Pending Google Redirect Virus-ish, but not.

Discussion in 'Virus, Spyware and Malware Removal' started by nitrox, Jun 23, 2011.

Recommended: Click here to Fix Errors and Optimize Windows

  1. nitrox Bronze Member

    Bronze
    Message Count:
    3
    Likes Received:
    0
    My System
    Loading...
    I thought I had the Google Redirect Virus, but I was looking through my computer when I found that under my name, there were two files. One which said "0.5596894947536396" and under it says Dr Link Library and one that says "msiexec" with Dr Link Library under it. I've tried deleting it, but it won't work. Someone please help me fix this.

    nitrox, Jun 23, 2011
    #1

  2. Crush Administrator & Security Team Leader

    Manager
    PCHF Staff
    Message Count:
    39,871
    Likes Received:
    3,650
    My System
    Loading...
    Hello nitrox,

    Please review the Prework link in my signature and step through the instructions. Once you have the 3 logs please attach them in your reply
    Crush, Jun 23, 2011
    #2

  3. nitrox Bronze Member

    Bronze
    Message Count:
    3
    Likes Received:
    0
    My System
    Loading...
    extras.txt:

    OTL Extras logfile created on: 6/23/2011 9:40:56 AM - Run 1
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Jennifer\Downloads
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16982)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.45% Memory free
    4.21 Gb Paging File | 3.17 Gb Available in Paging File | 75.32% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 151.80 Gb Free Space | 50.92% Space Free | Partition Type: NTFS
    Drive D: | 2.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: SCARLET | User Name: Jennifer | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07C1377E-D617-42DC-ABCD-EDB8782780AD}" = rport=139 | protocol=6 | dir=out | app=system |
    "{09EDB715-135F-4CE5-8FFD-F2BC29B1294C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{2F5CF14C-7C01-47F3-A18F-38080A8C7692}" = rport=445 | protocol=6 | dir=out | app=system |
    "{3EE23843-0361-40A3-8886-46DB359AADCD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{4A73FB88-F4D2-4609-8AC7-FC165E365943}" = rport=137 | protocol=17 | dir=out | app=system |
    "{51281713-D006-4DD5-842A-A385AFA56902}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{8142D6B1-ED61-4761-930E-26C0982992AF}" = rport=138 | protocol=17 | dir=out | app=system |
    "{ADA6C69E-37D5-49EC-AD64-C09C9EF07C35}" = lport=138 | protocol=17 | dir=in | app=system |
    "{BF83E65D-9745-4748-AD6E-96C3FC8F8C88}" = lport=139 | protocol=6 | dir=in | app=system |
    "{C6812989-6D6B-4560-A512-A727356EC6D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C90C536E-09B6-4CD0-83B9-56DB32BFD179}" = lport=445 | protocol=6 | dir=in | app=system |
    "{CABF8537-31D3-49C3-B4F6-E78F42CE2C4C}" = lport=137 | protocol=17 | dir=in | app=system |
    "{F8C6AC43-D155-4B6E-90D0-6802ECD05540}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{FCC14F13-2392-4100-8D29-AF48AA9F88F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01AF6EBA-942D-4175-9716-F17F03E91726}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{0B7EE3C9-BDCA-4BBE-B6D9-F3CE487A2EB8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\nitrojen4\counter-strike source\hl2.exe |
    "{28805D46-ED5C-4FCF-B62D-7B5A87AF5381}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{29EA8B67-74BA-4BF6-A481-C41B533FEF7F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{3290165B-B635-48B1-BC50-66069B1B8AF3}" = dir=in | app=c:\windows\system32\kbd10632.exe |
    "{34B54701-36D8-4B23-80B8-BB475BD1C33D}" = dir=in | app=c:\windows\system32\kbd10632.exe |
    "{4F6E93DB-7EBE-499F-BA49-C06E8462F43A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{5AC0660F-C8FC-4C7D-A854-70C3722948CE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
    "{6F0789EE-9FFD-4552-BF6C-9602AD5ADDF2}" = dir=in | app=c:\windows\system32\kbd10632.exe |
    "{73C718B4-6F01-408B-AF3D-212015CBFDCA}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{79BC78DF-41E6-453B-AB94-A9418644F829}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{978355F3-A252-45FB-B123-DC4752EBBEBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{991119FD-5259-4501-92F1-ED0242455AB5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\nitrojen4\counter-strike source\hl2.exe |
    "{B31981DB-E28A-44B3-B6A7-8CE0F1B3AF2B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{BC98C54E-3491-4CC8-BBBD-09DBE8EFDE5B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
    "{BEAD36B0-15AB-4B7A-83C8-555C84613A02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C361E5C9-A2CC-4996-AD14-52D67C914700}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
    "{D0502592-784A-46AF-A56E-2FF17D1FFD02}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{D6D9CF56-161A-4F37-9B82-BE20B08253E7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
    "{DFF400B4-2BFA-4A16-B975-D0F18F5E28DC}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{E5A91848-DDB6-4D04-A8AB-BEC85B8A2EF5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{F4A7F752-D29B-4FCE-B18D-4C5857ABA4A7}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "TCP Query User{225CBF84-AD86-456B-9DD6-CDB7106E88CD}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe |
    "TCP Query User{38371A2B-47EC-4419-925A-A32B6E4B6B34}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "TCP Query User{4ADD1FB4-7DB5-40FF-830F-45A655A22832}C:\users\jennifer\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\utorrent.exe |
    "TCP Query User{D9C65C49-3771-4871-92CB-35C6F35AAB49}C:\program files\steam\steamapps\nitrojen4\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\nitrojen4\team fortress 2\hl2.exe |
    "UDP Query User{860B1B74-0FF4-470A-A66B-B9E4FB9863E7}C:\program files\steam\steamapps\nitrojen4\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\nitrojen4\team fortress 2\hl2.exe |
    "UDP Query User{D73B0015-D566-4659-BFD8-30C800E69A75}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "UDP Query User{FAC6BC06-8CC1-488D-A78B-46D8A016607E}C:\users\jennifer\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\utorrent.exe |
    "UDP Query User{FAED9202-C32D-4100-93A2-FAA1A1EE6623}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
    "{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
    "{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
    "{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
    "{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
    "{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
    "{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
    "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
    "{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
    "{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
    "{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
    "{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
    "{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
    "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
    "{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
    "{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
    "{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
    "{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
    "{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
    "{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
    "{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
    "{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
    "{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
    "{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
    "{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
    "{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
    "{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
    "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
    "{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "ManyCam" = ManyCam 2.5.74 (remove only)
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "Pidgin" = Pidgin
    "Steam App 220" = Half-Life 2
    "Steam App 240" = Counter-Strike: Source
    "Steam App 260" = Counter-Strike: Source Beta
    "Steam App 340" = Half-Life 2: Lost Coast
    "Steam App 380" = Half-Life 2: Episode One
    "Steam App 400" = Portal
    "Steam App 420" = Half-Life 2: Episode Two
    "Steam App 440" = Team Fortress 2
    "Steam App 630" = Alien Swarm
    "uTorrent" = µTorrent
    "WinRAR archiver" = WinRAR 4.00 (32-bit)
    "Zune" = Zune

