Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google Analytics/Epoclick Virus?


  • This topic is locked This topic is locked
7 replies to this topic

#1 Infanteer

Infanteer

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 02 November 2010 - 10:44 PM

Good day; I feel like I'm at the doctor with the itch.

I'm currently running a pretty new PC with Windows 7. It appears to be a 64-bit (hence some of the fixes are not working). I am using an "F-Secure" anti-virus program that was provided by my internet provider.

I've had some sort of infection which causes random webpages to pop-up; usually "Google Analytics" or "Epoclick", among others. I've researched this on the web and seen a few different explanations as to what this is and how it escapes detection. I've tried some recommended fixes, but with no luck. I purchased this tutorial "fix google redirect" with no luck - the Combofix program would not start and, reading into it, is not designed to work with 64-bit Win7 computers. I next tried downloading a "Paretologic PC Health Advisor" to fix my registries - although this seems like a neat program (I'm not to sharp on computer skills) it isn't really fixing anything. I've tried a few more remadies recommended with a search of the web with no luck. BC seemed to pop up lots, so I've went through the tutorial and have attached my computer's specifics below in the hope that someone can tell me what is going on here. Of note, when I ran the GMER scan, the only boxes that I was allowed to check were the "Service", "Registry", "Files - C:\" and "ADS" boxes - everything else was greyed out, so this may be an incomplete scan?

Help me Obi-wan....

Thank you,

Inf

----DSS.txt file---

DDS (Ver_10-11-01.01) - NTFS_AMD64
Run by Petersen at 21:18:03.31 on 02/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.16343.14024 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\Shaw Secure\Common\FSMA32.EXE
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\Shaw Secure\Common\FSHDLL32.EXE
C:\Windows\runservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Shaw Secure\Common\FSHDLL64.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Shaw Secure\ORSP Client\fsorsp.exe
C:\Program Files (x86)\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe
C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe
C:\Program Files (x86)\Shaw Secure\Common\FSM32.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Shaw Secure\Spam Control\fsscoepl_x64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Petersen\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.google.ca/
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=fx6831&r=17360510n606p0495v115k4411r289
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=fx6831&r=17360510n606p0495v115k4411r289
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe"
mRun: [F-Secure Manager] "C:\Program Files (x86)\Shaw Secure\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\Quicken\ic2009pp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-9 55024]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Shaw Secure\HIPS\drivers\fshs.sys [2010-5-9 57920]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2010-5-9 44624]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2010-5-9 92160]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsvista.sys [2010-5-9 14904]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/02/09 20:38:05];C:\Program Files (x86)\CyberLink\PlayMovie\000.fcl [2010-2-9 146928]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-28 203264]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32st.exe [2010-5-9 215648]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2010-5-13 2560]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2007-8-13 11576]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-9 2314240]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-30 240160]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-28 7883264]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-28 285696]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-11-30 283824]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [2010-5-9 190120]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Shaw Secure\ORSP Client\fsorsp.exe [2010-5-9 64016]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-30 56344]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2010-2-9 25600]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-8-21 712704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-8 135664]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-9 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-9 79360]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-17 1255736]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\Shaw Secure\Anti-Virus\win2k\fsfilter.sys [2010-5-9 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\Shaw Secure\Anti-Virus\win2k\fsrec.sys [2010-5-9 25184]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2010-11-03 02:51:59 -------- d-----w- C:\Users\Petersen\AppData\Roaming\Malwarebytes
2010-11-03 02:51:54 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-03 02:51:54 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-03 02:51:53 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-03 02:51:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-03 02:45:45 -------- d-----w- C:\Users\Petersen\AppData\Local\ElevatedDiagnostics
2010-11-03 02:28:48 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2010-11-03 02:28:28 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-11-02 13:15:52 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{751DB516-EBC0-4113-8BAB-68402E259EC9}\mpengine.dll
2010-11-01 02:17:30 -------- d-----w- C:\ATI
2010-11-01 01:06:35 -------- d-----w- C:\Program Files (x86)\ESET
2010-10-30 06:52:42 -------- d-----w- C:\Users\Petersen\AppData\Roaming\Windows Live Writer
2010-10-30 06:52:42 -------- d-----w- C:\Users\Petersen\AppData\Local\Windows Live Writer
2010-10-30 06:38:34 -------- d-----w- C:\Users\Petersen\AppData\Roaming\ParetoLogic
2010-10-30 06:38:34 -------- d-----w- C:\Users\Petersen\AppData\Roaming\DriverCure
2010-10-30 06:38:29 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2010-10-30 06:38:28 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2010-10-30 06:38:28 -------- d-----w- C:\PROGRA~3\ParetoLogic
2010-10-30 06:10:19 -------- d-----w- C:\Program Files (x86)\FixRedirectVirus
2010-10-27 13:54:12 -------- d-----w- C:\Windows\en
2010-10-27 13:52:37 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-10-27 13:51:51 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1af1bc741cb75de2d\InstallManager_WLE_WLE.exe
2010-10-27 13:51:39 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\148f94371cb75de22\MeshBetaRemover.exe
2010-10-27 13:51:28 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d919ee11cb75de1a\DSETUP.dll
2010-10-27 13:51:28 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d919ee11cb75de1a\DXSETUP.exe
2010-10-27 13:51:28 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d919ee11cb75de1a\dsetup32.dll
2010-10-27 13:51:27 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ce704821cb75de19\DSETUP.dll
2010-10-27 13:51:27 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ce704821cb75de19\DXSETUP.exe
2010-10-27 13:51:27 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ce704821cb75de19\dsetup32.dll
2010-10-27 13:51:02 -------- d-----w- C:\Users\Petersen\AppData\Local\Windows Live
2010-10-27 13:50:29 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-27 13:50:29 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-27 13:50:29 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-27 13:50:28 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-27 13:50:28 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-27 13:50:23 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-27 13:50:21 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-26 19:29:01 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-26 19:29:01 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-26 19:29:01 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-26 19:29:01 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-26 19:29:01 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-26 19:29:01 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-26 19:29:01 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-26 19:28:19 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-04 23:36:42 -------- d-----w- C:\Program Files\iPod
2010-10-04 23:36:41 -------- d-----w- C:\Program Files\iTunes
2010-10-04 23:36:41 -------- d-----w- C:\Program Files (x86)\iTunes
2010-10-04 23:34:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-10-04 23:34:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2010-10-04 23:34:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-10-04 23:34:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-10-04 23:34:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-10-04 23:34:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-10-04 23:34:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-10-04 23:33:22 -------- d-----w- C:\Program Files\Bonjour
2010-10-04 23:33:22 -------- d-----w- C:\Program Files (x86)\Bonjour

