Solved RootKit Virus

computer is better than it has been since i bought it! no redirects or pop up messages, can access all updates, pages open fast, no blue screens, no hanging programmes.
pretty great in fact.
thanks!

 

scrOTL logfile created on: 8/06/2011 1:54:24 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\George\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.75% Memory free
4.21 Gb Paging File | 2.76 Gb Available in Paging File | 65.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 21.35 Gb Free Space | 19.16% Space Free | Partition Type: NTFS
Drive D: | 104.90 Gb Total Space | 24.51 Gb Free Space | 23.37% Space Free | Partition Type: NTFS
Drive E: | 13.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GEORGE-LAPTOP | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

 

PRC - [2011/06/02 12:06:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
PRC - [2011/05/26 06:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\George\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/10 22:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 22:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/04/30 11:53:31 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/12 15:32:06 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/01/12 15:13:16 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/09/08 22:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/22 11:02:06 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008/03/21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/12 12:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/03/11 19:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/05 16:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 16:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/21 12:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/12/07 09:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/24 18:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

========== Modules (SafeList) ==========

MOD - [2011/06/02 12:06:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
MOD - [2011/05/10 22:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/03/12 02:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2007/04/24 18:49:40 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtMmHook.dll
MOD - [2007/04/24 18:44:26 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (wlcrasvc)
SRV - File not found [On_Demand | Stopped] -- -- (fsssvc)
SRV - [2011/05/10 22:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/12 15:32:06 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2011/01/12 15:13:16 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/12/08 13:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/09/08 22:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/22 11:02:06 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008/03/21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/05 16:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/12/07 09:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2011/05/10 22:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 22:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 22:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 21:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 21:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 21:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/07 04:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel(R)
DRV - [2010/07/30 13:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 13:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 13:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 13:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/03/08 09:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/08/05 05:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009/04/11 14:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/22 11:02:34 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008/03/21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/02/29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/09 05:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2006/11/02 23:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1683990558-1774061058-3973947450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1683990558-1774061058-3973947450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1683990558-1774061058-3973947450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1683990558-1774061058-3973947450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1683990558-1774061058-3973947450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo "
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} "
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811 "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.6.0
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {ea0969b3-6e12-4ac0-b6c9-148e81247954}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=toolbar2&q= "


FF - HKLM\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox
FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/04 11:42:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/03/21 16:17:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{080676DE-4AF4-435C-A0E8-747B2BB1568C}: C:\Users\George\AppData\Local\{080676DE-4AF4-435C-A0E8-747B2BB1568C}
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 11:53:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 17:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2011/01/31 16:05:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/04 11:42:13 | 000,000,000 | ---D | M]