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >

    otl.txt:

    OTL logfile created on: 6/23/2011 9:40:51 AM - Run 1
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Jennifer\Downloads
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16982)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.45% Memory free
    4.21 Gb Paging File | 3.17 Gb Available in Paging File | 75.32% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 151.80 Gb Free Space | 50.92% Space Free | Partition Type: NTFS
    Drive D: | 2.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: SCARLET | User Name: Jennifer | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2011/06/23 09:38:51 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Downloads\OTL.exe
    PRC - [2011/06/18 08:29:12 | 000,769,536 | ---- | M] () -- C:\Users\Jennifer\REMOVE\msiexec.exe
    PRC - [2011/06/18 08:29:12 | 000,769,536 | ---- | M] () -- C:\Windows\System32\kbd10632.exe
    PRC - [2011/06/18 08:29:12 | 000,769,536 | ---- | M] () -- C:\ProgramData\iasads32.exe
    PRC - [2011/06/09 14:07:11 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
    PRC - [2010/12/13 23:22:05 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
    PRC - [2010/11/11 14:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
    PRC - [2010/09/21 17:54:33 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2010/09/21 17:35:12 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/08/25 06:49:32 | 001,713,448 | ---- | M] (ManyCam LLC) -- C:\Program Files\ManyCam\Bin\ManyCam.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/23 09:38:51 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Downloads\OTL.exe
    MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/06/18 08:29:12 | 000,769,536 | ---- | M] () [Auto | Running] -- C:\Windows\System32\kbd10632.exe -- (Apple Mobile Device32)
    SRV - [2011/06/09 14:07:11 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/11/11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV - [2010/11/11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2010/11/11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2010/09/21 17:54:33 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/02/11 03:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2010/02/11 03:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/10/07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Communicate Deluxe(UVC)
    DRV - [2009/09/01 10:40:42 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
    DRV - [2009/09/01 10:40:42 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
    DRV - [2009/09/01 10:40:42 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
    DRV - [2006/11/02 04:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2006/11/02 03:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 54 E0 15 16 F2 6E C3 44 87 07 C9 F5 90 5D DB 43 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 19:22:47 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/27 14:38:28 | 000,000,000 | ---D | M]