==================== Find3M ====================

2010-11-03 02:57:11 2601 --sha-w- C:\Windows\SysWow64\mmf.sys
2010-10-19 17:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-29 02:26:12 7883264 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-09-29 02:13:38 21344256 ----a-w- C:\Windows\System32\atio6axx.dll
2010-09-29 01:56:14 16201728 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-09-29 01:55:12 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-09-29 01:55:02 536576 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-09-29 01:54:02 628224 ----a-w- C:\Windows\System32\aticfx64.dll
2010-09-29 01:51:52 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-09-29 01:51:46 462336 ----a-w- C:\Windows\System32\atieclxx.exe
2010-09-29 01:51:08 203264 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-09-29 01:49:58 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-09-29 01:49:42 421376 ----a-w- C:\Windows\System32\atipdl64.dll
2010-09-29 01:49:34 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-09-29 01:49:24 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-09-29 01:49:18 12288 ----a-w- C:\Windows\System32\atimuixx.dll
2010-09-29 01:49:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-09-29 01:49:08 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-09-29 01:46:06 3953152 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-09-29 01:37:28 4660224 ----a-w- C:\Windows\System32\atidxx64.dll
2010-09-29 01:30:02 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-09-29 01:28:00 4077568 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-09-29 01:27:22 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-09-29 01:27:20 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-09-29 01:27:12 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-09-29 01:27:10 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-09-29 01:27:00 5470720 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-09-29 01:26:04 4407808 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-09-29 01:23:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-09-29 01:22:56 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-09-29 01:21:54 5240832 ----a-w- C:\Windows\System32\atiumd64.dll
2010-09-29 01:15:20 340480 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-09-29 01:15:12 241664 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-09-29 01:15:02 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-09-29 01:14:58 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-09-29 01:14:58 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-09-29 01:14:56 21504 ----a-w- C:\Windows\System32\atig6txx.dll
2010-09-29 01:14:52 19968 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-09-29 01:14:48 285696 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-09-29 01:14:06 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-09-29 01:14:00 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-09-29 01:13:54 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-09-29 01:13:44 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-09-29 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-09-29 01:09:32 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-09-29 01:09:32 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-09-29 01:09:24 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-09-29 01:09:24 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-09-27 02:35:45 724992 ----a-w- C:\Windows\iun6002.exe
2010-09-23 06:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 06:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 20:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 20:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-15 10:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 17:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 17:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 13:41:53 41624 ----a-w- C:\Windows\System32\drivers\fsbts.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 18:33:08 332800 ----a-w- C:\Windows\System32\ATIODE.exe
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 21:18:29.33 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:25 AM