[2009/05/15 15:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
[2011/05/21 09:28:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\rvvnwmxv.default\extensions
[2011/05/28 13:32:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\rvvnwmxv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/28 13:32:36 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\rvvnwmxv.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2011/05/28 13:32:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\rvvnwmxv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/28 13:32:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\rvvnwmxv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/28 13:32:37 | 000,000,000 | ---D | M] (Messenger Plus Live Australia Community Toolbar) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\rvvnwmxv.default\extensions\{ea0969b3-6e12-4ac0-b6c9-148e81247954}
[2011/05/28 13:32:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\rvvnwmxv.default\extensions\engine@conduit.com
[2011/05/28 13:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\rvvnwmxv.default\extensions\ffxtlbr@babylon.com
[2009/09/30 09:08:32 | 000,000,888 | ---- | M] () -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\rvvnwmxv.default\searchplugins\conduit.xml
[2009/04/24 01:42:09 | 000,001,632 | ---- | M] () -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\rvvnwmxv.default\searchplugins\live-search.xml
[2011/03/24 08:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/24 22:49:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/02 23:47:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/23 19:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
[2010/12/23 19:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\youtubedownloader@mybrowserbar.com
File not found (No name found) --
() (No name found) -- C:\USERS\GEORGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RVVNWMXV.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011/04/30 11:53:31 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/27 21:50:56 | 000,002,423 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2011/03/24 09:09:08 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/08 12:18:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1683990558-1774061058-3973947450-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1683990558-1774061058-3973947450-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1683990558-1774061058-3973947450-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\George\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1683990558-1774061058-3973947450-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1683990558-1774061058-3973947450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1683990558-1774061058-3973947450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1683990558-1774061058-3973947450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1683990558-1774061058-3973947450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\George\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\George\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/08 13:53:05 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2011/06/08 12:22:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/08 12:22:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/08 12:22:35 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\temp
[2011/06/08 12:04:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/08 12:04:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/08 12:04:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/08 12:00:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/08 11:59:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/07 20:56:53 | 000,000,000 | R--D | C] -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows
[2011/06/07 20:51:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows
[2011/06/07 20:35:25 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\George\Desktop\aswMBR.exe
[2011/06/07 16:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/06/07 15:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2011/06/07 15:50:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/07 15:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/06/07 14:40:01 | 004,114,696 | R--- | C] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
[2011/06/06 21:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/06 21:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/05/31 10:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\mD28258LfMkB28258
[2011/05/30 12:52:08 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Apple Computer
[2011/05/24 10:08:18 | 000,000,000 | ---D | C] -- C:\Adobe
[2011/05/18 23:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/05/15 22:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(154)
[2011/05/13 19:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\aM34811JgHmH34811
[1 C:\Users\George\AppData\Local\*.tmp files -> C:\Users\George\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/08 13:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/08 13:11:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 13:11:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 13:09:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1683990558-1774061058-3973947450-1000UA.job
[2011/06/08 13:09:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1683990558-1774061058-3973947450-1000Core.job
[2011/06/08 12:34:39 | 000,000,333 | ---- | M] () -- C:\Users\George\Desktop\[Active] RootKit Virus - Page 2.url
[2011/06/08 12:18:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/08 11:57:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/08 11:11:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/06/08 01:59:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/07 21:13:27 | 000,164,352 | ---- | M] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 20:58:19 | 000,001,537 | ---- | M] () -- C:\Users\George\Desktop\Windows Explorer.lnk
[2011/06/07 20:31:45 | 000,139,264 | ---- | M] () -- C:\Users\George\Desktop\RKUnhookerLE.EXE
[2011/06/07 16:23:14 | 000,000,658 | ---- | M] () -- C:\Users\George\Desktop\portable_uruninstaller.lnk
[2011/06/07 16:08:43 | 000,000,104 | ---- | M] () -- C:\Users\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook - Shortcut.lnk