    [2010/09/20 21:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions
    [2011/06/22 21:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\p41muu5x.default\extensions
    [2010/09/22 06:01:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\p41muu5x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/03/24 18:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/21 15:26:16 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/11/21 09:15:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    File not found (No name found) --
    () (No name found) -- C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P41MUU5X.DEFAULT\EXTENSIONS\{6E764C17-863A-450F-BDD0-6772BD5AAA18}.XPI
    [2011/05/04 05:59:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2010/11/21 09:14:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/06/22 20:40:06 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {1615E054-6EF2-44C3-8707-C9F5905DDB43} - C:\Windows\System32\ATIDEMGX32.dll ()
    O2 - BHO: (f6f79997) - {4795A869-0C75-1911-6B23-2224CCBA6E48} - C:\ProgramData\ATIDEMGX32.dll (AIDEX Team)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
    O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\ProgramData\ATIDEMGX32.dll) - C:\ProgramData\ATIDEMGX32.dll (AIDEX Team)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Jennifer\Pictures\Backgrounds\01255_miscbutterfly_1600x1200.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Jennifer\Pictures\Backgrounds\01255_miscbutterfly_1600x1200.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{8034f4fd-3b65-11e0-8660-00e061060bb5}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
    O33 - MountPoints2\{8034f4fd-3b65-11e0-8660-00e061060bb5}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
    O33 - MountPoints2\{ac55f559-c5ce-11df-bbec-00e061060bb5}\Shell\AutoRun\command - "" = autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found


    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: AppMgmt - Service
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/22 21:52:54 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\REMOVE
    [2011/06/22 21:45:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\GooredFix Backups
    [2011/06/22 20:26:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/06/18 08:31:08 | 000,177,664 | ---- | C] (AIDEX Team) -- C:\ProgramData\ATIDEMGX32.dll
    [2011/06/02 07:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy-PizzaParty
    [2011/05/27 14:39:33 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Adobe
    [2011/05/27 14:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2011/05/27 14:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2011/05/27 14:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2011/05/26 21:59:38 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Broderbund
    [2011/05/26 21:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Broderbund
    [2011/05/26 16:53:09 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\FLVService

    ========== Files - Modified Within 30 Days ==========

    [2011/06/23 09:36:45 | 000,000,079 | ---- | M] () -- C:\ProgramData\5604cec5
    [2011/06/23 09:32:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/06/23 09:32:17 | 000,004,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/23 09:32:17 | 000,004,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/22 21:49:21 | 000,626,738 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/06/22 21:49:21 | 000,107,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/06/22 21:41:58 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/22 21:41:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
    [2011/06/22 20:40:06 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2011/06/18 08:31:09 | 000,000,097 | ---- | M] () -- C:\Windows\System32\2083184309
    [2011/06/18 08:31:08 | 000,177,664 | ---- | M] (AIDEX Team) -- C:\ProgramData\ATIDEMGX32.dll
    [2011/06/18 08:31:06 | 000,349,696 | ---- | M] () -- C:\Windows\System32\ATIDEMGX32.dll
    [2011/06/18 08:29:12 | 000,769,536 | ---- | M] () -- C:\Windows\System32\kbd10632.exe
    [2011/06/18 08:29:12 | 000,769,536 | ---- | M] () -- C:\ProgramData\iasads32.exe
    [2011/06/02 07:07:31 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Farm Frenzy Pizza Party.lnk
    [2011/05/31 14:27:42 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\Diner Dash 2.lnk
    [2011/05/27 14:38:28 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