Posted 11 November 2010 - 08:39 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Infanteer

Infanteer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 15 November 2010 - 10:04 PM

Elise,

Thank you. I haven't done much on the computer, but some updates took place between my original post and before I read your message so I redid the scans for you and put them at the bottom of this post/attached them as per the original post. The Root-unhooker program will not start, I get an error message saying "Error Loading Driver NTSTATUS CODE (bunch of numbers)"

Here is the OTL List:

OTL logfile created on: 11/15/2010 7:39:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Petersen\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

16.00 Gb Total Physical Memory | 13.00 Gb Available Physical Memory | 83.00% Memory free
32.00 Gb Paging File | 29.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1381.17 Gb Total Space | 1122.15 Gb Free Space | 81.25% Space Free | Partition Type: NTFS
Drive K: | 7.55 Gb Total Space | 7.49 Gb Free Space | 99.14% Space Free | Partition Type: FAT32

Computer Name: PETERSEN-PC | User Name: Petersen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/15 19:39:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Petersen\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/13 19:46:36 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/10/13 06:14:01 | 000,064,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Shaw Secure\ORSP Client\fsorsp.exe
PRC - [2010/08/16 07:04:18 | 000,783,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Shaw Secure\Anti-Virus\fssm32.exe
PRC - [2010/08/16 07:04:18 | 000,492,200 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32.exe
PRC - [2010/07/14 06:52:17 | 000,365,248 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsav32.exe
PRC - [2010/05/13 16:45:29 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2009/12/16 20:55:30 | 000,093,568 | ---- | M] (North Star com.) -- C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe
PRC - [2009/12/09 02:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009/11/16 13:36:10 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe
PRC - [2009/11/12 20:31:42 | 000,185,576 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe
PRC - [2009/10/13 12:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/09/03 17:39:46 | 000,959,488 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
PRC - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/12 15:58:52 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/08/05 08:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Shaw Secure\Common\FSMA32.EXE
PRC - [2009/08/05 08:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Shaw Secure\Common\FSM32.EXE
PRC - [2009/08/05 08:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Shaw Secure\Common\FSHDLL32.EXE
PRC - [2009/08/05 08:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32st.exe
PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe


========== Modules (SafeList) ==========

MOD - [2010/11/15 19:39:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Petersen\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/28 18:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/13 06:14:01 | 000,064,016 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Shaw Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/10/04 20:31:10 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/13 16:45:29 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2010/05/09 07:15:08 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/09 07:01:15 | 000,844,384 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Shaw Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/09 21:29:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/02/09 21:29:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/12/09 02:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/10/13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 11:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/05 08:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Shaw Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 08:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/09/28 19:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/09/28 19:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/28 18:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/09 07:01:54 | 000,044,624 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/29 01:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/29 18:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/23 02:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/24 19:06:00 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/08/05 08:57:24 | 000,092,160 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 15:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/08/13 07:24:26 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010/08/12 19:20:54 | 000,190,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/11/12 20:31:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/09 20:38:05] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009/08/05 08:58:30 | 000,057,920 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Shaw Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 08:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Shaw Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 08:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Shaw Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/08/05 08:56:12 | 000,014,904 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=fx6831&r=17360510n606p0495v115k4411r289
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=fx6831&r=17360510n606p0495v115k4411r289
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=fx6831&r=17360510n606p0495v115k4411r289
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=fx6831&r=17360510n606p0495v115k4411r289