[2011/06/07 16:04:00 | 000,625,848 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/07 16:04:00 | 000,115,454 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/07 14:53:46 | 000,000,907 | ---- | M] () -- C:\Users\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/07 14:40:01 | 004,114,696 | R--- | M] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
[2011/06/07 14:33:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/06/07 14:33:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/06/07 14:33:02 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/06/06 20:14:40 | 000,000,000 | ---- | M] () -- C:\Users\George\AppData\Local\{8DCEA48B-1233-49E7-AB34-3B229F6FA2AF}
[2011/06/05 11:37:50 | 000,000,000 | ---- | M] () -- C:\Users\George\AppData\Local\{55EAC99F-779F-4B12-A714-A00D321798B7}
[2011/06/03 10:26:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc2184e61cf292.job
[2011/06/02 12:16:36 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\George\Desktop\aswMBR.exe
[2011/06/02 12:06:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2011/05/30 18:25:09 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 14:12:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/28 14:04:57 | 000,000,906 | ---- | M] () -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/28 13:07:59 | 000,011,748 | -HS- | M] () -- C:\Users\George\AppData\Local\vj28e45p48j4ud2it7f60757238g166fes853a7b58t8w4j
[2011/05/28 13:07:59 | 000,011,748 | -HS- | M] () -- C:\ProgramData\vj28e45p48j4ud2it7f60757238g166fes853a7b58t8w4j
[2011/05/10 22:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 22:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 22:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 22:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 22:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 21:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 21:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 21:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Users\George\AppData\Local\*.tmp files -> C:\Users\George\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/08 12:34:39 | 000,000,333 | ---- | C] () -- C:\Users\George\Desktop\[Active] RootKit Virus - Page 2.url
[2011/06/08 12:04:12 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/08 12:04:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/08 12:04:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/08 12:04:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/08 12:04:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/07 20:58:19 | 000,001,537 | ---- | C] () -- C:\Users\George\Desktop\Windows Explorer.lnk
[2011/06/07 20:32:29 | 000,139,264 | ---- | C] () -- C:\Users\George\Desktop\RKUnhookerLE.EXE
[2011/06/07 16:23:14 | 000,000,658 | ---- | C] () -- C:\Users\George\Desktop\portable_uruninstaller.lnk
[2011/06/07 16:08:43 | 000,000,104 | ---- | C] () -- C:\Users\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook - Shortcut.lnk
[2011/06/07 14:33:02 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/06/06 20:14:40 | 000,000,000 | ---- | C] () -- C:\Users\George\AppData\Local\{8DCEA48B-1233-49E7-AB34-3B229F6FA2AF}
[2011/06/05 11:37:50 | 000,000,000 | ---- | C] () -- C:\Users\George\AppData\Local\{55EAC99F-779F-4B12-A714-A00D321798B7}
[2011/06/03 10:26:36 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc2184e61cf292.job
[2011/05/30 18:25:09 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/28 13:04:57 | 000,011,748 | -HS- | C] () -- C:\Users\George\AppData\Local\vj28e45p48j4ud2it7f60757238g166fes853a7b58t8w4j
[2011/05/28 13:03:03 | 000,011,748 | -HS- | C] () -- C:\ProgramData\vj28e45p48j4ud2it7f60757238g166fes853a7b58t8w4j
[2011/05/07 18:41:25 | 000,010,768 | -HS- | C] () -- C:\Users\George\AppData\Local\go2n3m44mx5oqb8kpjht117f671t8u8u0jpxv8j6414k8x2
[2011/05/07 18:41:25 | 000,010,768 | -HS- | C] () -- C:\ProgramData\go2n3m44mx5oqb8kpjht117f671t8u8u0jpxv8j6414k8x2
[2011/04/25 10:01:52 | 000,002,028 | -HS- | C] () -- C:\Users\George\AppData\Local\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3
[2011/04/25 10:01:52 | 000,002,028 | -HS- | C] () -- C:\ProgramData\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3
[2011/04/19 09:05:07 | 000,009,738 | -HS- | C] () -- C:\Users\George\AppData\Local\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/19 09:05:07 | 000,009,738 | -HS- | C] () -- C:\ProgramData\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/03/23 20:23:03 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/03/23 20:23:03 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/03/23 20:23:01 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2011/03/23 20:23:01 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/03/23 20:23:01 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2010/09/27 17:44:46 | 000,000,680 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps.dat
[2010/01/29 21:20:41 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/06 21:27:37 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/12/06 21:27:35 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/06 21:27:33 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/06 21:27:33 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/06 21:27:29 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/03 21:00:59 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/12/03 21:00:59 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/12/03 21:00:59 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/12/03 21:00:59 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/12/03 21:00:59 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/12/03 21:00:59 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/12/03 21:00:59 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/12/03 21:00:59 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/12/03 21:00:59 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/12/03 21:00:59 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/12/03 21:00:59 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/12/03 21:00:59 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/12/03 21:00:59 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/12/03 21:00:59 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/12/03 21:00:59 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/12/03 21:00:59 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/12/03 21:00:59 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/12/03 21:00:59 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/12/03 21:00:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/08/08 17:46:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/08 17:46:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/04 17:38:07 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/06/30 17:47:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/17 22:21:56 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/05/11 18:54:35 | 000,000,681 | ---- | C] () -- C:\Windows\mozver.dat