    ========== Files Created - No Company Name ==========

    [2011/06/18 09:44:03 | 000,000,079 | ---- | C] () -- C:\ProgramData\5604cec5
    [2011/06/18 08:31:09 | 000,769,536 | ---- | C] () -- C:\ProgramData\iasads32.exe
    [2011/06/18 08:31:07 | 000,769,536 | ---- | C] () -- C:\Windows\System32\kbd10632.exe
    [2011/06/18 08:31:07 | 000,000,097 | ---- | C] () -- C:\Windows\System32\2083184309
    [2011/06/18 08:31:06 | 000,349,696 | ---- | C] () -- C:\Windows\System32\ATIDEMGX32.dll
    [2011/06/02 07:07:31 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Farm Frenzy Pizza Party.lnk
    [2011/05/31 14:27:42 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\Diner Dash 2.lnk
    [2011/05/27 14:38:28 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2011/05/27 14:38:28 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2010/09/28 16:30:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/09/21 18:49:49 | 000,015,872 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/21 15:27:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/02/11 01:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2009/10/07 08:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2009/04/23 18:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:47:37 | 000,228,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:33:01 | 000,626,738 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 06:33:01 | 000,107,508 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

    ========== LOP Check ==========

    [2011/04/10 21:48:09 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\.purple
    [2011/04/23 07:43:23 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Awem
    [2011/05/26 21:59:38 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Broderbund
    [2010/09/21 20:34:36 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\ManyCam
    [2011/05/04 16:02:49 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\NCH Swift Sound
    [2011/05/31 14:28:40 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PlayFirst
    [2011/06/22 20:21:33 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\uTorrent
    [2011/01/28 09:10:49 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\World-LooM
    [2011/06/22 21:41:10 | 000,031,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2010/09/21 18:17:06 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/03/07 17:20:58 | 000,000,353 | -HS- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\*.exe >
    [2011/05/04 05:59:36 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
    [2011/05/04 05:59:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    [2011/05/04 05:59:36 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    [2011/05/04 05:59:36 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/09/20 21:20:16 | 000,000,402 | -HS- | M] () -- C:\Users\Jennifer\Favorites\desktop.ini
    [2011/05/04 16:05:42 | 000,000,510 | ---- | M] () -- C:\Users\Jennifer\Favorites\NCH Software Download.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/06/23 09:36:45 | 000,000,079 | ---- | M] () -- C:\ProgramData\5604cec5
    [2011/06/18 08:31:08 | 000,177,664 | ---- | M] (AIDEX Team) -- C:\ProgramData\ATIDEMGX32.dll
    [2011/06/18 08:29:12 | 000,769,536 | ---- | M] () -- C:\ProgramData\iasads32.exe

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\system32\*.exe /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %systemroot%\system32\*.sys >
    [2006/11/02 03:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
    [2010/09/21 17:28:39 | 000,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
    [2006/11/02 03:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
    [2006/11/02 03:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
    [2006/11/02 03:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
    [2006/11/02 03:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
    [2006/11/02 03:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
    [2006/11/02 03:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
    [2006/11/02 03:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
    [2006/11/02 03:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
    [2006/11/02 03:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
    [2006/11/02 03:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
    [2006/11/02 03:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
    [2006/11/02 03:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
    [2006/11/02 03:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
    [2006/11/02 03:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
    [2010/09/21 19:21:02 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

    < %systemroot%\system32\drivers\*.dll >
    [2010/02/11 00:34:44 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

    < %systemroot%\system32\drivers\*.ini >

    < %systemroot%\system32\drivers\*.exe >

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2006/11/02 05:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
    [2010/09/21 00:44:05 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/06/22 21:41:58 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
    [2010/02/24 16:11:31 | 000,000,348 | -H-- | M] () -- C:\IPH.PH
    [2011/06/22 21:41:57 | 2459,828,224 | -HS- | M] () -- C:\pagefile.sys
    [2011/06/22 21:47:54 | 000,056,970 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_22.06.2011_21.47.03_log.txt