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-202152366-2571768097-2440564152-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-202152366-2571768097-2440564152-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-202152366-2571768097-2440564152-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Shaw Secure\NRS\litmus-ff@f-secure.com [2010/09/07 06:48:00 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-202152366-2571768097-2440564152-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-202152366-2571768097-2440564152-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\THXCfg64.DLL File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Shaw Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Shaw Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-202152366-2571768097-2440564152-1001..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\Quicken\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 19:39:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Petersen\Desktop\OTL.exe
[2010/11/15 18:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/15 18:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/15 18:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/15 18:01:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/02 20:22:24 | 000,000,000 | ---D | C] -- C:\Users\Petersen\Desktop\gmer
[2010/11/02 19:51:59 | 000,000,000 | ---D | C] -- C:\Users\Petersen\AppData\Roaming\Malwarebytes
[2010/11/02 19:51:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/02 19:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/02 19:51:53 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/02 19:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/02 19:45:45 | 000,000,000 | ---D | C] -- C:\Users\Petersen\AppData\Local\ElevatedDiagnostics
[2010/11/02 19:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/11/02 19:19:21 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/31 19:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/10/31 19:17:30 | 000,000,000 | ---D | C] -- C:\ATI
[2010/10/31 18:06:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/29 23:52:42 | 000,000,000 | ---D | C] -- C:\Users\Petersen\AppData\Roaming\Windows Live Writer
[2010/10/29 23:52:42 | 000,000,000 | ---D | C] -- C:\Users\Petersen\AppData\Local\Windows Live Writer
[2010/10/29 23:38:34 | 000,000,000 | ---D | C] -- C:\Users\Petersen\AppData\Roaming\ParetoLogic
[2010/10/29 23:38:34 | 000,000,000 | ---D | C] -- C:\Users\Petersen\AppData\Roaming\DriverCure
[2010/10/29 23:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2010/10/29 23:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/10/29 23:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2010/10/29 23:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixRedirectVirus
[2010/10/27 06:54:12 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/27 06:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/27 06:51:02 | 000,000,000 | ---D | C] -- C:\Users\Petersen\AppData\Local\Windows Live
[2010/10/26 10:30:08 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Petersen\Desktop\TDSSKiller.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/15 19:40:07 | 000,629,057 | ---- | M] () -- C:\Users\Petersen\Desktop\RkU3.8.388.590.rar
[2010/11/15 19:39:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Petersen\Desktop\OTL.exe
[2010/11/15 19:13:19 | 000,751,086 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/15 19:13:19 | 000,643,920 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/15 19:13:19 | 000,117,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/15 19:12:09 | 001,177,833 | ---- | M] () -- C:\Users\Petersen\Desktop\Amber Banking Info.JPG
[2010/11/15 18:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/15 18:16:57 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/15 18:12:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 18:12:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 18:03:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/15 18:02:17 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2010/11/15 18:01:59 | 000,002,601 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2010/11/15 18:01:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/15 18:01:51 | 4262,797,310 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/07 07:08:13 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2010/11/07 06:56:01 | 000,000,510 | ---- | M] () -- C:\0.bak
[2010/11/06 20:52:42 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2010/11/05 17:00:24 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2010/11/02 20:48:06 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Petersen\Desktop\TDSSKiller.exe
[2010/11/02 20:21:05 | 000,286,404 | ---- | M] () -- C:\Users\Petersen\Desktop\gmer.zip
[2010/11/02 20:18:00 | 000,623,616 | ---- | M] () -- C:\Users\Petersen\Desktop\dds.scr
[2010/11/02 19:28:48 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/11/02 17:35:38 | 000,000,219 | ---- | M] () -- C:\0