[2009/04/25 13:26:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/24 11:43:19 | 000,164,352 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/24 09:59:41 | 000,002,299 | ---- | C] () -- C:\Users\George\AppData\Roaming\acervcmtmp.ini
[2009/04/24 01:44:24 | 000,000,299 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/24 00:59:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/23 11:50:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/23 11:42:08 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/04/23 11:42:08 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/04/23 11:42:07 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/03/21 17:40:31 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/03/21 17:40:31 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/03/21 17:01:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/03/21 16:57:18 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/03/21 16:52:58 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/03/21 16:52:58 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/03/21 16:51:44 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/03/21 01:32:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 18:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 18:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 18:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/02/05 16:48:49 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/02/05 16:48:49 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/02/05 16:48:49 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/02/05 16:48:49 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/11/14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007/04/24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 000,300,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,625,848 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,115,454 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/01/20 20:12:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2001/12/27 09:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 16:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 09:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 15:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/03/21 17:16:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/03/21 17:16:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008/03/21 17:16:03 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Acer GameZone Console
[2011/04/15 11:47:24 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\FlashGet
[2011/04/15 11:45:42 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\GrabPro
[2010/11/01 19:58:53 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Validity
[2009/04/23 14:16:27 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Acer
[2008/03/21 17:16:03 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Acer GameZone Console
[2011/06/08 12:36:45 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Dropbox
[2009/04/24 10:50:53 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\FlashGet
[2011/01/19 12:07:15 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Leadertech
[2011/03/04 15:33:23 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Nokia
[2011/03/04 15:33:31 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Nokia Ovi Suite
[2010/12/23 19:27:59 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Orbit
[2009/12/10 22:36:34 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Panasonic
[2009/04/24 15:23:55 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\PC Suite
[2010/11/01 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\URSoft
[2009/04/23 11:37:50 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Validity
[2008/03/21 17:16:03 | 000,000,000 | ---D | M] -- C:\Users\Herbalife\AppData\Roaming\Acer GameZone Console
[2010/11/01 20:07:26 | 000,000,000 | ---D | M] -- C:\Users\Herbalife\AppData\Roaming\Validity
[2011/06/08 01:59:12 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 16:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2004/03/01 01:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp
[2011/06/08 11:11:11 | 2451,238,912 | -HS- | M] () -- C:\pagefile.sys
[2009/04/23 11:45:39 | 000,000,058 | ---- | M] () -- C:\Partition.txt
[2008/03/21 16:53:14 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2006/11/02 22:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 22:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 22:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/08/08 18:01:39 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 07:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/05/16 04:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDA5.DLL
[2010/05/16 04:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPA5.DLL
[2006/11/02 22:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 12:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/10 22:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 12:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 13:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 13:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 13:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/07 14:53:46 | 000,000,286 | -HS- | M] () -- C:\Users\George\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/06/02 12:16:36 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\George\Desktop\aswMBR.exe
[2011/06/07 14:40:01 | 004,114,696 | R--- | M] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
[2011/06/02 12:06:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2011/06/07 20:31:45 | 000,139,264 | ---- | M] () -- C:\Users\George\Desktop\RKUnhookerLE.EXE

