25:00 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\UltraCompare Professional.lnk
[2012/02/22 05:21:11 | 000,002,094 | ---- | C] () -- C:\Users\Baker\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk
[2012/02/22 05:21:11 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2012/02/19 02:58:41 | 000,000,473 | ---- | C] () -- C:\Toshiba HDD (B) - Shortcut.lnk
[2012/02/10 14:34:13 | 000,000,933 | ---- | C] () -- C:\Users\Baker\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/02/10 14:34:13 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/08/15 20:54:17 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/08/15 20:46:56 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/03 15:36:10 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/08/01 23:42:42 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/07/23 18:21:40 | 000,000,059 | ---- | C] () -- C:\Windows\ANS2000.INI
[2011/07/23 18:21:40 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2011/07/23 18:21:40 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2011/05/25 23:05:00 | 010,879,000 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/05/25 23:05:00 | 000,333,336 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/05/25 23:05:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/05/24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/20 11:37:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/03/24 18:14:48 | 000,011,609 | ---- | C] () -- C:\Users\Baker\AppData\Roaming\Charlescharles.config
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/26 19:57:33 | 000,000,600 | ---- | C] () -- C:\Users\Baker\AppData\Local\PUTTY.RND
[2011/01/18 21:45:09 | 000,007,609 | ---- | C] () -- C:\Users\Baker\AppData\Local\Resmon.ResmonCfg
[2010/12/29 13:35:37 | 000,000,256 | -H-- | C] () -- C:\Windows\€nlsPreferences.dat
[2010/11/08 12:22:54 | 000,000,132 | ---- | C] () -- C:\Users\Baker\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2010/11/02 17:39:04 | 000,001,456 | ---- | C] () -- C:\Users\Baker\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/04 13:30:11 | 000,000,132 | ---- | C] () -- C:\Users\Baker\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/10/02 13:25:57 | 000,000,132 | ---- | C] () -- C:\Users\Baker\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/10/01 21:11:22 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/10/01 01:06:28 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/10/01 01:06:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/10/01 01:06:27 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/01 01:06:27 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/01 01:06:26 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/14 20:50:01 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/08/14 20:40:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:C6070AC3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

#3 baker21

baker21
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 09 March 2012 - 07:57 PM

it got worst now.. I am in trouble.. I typed in avast and this thing popped up and shutfown eerything, and said internet security and said I had a worm and it shut me out..

I went into saf mode and ran tdds killer and it found some root but Is till hae redirect irus, its like its getting worst.. please some1 help me

#4 TheChupster

TheChupster

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 09 March 2012 - 08:07 PM

Try ESET online scanner- you can either run it from Internet Explorer or download it from any other browser and run it. It got rid of mine several months back.

www.eset.com/us/online-scanner/

#5 baker21

baker21
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 09 March 2012 - 09:01 PM

now I noticed none of my ctrl keys are working, I cant copy or paster anyhting.. ctrl alt del dont work or nothing..

I hae eset and had it installed and up to date.. it missed irus.. Iw ill try online tho.. I installed aast and am running scan now but it has found nothing.. also running gmer and ran hack this...

Here is text output...

i was getting error saying tabtip.exe had worm infected, tdds found something in safemode and so did mabam and remoed them..

I still hae redirect irus though..

and still no

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:56:00 AM, on 3/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe
C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe
C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe
C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\notepad.exe
C:\Users\Baker\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Kayako Desktop] C:\Program Files (x86)\Kayako\Desktop\KayakoDesktop.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Baker\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googletalk] C:\Users\Baker\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Update] rundll32.exe "C:\Users\Baker\AppData\Roaming\dvdcss\dvdcss\dkgjonab.dll",DllRegisterServer
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Update] rundll32.exe "C:\Users\Baker\AppData\Roaming\dvdcss\dvdcss\dkgjonab.dll",DllRegisterServer (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Update] rundll32.exe "C:\Users\Baker\AppData\Roaming\dvdcss\dvdcss\dkgjonab.dll",DllRegisterServer (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Update] rundll32.exe "C:\Users\Baker\AppData\Roaming\dvdcss\dvdcss\dkgjonab.dll",DllRegisterServer (User 'Default user')
O4 - Global Startup: PhraseExpress.lnk = C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ABBYY.Licensing.FineReader.ScreenshotReader.9.0 - ABBYY - C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AST HighEnd Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: CyberLink Product - 2010/08/14 18:57:39 (CLKMSVC10_C6F09094) - CyberLink - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service 64-bit (nlsInterface) - Unknown owner - C:\Windows\system32\nlsInterface.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Red5 - Tanuki Software, Ltd. - C:\Program Files\Red5\wrapper.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16335 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users