    < %PROGRAMFILES%\*. >
    [2011/05/27 14:36:58 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2011/05/05 19:20:51 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
    [2010/09/28 16:27:13 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
    [2010/09/28 16:31:54 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
    [2011/05/05 19:18:40 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
    [2011/05/27 14:36:58 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2011/06/22 22:17:44 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2011/05/17 15:32:15 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2011/05/05 19:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
    [2011/05/05 19:24:53 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
    [2010/11/21 09:14:34 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2010/09/21 20:34:21 | 000,000,000 | ---D | M] -- C:\Program Files\ManyCam
    [2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
    [2011/06/17 10:48:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2011/03/07 20:56:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
    [2010/09/21 18:12:08 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2011/05/04 05:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
    [2010/09/21 15:23:14 | 000,000,000 | ---D | M] -- C:\Program Files\Pidgin
    [2011/05/05 19:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
    [2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2010/09/21 15:26:16 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
    [2011/06/22 21:43:38 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
    [2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2010/09/21 18:43:53 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
    [2010/09/21 18:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
    [2006/11/02 08:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
    [2010/09/21 18:12:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
    [2006/11/02 08:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
    [2010/09/21 18:12:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
    [2010/09/21 18:11:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2006/11/02 08:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
    [2010/09/22 03:18:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
    [2011/03/07 19:39:18 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2010/12/25 12:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\Zune

    < %appdata%\*.* >


    < MD5 for: AGP440.SYS >
    [2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
    [2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
    [2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

    < MD5 for: AHCIX86S.SYS >
    [2008/01/16 20:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=8DC09F3B54DDCAEB52E0DCFA1D55B26A -- C:\ATI\SUPPORT\8-5_vista32_dd_ccc_wdm_enu_63036\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
    [2007/04/16 18:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:\ATI\SUPPORT\8-5_vista32_dd_ccc_wdm_enu_63036\Packages\Drivers\SBDrv\SB6xx\RAID\LH64A\ahcix86s.sys

    < MD5 for: ATAPI.SYS >
    [2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
    [2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
    [2010/09/21 17:36:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
    [2010/09/21 17:36:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
    [2010/09/21 17:36:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
    [2010/09/21 17:36:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
    [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

    < MD5 for: DISK.SYS >
    [2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
    [2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\drivers\disk.sys
    [2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

    < MD5 for: IASTORV.SYS >
    [2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
    [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
    [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
    [2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
    [2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
    [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
    [2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
    [2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
    [2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

    < MD5 for: USBSTOR.SYS >
    [2010/09/21 17:51:53 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\drivers\USBSTOR.SYS
    [2010/09/21 17:51:53 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
    [2010/09/21 17:51:53 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
    [2010/09/21 17:51:53 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
    [2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
    [2006/11/02 04:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-22 18:21:38

    < End of report >
    nitrox, Jun 23, 2011
    #3

  4. Google Advertisement

  5. nitrox Bronze Member

    Bronze
    Message Count:
    3
    Likes Received:
    0
    My System
    Loading...
    nitrox, Jun 23, 2011
    #4

  6. Crush Administrator & Security Team Leader

    Manager
    PCHF Staff
    Message Count:
    39,871
    Likes Received:
    3,650
    My System
    Loading...
    Hi,


    There are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    Please note that as long as you are using any form of P2P networking to download files you can anticipate infestations of malware to occur.

    P2P file sharing used to be fairly safe. This is no longer true; continue to use P2P sharing at your own risk!

    Keep in mind that this practice may be the source of your current malware infestation.

    References... citing the risk factors, of using P2P programs:
    Malware: Help prevent the Infection
    Perils of P2P File Sharing
    How to Prevent the Online Invasion of Spyware and Adware

    I strongly recommend that you uninstall:


    µTorrent

    You can do so using the Control Panel >> Add or Remove Programs function. However, that choice is up to you.

    As long as you have the P2P program(s) installed, per PCHF Policy, We can offer you no further assistance.

    If you choose to remove these programs, when finished: Please generate a new set of OTL logs and we'll go from there. Please attach them in your reply rather than pasting them in
    Crush, Jun 23, 2011
    #5

  7. AFREEZA New Member

    Message Count:
    1
    Likes Received:
    0
    My System
    Loading...
    Security advice removed
    AFREEZA, Apr 28, 2012
    #6

Google Redirect Virus-ish, but not.

Recommended: Click here to Fix Errors and Optimize Windows