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/08/08 18:12:05 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/04/24 04:20:04 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/04/24 04:20:04 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/08/08 18:12:05 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/23 11:34:11 | 000,000,402 | -HS- | M] () -- C:\Users\George\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/05/07 18:43:29 | 000,010,768 | -HS- | M] () -- C:\ProgramData\go2n3m44mx5oqb8kpjht117f671t8u8u0jpxv8j6414k8x2
[2011/04/25 10:03:55 | 000,002,028 | -HS- | M] () -- C:\ProgramData\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3
[2011/04/19 17:27:32 | 000,009,738 | -HS- | M] () -- C:\ProgramData\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/05/28 13:07:59 | 000,011,748 | -HS- | M] () -- C:\ProgramData\vj28e45p48j4ud2it7f60757238g166fes853a7b58t8w4j

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
Acer Crystal Eye webcam.EXE

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

 

OTL Extras logfile created on: 8/06/2011 1:54:24 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\George\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.75% Memory free
4.21 Gb Paging File | 2.76 Gb Available in Paging File | 65.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 21.35 Gb Free Space | 19.16% Space Free | Partition Type: NTFS
Drive D: | 104.90 Gb Total Space | 24.51 Gb Free Space | 23.37% Space Free | Partition Type: NTFS
Drive E: | 13.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GEORGE-LAPTOP | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1683990558-1774061058-3973947450-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1683990558-1774061058-3973947450-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0129064A-ACDD-4766-A55A-A14F91909D2E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6262FA3F-E547-4AF8-880C-19E7A4D30C4B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{98E3BCB2-D180-478E-B042-01DD558374F4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A860AA39-C268-4475-8E60-96A5A1F490D2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E623608A-2EAF-4635-8D8D-F83CB7F2DC21}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F6009B20-5B19-4567-86E4-1005297CE9CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0416EEE2-77A5-4964-B875-AA47E17F5FB1}" = protocol=6 | dir=in | app=c:\users\george\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{154C439B-C280-41C4-BCBE-75F6232096E5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1AB01F90-C8D9-490C-8C18-510D8B93FD34}" = protocol=17 | dir=in | app=c:\users\george\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{34308169-A6D3-466A-8381-2314C04603F1}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{42CA0490-360C-44C2-B42E-6306220307A2}" = protocol=17 | dir=in | app=c:\downloads\setup-msgplus-501.exe |
"{52EFD899-405B-48BD-8177-40AF0989B39F}" = protocol=6 | dir=in | app=c:\downloads\setup-msgplus-501.exe |
"{59103B14-55A3-4B3F-A0F0-1FA9A4DBF183}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6CEE7A7F-DD8F-4A27-948B-7CB5F6CBC7E5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{7EBC5F92-C09D-49FD-AAA1-34ACE52E51DE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{89A86A7E-74AA-4474-BF25-CE5206CF42E5}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{92604344-C67E-420A-8646-A87882CBCFBB}" = protocol=17 | dir=in | app=c:\users\george\appdata\roaming\dropbox\bin\dropbox.exe |
"{975562B4-AD6D-4336-A374-5878D05A312B}" = protocol=6 | dir=in | app=c:\users\george\appdata\roaming\dropbox\bin\dropbox.exe |
"{9760FBD1-5A46-4022-83B1-2E4F4923E28D}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{A00D405C-6C0F-4AAA-8770-1C79D2377D2F}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{A9D04EB0-7AB0-4016-87E8-0BA04E30F782}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AA020BA8-6A99-4B63-AFCB-DFF621FF9DA9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B0D6A975-C143-4552-9D1C-051306D65D43}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B8331240-FCCB-4370-8E59-777682A177FA}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{BC24146F-82BD-4C12-BDE9-1B1281CA7210}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{DE78E8E2-7C2F-45D4-B2B0-94C72574E509}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{E09502F9-8921-49AF-A000-02F12646F216}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{E0BA460F-59CB-4870-8546-7B541D993FBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

 