[2010/11/01 05:06:04 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010/10/29 23:38:30 | 000,001,104 | ---- | M] () -- C:\Users\Petersen\Desktop\ParetoLogic PC Health Advisor.lnk
[2010/10/29 23:10:19 | 000,001,955 | ---- | M] () -- C:\Users\Petersen\Desktop\Redirect Virus Remover.lnk
[2010/10/19 20:48:30 | 000,005,120 | ---- | M] () -- C:\Users\Petersen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 19:39:57 | 000,629,057 | ---- | C] () -- C:\Users\Petersen\Desktop\RkU3.8.388.590.rar
[2010/11/15 19:12:09 | 001,177,833 | ---- | C] () -- C:\Users\Petersen\Desktop\Amber Banking Info.JPG
[2010/11/15 18:16:57 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/02 20:20:58 | 000,286,404 | ---- | C] () -- C:\Users\Petersen\Desktop\gmer.zip
[2010/11/02 20:17:19 | 000,623,616 | ---- | C] () -- C:\Users\Petersen\Desktop\dds.scr
[2010/11/02 19:28:48 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/10/31 18:38:34 | 000,000,510 | ---- | C] () -- C:\0.bak
[2010/10/29 23:38:36 | 000,000,474 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2010/10/29 23:38:30 | 000,001,104 | ---- | C] () -- C:\Users\Petersen\Desktop\ParetoLogic PC Health Advisor.lnk
[2010/10/29 23:38:30 | 000,000,448 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010/10/29 23:38:29 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2010/10/29 23:38:29 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2010/10/29 23:10:19 | 000,001,955 | ---- | C] () -- C:\Users\Petersen\Desktop\Redirect Virus Remover.lnk
[2010/08/15 15:07:31 | 000,000,254 | ---- | C] () -- C:\Windows\RomeTW.ini
[2010/08/15 14:12:56 | 000,000,708 | ---- | C] () -- C:\Windows\Vtw.INI
[2010/07/29 08:47:36 | 000,005,120 | ---- | C] () -- C:\Users\Petersen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/04 13:36:48 | 000,000,000 | ---- | C] () -- C:\Users\Petersen\AppData\Roaming\wklnhst.dat
[2010/06/04 10:13:27 | 000,002,601 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2010/05/13 16:45:29 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2010/05/09 06:50:43 | 000,041,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2010/05/09 06:50:32 | 000,758,466 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/09 06:43:54 | 000,000,149 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/02/09 21:36:37 | 000,009,554 | ---- | C] () -- C:\ProgramData\PowerCinema64.log
[2010/02/09 21:30:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/02/09 21:30:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/02/09 21:30:00 | 000,001,112 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/02/09 21:30:00 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/02/09 21:30:00 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:23:40 | 000,020,482 | ---- | C] () -- C:\Windows\SysWow64\s3redis.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/05/16 11:04:12 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/15 15:33:47 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\OpenOffice.org
[2010/07/23 21:14:23 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\Sony
[2010/07/22 22:45:55 | 000,000,000 | ---D | M] -- C:\Users\Amber\AppData\Roaming\WildTangent
[2010/05/16 11:13:20 | 000,000,000 | ---D | M] -- C:\Users\Petersen\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/29 23:38:34 | 000,000,000 | ---D | M] -- C:\Users\Petersen\AppData\Roaming\DriverCure
[2010/07/24 12:49:26 | 000,000,000 | ---D | M] -- C:\Users\Petersen\AppData\Roaming\Leadertech
[2010/06/15 15:28:38 | 000,000,000 | ---D | M] -- C:\Users\Petersen\AppData\Roaming\OpenOffice.org
[2010/10/29 23:38:34 | 000,000,000 | ---D | M] -- C:\Users\Petersen\AppData\Roaming\ParetoLogic
[2010/05/08 18:48:04 | 000,000,000 | ---D | M] -- C:\Users\Petersen\AppData\Roaming\PowerCinema
[2010/05/13 11:03:26 | 000,000,000 | ---D | M] -- C:\Users\Petersen\AppData\Roaming\Research In Motion
[2010/05/08 17:31:10 | 000,000,000 | ---D | M] -- C:\Users\Petersen\AppData\Roaming\SoftDMA
[2010/07/23 21:09:54 | 000,000,000 | ---D | M] -- C:\Users\Petersen\AppData\Roaming\Sony
[2010/07/04 13:38:03 | 000,000,000 | ---D | M] -- C:\Users\Petersen\AppData\Roaming\Template
[2010/05/09 08:06:22 | 000,000,000 | ---D | M] -- C:\Users\Petersen\AppData\Roaming\The Creative Assembly
[2010/05/11 10:47:18 | 000,000,000 | ---D | M] -- C:\Users\Petersen\AppData\Roaming\WildTangent
[2010/10/29 23:52:42 | 000,000,000 | ---D | M] -- C:\Users\Petersen\AppData\Roaming\Windows Live Writer
[2010/11/06 20:52:42 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2010/11/01 05:06:04 | 000,000,448 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2010/11/05 17:00:24 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2010/11/07 07:08:13 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
[2009/07/13 22:08:49 | 000,013,230 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/15 18:02:17 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >


And here is the Extras:

OTL Extras logfile created on: 11/15/2010 7:39:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Petersen\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

16.00 Gb Total Physical Memory | 13.00 Gb Available Physical Memory | 83.00% Memory free
32.00 Gb Paging File | 29.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1381.17 Gb Total Space | 1122.15 Gb Free Space | 81.25% Space Free | Partition Type: NTFS
Drive K: | 7.55 Gb Total Space | 7.49 Gb Free Space | 99.14% Space Free | Partition Type: FAT32

Computer Name: PETERSEN-PC | User Name: Petersen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
"{34F43E2A-9462-133B-068F-B6D9015616EB}" = ATI AVIVO64 Codecs
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8DF9D3DF-6D03-A04F-217F-F2577D973DBE}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{AE0D971F-5430-8874-B09E-3F1C76E2F8FF}" = WMV9/VC-1 Video Playback
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D29E5E5F-47CA-087E-DCBF-FB75171D5B2E}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{135F49F2-9071-F45A-4263-DF7D42FBF7DD}" = CCC Help English
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3F66C4BF-4BD9-FF9C-FA9F-4579F60A33B3}" = Catalyst Control Center Graphics Previews Vista
"{3fcfa6ab-bd54-4615-b200-bf48fa80e93b}" = Nero 9 Essentials
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{733C5FC0-F0C4-405B-A983-61C24CC60E39}_is1" = Photo Frame
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A07D7AF9-BA12-D49D-9771-A102A4D5BD13}" = Catalyst Control Center InstallProxy
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A914AE85-1A36-0575-714C-BF996BDA20C7}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC015C45-1667-40A4-A126-966EE5629062}" = Quicken 2010
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AE249BA3-2421-3996-5E9A-DF4A9F3551FC}" = Catalyst Control Center InstallProxy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate™ II - Throne of Bhaal ™
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation®Network Downloader
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DB8B49A9-7CF1-34DB-6DF2-1EC41C0FE5E1}" = Catalyst Control Center Graphics Previews Common
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E8650C8D-CCB2-496E-816C-ECC54A7EE411}" = Civilization III Play the World
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F5C7EE-23BB-47A3-943E-9F290DD267F0}" = THX TruStudio PC
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Baldur's Gate & Tales of the Sword Coast" = Baldur's Gate & Tales of the Sword Coast
"Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Mission Shock Force_is1" = Combat Mission Shock Force
"Company of Heroes" = Company of Heroes
"ESET Online Scanner" = ESET Online Scanner v3
"Family Tree Maker 2010" = Family Tree Maker 2010
"FixRedirectVirus1.5" = FixRedirectVirus
"F-Secure Product 444" = Shaw Secure
"Gary Grigsby's War Between the States1.00" = Gary Grigsby's War Between the States
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"John Tiller's Campaign Series1.00" = John Tiller's Campaign Series
"KorsunPocket_v100" = Korsun Pocket v1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Medieval - Total War ™ - Viking Invasion ™" = Medieval - Total War ™ - Viking Invasion ™
"PremElem80" = Adobe Premiere Elements 8.0
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Sins of a Solar Empire" = Sins of a Solar Empire
"Steam App 10500" = Empire: Total War
"Steam App 34030" = Napoleon: Total War
"Steam App 8930" = Sid Meier's Civilization V
"WildTangent gateway Master Uninstall" = Gateway Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2010 4:01:31 PM | Computer Name = Petersen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 67389936

Error - 10/24/2010 4:01:31 PM | Computer Name = Petersen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 67389936

Error - 10/24/2010 5:01:32 PM | Computer Name = Petersen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/24/2010 5:01:32 PM | Computer Name = Petersen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998

Error - 10/24/2010 5:01:32 PM | Computer Name = Petersen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998

Error - 10/24/2010 5:01:33 PM | Computer Name = Petersen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/24/2010 5:01:33 PM | Computer Name = Petersen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1996

Error - 10/24/2010 5:01:33 PM | Computer Name = Petersen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1996

Error - 10/24/2010 5:01:34 PM | Computer Name = Petersen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/24/2010 5:01:34 PM | Computer Name = Petersen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2995

[ OSession Events ]
Error - 6/30/2010 3:05:53 PM | Computer Name = Petersen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/2/2010 10:46:54 PM | Computer Name = Petersen-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/2/2010 10:46:54 PM | Computer Name = Petersen-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/2/2010 10:46:54 PM | Computer Name = Petersen-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/2/2010 10:46:54 PM | Computer Name = Petersen-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/2/2010 10:46:54 PM | Computer Name = Petersen-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/2/2010 10:46:55 PM | Computer Name = Petersen-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 11/2/2010 10:46:56 PM | Computer Name = Petersen-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/2/2010 10:46:56 PM | Computer Name = Petersen-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/2/2010 10:46:56 PM | Computer Name = Petersen-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/3/2010 7:12:22 PM | Computer Name = Petersen-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{0A597C9E-08D7-43A8-AA17-66275658920A}
because another computer on the network has the same name. The server could not
start.


< End of report >



As disucssed above, here is my updateded DDS Log:

DDS (Ver_10-11-01.01) - NTFS_AMD64
Run by Petersen at 19:14:29.19 on 15/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.16343.13721 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\Shaw Secure\Common\FSMA32.EXE
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\Shaw Secure\Common\FSHDLL32.EXE
C:\Program Files (x86)\Shaw Secure\Common\FSHDLL64.EXE
C:\Windows\runservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files (x86)\Shaw Secure\ORSP Client\fsorsp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Shaw Secure\Anti-Virus\fssm32.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsav32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe
C:\Program Files (x86)\Shaw Secure\Common\FSM32.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Shaw Secure\Spam Control\fsscoepl_x64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Quicken\qw.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Petersen\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.google.ca/
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=fx6831&r=17360510n606p0495v115k4411r289
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=fx6831&r=17360510n606p0495v115k4411r289
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe"
mRun: [F-Secure Manager] "C:\Program Files (x86)\Shaw Secure\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\Quicken\ic2009pp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-9 55024]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Shaw Secure\HIPS\drivers\fshs.sys [2010-5-9 57920]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2010-5-9 44624]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2010-5-9 92160]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsvista.sys [2010-5-9 14904]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/02/09 20:38:05];C:\Program Files (x86)\CyberLink\PlayMovie\000.fcl [2010-2-9 146928]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-28 203264]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32st.exe [2010-5-9 215648]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2010-5-13 2560]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2007-8-13 11576]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-9 2314240]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-30 240160]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-28 7883264]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-28 285696]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-11-30 283824]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [2010-5-9 190120]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Shaw Secure\ORSP Client\fsorsp.exe [2010-5-9 64016]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-30 56344]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2010-2-9 25600]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-8-21 712704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-8 135664]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-9 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-9 79360]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-17 1255736]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\Shaw Secure\Anti-Virus\win2k\fsfilter.sys [2010-5-9 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\Shaw Secure\Anti-Virus\win2k\fsrec.sys [2010-5-9 25184]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2010-11-16 01:16:42 -------- d-----w- C:\Program Files\iPod
2010-11-16 01:16:41 -------- d-----w- C:\Program Files\iTunes
2010-11-16 01:16:41 -------- d-----w- C:\Program Files (x86)\iTunes
2010-11-16 01:08:45 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{97499849-F706-4281-87AD-2C88EDD4CD7B}\mpengine.dll
2010-11-03 02:51:59 -------- d-----w- C:\Users\Petersen\AppData\Roaming\Malwarebytes
2010-11-03 02:51:54 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-03 02:51:54 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-03 02:51:53 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-03 02:51:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-03 02:45:45 -------- d-----w- C:\Users\Petersen\AppData\Local\ElevatedDiagnostics
2010-11-03 02:28:48 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2010-11-03 02:28:28 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-11-01 02:17:30 -------- d-----w- C:\ATI
2010-11-01 01:06:35 -------- d-----w- C:\Program Files (x86)\ESET
2010-10-30 06:52:42 -------- d-----w- C:\Users\Petersen\AppData\Roaming\Windows Live Writer
2010-10-30 06:52:42 -------- d-----w- C:\Users\Petersen\AppData\Local\Windows Live Writer
2010-10-30 06:38:34 -------- d-----w- C:\Users\Petersen\AppData\Roaming\ParetoLogic
2010-10-30 06:38:34 -------- d-----w- C:\Users\Petersen\AppData\Roaming\DriverCure
2010-10-30 06:38:29 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2010-10-30 06:38:28 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2010-10-30 06:38:28 -------- d-----w- C:\PROGRA~3\ParetoLogic
2010-10-30 06:10:19 -------- d-----w- C:\Program Files (x86)\FixRedirectVirus
2010-10-27 13:54:12 -------- d-----w- C:\Windows\en
2010-10-27 13:52:37 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-10-27 13:51:51 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1af1bc741cb75de2d\InstallManager_WLE_WLE.exe
2010-10-27 13:51:39 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\148f94371cb75de22\MeshBetaRemover.exe
2010-10-27 13:51:28 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d919ee11cb75de1a\DSETUP.dll
2010-10-27 13:51:28 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d919ee11cb75de1a\DXSETUP.exe
2010-10-27 13:51:28 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d919ee11cb75de1a\dsetup32.dll
2010-10-27 13:51:27 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ce704821cb75de19\DSETUP.dll
2010-10-27 13:51:27 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ce704821cb75de19\DXSETUP.exe
2010-10-27 13:51:27 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ce704821cb75de19\dsetup32.dll
2010-10-27 13:51:02 -------- d-----w- C:\Users\Petersen\AppData\Local\Windows Live
2010-10-27 13:50:29 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-27 13:50:29 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-27 13:50:29 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-27 13:50:28 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-27 13:50:28 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-27 13:50:23 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-27 13:50:21 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-26 19:29:01 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-26 19:29:01 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-26 19:29:01 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-26 19:29:01 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-26 19:29:01 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-26 19:29:01 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-26 19:29:01 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-26 19:28:19 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