"{E18ED7B5-DC10-4535-8D70-EDF3B7351039}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E489A7D9-B777-409F-AC3D-A2D1B7C9EEE9}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{E534D281-A6E9-4AA0-BB66-71A7CF6FEFCC}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{F354F89D-2CF0-4A6D-90B4-508E9B59C56F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{FA076F2F-909C-4F2D-958A-E766AF72A4DF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FEE6146F-FF33-41E5-88D6-A550CFB90D21}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"TCP Query User{34C72754-FFF7-404F-86B2-77486B28881D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{38F586D5-1D17-4D8A-9439-7B6C2B4D546E}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{3CCF2D30-FA86-47FB-B09F-DB5FB34EA9F8}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{582C0DB1-5F09-4908-85AD-9BCCC55F589E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5EB7F82F-FE40-4782-A749-1C5D2369B937}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{7D491F8C-D881-4C72-AD57-C13AC966C212}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{86A70681-9D74-4C3A-85FA-24839A9F761E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{8B747F38-1B79-4435-A7DA-54EBB3E1637E}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{A02C27DB-7356-4AC8-82F7-0EA062B9D6F7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D527FDF0-0C19-4062-82F2-5BEAEB851939}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{E494B7D1-1382-4A29-8A78-C3C81D67A087}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{201A1513-07F4-430B-8295-041BC28572F1}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{71191C4F-E1F2-47DB-A700-968A888F4B51}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{838B734D-4A63-408C-AA5F-B2AABFA849EB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9C1D1BB8-ABF4-4029-A5C2-5ABC72C1BEA6}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{9F224EBE-BA1D-4280-A3B8-2EC2B3D0C0C9}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{A251709D-3BCC-4129-9213-2FA1BA9A803E}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{B1BBF291-F400-4FF1-BC9E-9E620B22C598}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CCC86BA8-6F79-49D4-B308-6B560D381AE0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ECEA0FB6-E67D-45E2-940C-E0E15BA27E97}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{F96276EE-B652-41C3-9493-46E0E899B5A2}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{FDD9DB01-F3A4-43C5-ABC6-C9A903E3F3A4}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{0E95DA08-2514-4399-AD87-349C350FA9DE}" = Intel(R) PROSet/Wireless WiFi Software
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
"{1226B9A5-FBFD-4120-9AED-08CABCDAF3AB}" = Nokia Ovi Player
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Deluxe
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4423F16-0E98-4855-BFF4-3EF016C55D67}" = Nokia_Multimedia_Common_Components_2_5
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

 

"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB613A9-F311-4DBC-B838-14C5DA2B95B7}" = Nokia Ovi Suite Software Updater
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast" = avast! Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FlashGet" = FlashGet 1.9.6.1073
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Firefox 4.0b8 (x86 en-US)" = Mozilla Firefox 4.0b8 (x86 en-US)
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.8
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Orbit_is1" = Orbit Downloader
"ProInst" = Intel PROSet Wireless
"RealAlt_is1" = Real Alternative 2.0.2
"Replay Video Capture3.1B" = Replay Video Capture
"Speccy" = Speccy
"Speed Dial Utility" = Canon Speed Dial Utility
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"vShare" = vShare Plugin
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1683990558-1774061058-3973947450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/08/2009 8:36:40 PM | Computer Name = George-Laptop | Source = avast! | ID = 33554522
Description =

Error - 9/08/2009 8:39:46 PM | Computer Name = George-Laptop | Source = avast! | ID = 33554522
Description =

Error - 9/08/2009 8:44:42 PM | Computer Name = George-Laptop | Source = avast! | ID = 33554522
Description =

Error - 26/11/2009 12:54:33 AM | Computer Name = George-Laptop | Source = avast! | ID = 33554522
Description =

Error - 26/11/2009 12:54:33 AM | Computer Name = George-Laptop | Source = avast! | ID = 33554522
Description =

Error - 26/11/2009 12:54:42 AM | Computer Name = George-Laptop | Source = avast! | ID = 33554522
Description =

Error - 26/11/2009 12:54:43 AM | Computer Name = George-Laptop | Source = avast! | ID = 33554522
Description =

Error - 26/11/2009 12:54:43 AM | Computer Name = George-Laptop | Source = avast! | ID = 33554522
Description =

Error - 26/11/2009 12:54:43 AM | Computer Name = George-Laptop | Source = avast! | ID = 33554522
Description =

Error - 16/12/2009 1:48:27 AM | Computer Name = George-Laptop | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 7/06/2011 1:48:23 AM | Computer Name = George-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/06/2011 1:48:23 AM | Computer Name = George-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/06/2011 1:48:23 AM | Computer Name = George-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/06/2011 1:48:23 AM | Computer Name = George-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/06/2011 1:48:23 AM | Computer Name = George-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/06/2011 1:48:23 AM | Computer Name = George-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/06/2011 1:57:38 AM | Computer Name = George-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/06/2011 2:05:56 AM | Computer Name = George-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/06/2011 9:11:43 PM | Computer Name = George-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/06/2011 9:19:51 PM | Computer Name = George-Laptop | Source = VSS | ID = 12297
Description =

[ System Events ]
Error - 7/06/2011 2:01:43 AM | Computer Name = George-Laptop | Source = Service Control Manager | ID = 7034
Description =

Error - 7/06/2011 4:17:21 AM | Computer Name = George-Laptop | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 7/06/2011 7:33:41 AM | Computer Name = George-Laptop | Source = volsnap | ID = 393252
Description = The shadow copies of volume D: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 7/06/2011 9:19:51 PM | Computer Name = George-Laptop | Source = volsnap | ID = 393225
Description = The flush and hold writes operation on volume C: timed out while waiting
for file system cleanup.

Error - 7/06/2011 9:57:27 PM | Computer Name = George-Laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 7/06/2011 9:57:40 PM | Computer Name = George-Laptop | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.6 for the Network Card with network
address 00215C11D57B has been denied by the DHCP server 10.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/06/2011 10:06:50 PM | Computer Name = George-Laptop | Source = Service Control Manager | ID = 7034
Description =

Error - 7/06/2011 10:06:55 PM | Computer Name = George-Laptop | Source = Service Control Manager | ID = 7030
Description =

Error - 7/06/2011 10:12:45 PM | Computer Name = George-Laptop | Source = Service Control Manager | ID = 7030
Description =

Error - 7/06/2011 10:18:54 PM | Computer Name = George-Laptop | Source = Service Control Manager | ID = 7030
Description =


< End of report >

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0000036B-C524-4050-81A0-243669A86B9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000036B-C524-4050-81A0-243669A86B9F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
Folder C:\ProgramData\mD28258LfMkB28258\ not found.
Folder C:\ProgramData\aM34811JgHmH34811\ not found.
C:\Users\George\AppData\Local\BITC94C.tmp deleted successfully.
C:\Users\George\AppData\Local\vj28e45p48j4ud2it7f60757238g166fes853a7b58t8w4j moved successfully.
C:\ProgramData\vj28e45p48j4ud2it7f60757238g166fes853a7b58t8w4j moved successfully.
C:\Users\George\AppData\Local\go2n3m44mx5oqb8kpjht117f671t8u8u0jpxv8j6414k8x2 moved successfully.
C:\ProgramData\go2n3m44mx5oqb8kpjht117f671t8u8u0jpxv8j6414k8x2 moved successfully.
C:\Users\George\AppData\Local\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3 moved successfully.
C:\ProgramData\gw43yhj5e1a8x0764bv3cw2jyf3p6016on281od3 moved successfully.
C:\Users\George\AppData\Local\q45f63b3111o63c2hk0htmd5p3j4poe moved successfully.
C:\ProgramData\q45f63b3111o63c2hk0htmd5p3j4poe moved successfully.
ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.
ADS C:\ProgramData\TEMP:8CE646EE deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Evan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: George
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 2188611 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35625914 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Herbalife
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Evan
->Flash cache emptied: 0 bytes

User: George
->Flash cache emptied: 0 bytes

User: Herbalife
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06082011_145647

Files\Folders moved on Reboot...
C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YHXXVN98\background_button_green_full[1].png moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.3.181.14
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

 

est is taking agessss sorry

 

EST produced no log. says no infections found

installing foxit

 

adobe uninsalled and foxit installed and working well. Thanks!

 

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Evan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: George
->Temp folder emptied: 884965 bytes
->Temporary Internet Files folder emptied: 8917690 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42019953 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Herbalife
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27245 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Evan
->Flash cache emptied: 0 bytes

User: George
->Flash cache emptied: 0 bytes

User: Herbalife
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.23.0 log created on 06092011_122456

Files\Folders moved on Reboot...
C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXA7UZCH\background_button_green_full[1].png moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...