==================== Find3M ====================

2010-11-16 01:01:59 2601 --sha-w- C:\Windows\SysWow64\mmf.sys
2010-10-19 17:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-29 02:26:12 7883264 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-09-29 02:13:38 21344256 ----a-w- C:\Windows\System32\atio6axx.dll
2010-09-29 01:56:14 16201728 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-09-29 01:55:12 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-09-29 01:55:02 536576 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-09-29 01:54:02 628224 ----a-w- C:\Windows\System32\aticfx64.dll
2010-09-29 01:51:52 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-09-29 01:51:46 462336 ----a-w- C:\Windows\System32\atieclxx.exe
2010-09-29 01:51:08 203264 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-09-29 01:49:58 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-09-29 01:49:42 421376 ----a-w- C:\Windows\System32\atipdl64.dll
2010-09-29 01:49:34 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-09-29 01:49:24 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-09-29 01:49:18 12288 ----a-w- C:\Windows\System32\atimuixx.dll
2010-09-29 01:49:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-09-29 01:49:08 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-09-29 01:46:06 3953152 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-09-29 01:37:28 4660224 ----a-w- C:\Windows\System32\atidxx64.dll
2010-09-29 01:30:02 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-09-29 01:28:00 4077568 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-09-29 01:27:22 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-09-29 01:27:20 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-09-29 01:27:12 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-09-29 01:27:10 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-09-29 01:27:00 5470720 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-09-29 01:26:04 4407808 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-09-29 01:23:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-09-29 01:22:56 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-09-29 01:21:54 5240832 ----a-w- C:\Windows\System32\atiumd64.dll
2010-09-29 01:15:20 340480 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-09-29 01:15:12 241664 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-09-29 01:15:02 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-09-29 01:14:58 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-09-29 01:14:58 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-09-29 01:14:56 21504 ----a-w- C:\Windows\System32\atig6txx.dll
2010-09-29 01:14:52 19968 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-09-29 01:14:48 285696 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-09-29 01:14:06 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-09-29 01:14:00 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-09-29 01:13:54 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-09-29 01:13:44 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-09-29 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-09-29 01:09:32 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-09-29 01:09:32 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-09-29 01:09:24 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-09-29 01:09:24 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-09-27 02:35:45 724992 ----a-w- C:\Windows\iun6002.exe
2010-09-23 06:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 06:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 20:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 20:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-15 10:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 17:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 17:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 13:41:53 41624 ----a-w- C:\Windows\System32\drivers\fsbts.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 18:33:08 332800 ----a-w- C:\Windows\System32\ATIODE.exe
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 19:14:51.64 ===============

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:25 AM

Posted 16 November 2010 - 06:17 AM

Hi, out of curiosity, could you tell me where you got this and if you mean with "purchased" that you actually paid for it?

I purchased this tutorial "fix google redirect" with no luck


I think you're facing a router hijack here. Please reset your router and let me know if that takes care of the issue. You can usually reset your router by pushing the reset button with a small object for approx. 10 seconds when the router is powered off. If you are not sure, give me your router specs or contact your ISP to ask them how to do it.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Infanteer

Infanteer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 16 November 2010 - 09:30 AM

Elsie.

Hi, out of curiosity, could you tell me where you got this and if you mean with "purchased" that you actually paid for it?


What I purchased (for 30 bucks) was a tutorial program called "Fix Redirect Virus" - it doesn't actually do anything but provide a series of tutorials on how to run things like Combofix, etc, etc - essentially what you guys do here. He had some YouTube videos on his site and it seemed pretty effective. (I think it's a bit out of date and for a different problem) and it was before I discovered this resource. Call it a "1130 PM pissed off move" - my mistake.

I think you're facing a router hijack here. Please reset your router and let me know if that takes care of the issue. You can usually reset your router by pushing the reset button with a small object for approx. 10 seconds when the router is powered off. If you are not sure, give me your router specs or contact your ISP to ask them how to do it.


I reset the router and now it is an unsecured DLINK (vice my old secure named network) and at first glance, no redirects are occuring. Now I have to figure out how to secure my router again.

Thank you for the advice - I will monitor this for 48 hours and update this thread as to the status of my computer just to make sure all is well.

I am surprised it was something this simple - I do have a couple questions for you if you have the time:

1. How does a router hijack get on my system to hijack the router? It doesn't seem like a conventional virus that gets picked up by anti-virus software. So, in essence, how do I avoid getting this again?

2. Going off question 1, how do I ensure any "trace" effects of this are gone so that I know my system is free of bad programs and use data sticks between computers, etc, etc. I wouldn't want to take this to work.

Thank you very much for your time.

Inf

Edited by Infanteer, 16 November 2010 - 09:32 AM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:25 AM

Posted 16 November 2010 - 10:07 AM

Hi, that is indeed a scam. All tools (like combofix) and tutorials (as the ones available here at BC) are completely free. As a rule we use only freeware tools and it is a shame to see that others make profit of this.

Some information on router hijacks: http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html

To make sure your router cannot easily be hijacked again, consult this link to find out what is the default username and password of your router and note down them: Route Passwords
Now get to the routers server. To do that type http:\\192.168.0.1 in the address bar and press Enter. You get the log in window.
Fill in the password you have already found and you will get the configuration page.
Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
You can also call your ISP if you don't have your initial password.
Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Infanteer

Infanteer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 18 November 2010 - 06:51 PM

Well, it appears everything is back to normal and this problem can be closed. Thanks for the help Elise!

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:25 AM

Posted 19 November 2010 - 05:30 AM

I'm glad to hear that. :)

Closing this topic as requested. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users