Awesome, thanks! Here you go.
_____________________________________________
========== PROCESSES ==========
All processes killed
========== OTL ==========
No active process named 7D1EA.exe was found!
No active process named D72.exe was found!
No active process named lvvm.exe was found!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{08a4f3d8-73a4-4212-b58c-2840ab3578ca} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08a4f3d8-73a4-4212-b58c-2840ab3578ca}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08A4F3D8-73A4-4212-B58C-2840AB3578CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08A4F3D8-73A4-4212-B58C-2840AB3578CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\D72.exe deleted successfully.
C:\Users\Chad\AppData\Roaming\Microsoft\EA43\D72.exe moved successfully.
File \Users\Chad\AppData\Roaming\79553\lvvm.exe) -C:\Users\Chad\AppData\Roaming\79553\lvvm.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Chad\AppData\Roaming\79553\lvvm.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lockcast.com\www\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Chad\AppData\Roaming\38979\7D1EA.exe deleted successfully.
File \Users\Chad\AppData\Roaming\38979\7D1EA.exe) -C:\Users\Chad\AppData\Roaming\38979\7D1EA.exe not found.
C:\Users\Chad\AppData\Roaming\79553 folder moved successfully.
C:\Users\Chad\AppData\Roaming\38979 folder moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Users\Chad\AppData\Roaming\16F9B folder moved successfully.
Folder C:\Users\Chad\AppData\Roaming\38979\ not found.
Folder C:\Users\Chad\AppData\Roaming\79553\ not found.
C:\Users\Chad\AppData\Roaming\9BB26 folder moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chad\Desktop\virus 2011\cmd.bat deleted successfully.
C:\Users\Chad\Desktop\virus 2011\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >0 File(s) copied
C:\Users\Chad\Desktop\virus 2011\cmd.bat deleted successfully.
C:\Users\Chad\Desktop\virus 2011\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >0 File(s) copied
C:\Users\Chad\Desktop\virus 2011\cmd.bat deleted successfully.
C:\Users\Chad\Desktop\virus 2011\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >0 File(s) copied
C:\Users\Chad\Desktop\virus 2011\cmd.bat deleted successfully.
C:\Users\Chad\Desktop\virus 2011\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >0 File(s) copied
C:\Users\Chad\Desktop\virus 2011\cmd.bat deleted successfully.
C:\Users\Chad\Desktop\virus 2011\cmd.txt deleted successfully.
File\Folder C:\Users\Chad\AppData\Roaming\38979 not found.
C:\Users\Chad\AppData\Roaming\Microsoft\EA43 folder moved successfully.
File\Folder C:\Users\Chad\AppData\Roaming\79553 not found.
File\Folder C:\Windows\Tasks\At*.job not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Chad
->Java cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Chad
->Flash cache emptied: 47200 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12062011_174506
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
__________________________________________________________
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-06 17:52:43
-----------------------------
17:52:43.934 OS Version: Windows 6.0.6001 Service Pack 1
17:52:43.934 Number of processors: 2 586 0x301
17:52:43.934 ComputerName: CHADLAPTOP UserName: Chad
17:52:52.545 Initialize success
17:53:05.548 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
17:53:05.548 Disk 0 Vendor: WDC_WD1200BEVS-60UST0 01.01A01 Size: 114473MB BusType: 3
17:53:07.591 Disk 0 MBR read successfully
17:53:07.591 Disk 0 MBR scan
17:53:07.607 Disk 0 unknown MBR code
17:53:07.607 Disk 0 scanning sectors +234434560
17:53:07.701 Disk 0 scanning C:\Windows\system32\drivers
17:53:16.764 Service scanning
17:53:18.059 Modules scanning
17:53:22.645 Disk 0 trace - called modules:
17:53:22.708 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:53:22.708 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851ce400]
17:53:22.708 3 CLASSPNP.SYS[807a3745] -> nt!IofCallDriver -> [0x84a4e950]
17:53:22.723 5 acpi.sys[806116a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x840d0ba0]
17:53:22.723 Scan finished successfully
17:53:45.312 Disk 0 MBR has been saved successfully to "C:\Users\Chad\Desktop\virus 2011\MBR.dat"
17:53:45.328 The log file has been saved successfully to "C:\Users\Chad\Desktop\virus 2011\aswMBR.txt"
___________________________________________________________________________
OTL logfile created on: 12/6/2011 5:59:18 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chad\Desktop\virus 2011
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 61.37% Memory free
3.74 Gb Paging File | 2.81 Gb Available in Paging File | 75.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.93 Gb Total Space | 61.92 Gb Free Space | 60.75% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.73 Gb Free Space | 17.58% Space Free | Partition Type: NTFS
Computer Name: CHADLAPTOP | User Name: Chad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/11/24 10:49:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\virus 2011\OTL.exe
PRC - [2011/11/09 17:44:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/01 18:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/07/04 19:42:41 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/03 15:34:39 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 13:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/02/11 07:48:00 | 000,480,264 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
PRC - [2008/04/26 02:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/02 06:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
========== Modules (No Company Name) ========== MOD - [2011/11/09 17:44:10 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/08/21 21:38:54 | 005,969,360 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008/06/11 23:18:38 | 000,120,216 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008/06/11 23:18:36 | 000,259,480 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2008/06/11 23:18:34 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2008/06/11 23:17:08 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
========== Win32 Services (SafeList) ========== SRV - [2011/07/04 19:42:41 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/03 15:34:39 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/04/26 02:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ========== DRV - [2011/07/04 19:42:42 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/04 19:42:42 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 13:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/11 07:47:48 | 000,156,552 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mausbft.sys -- (MAUSBFT)
DRV - [2008/07/11 12:31:00 | 007,530,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/06/05 10:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 13:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/27 12:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 16:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 07:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/17 17:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...avilion&pf=cnnbIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...avilion&pf=cnnb IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-365443478-1480907561-30040671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...avilion&pf=cnnbIE - HKU\S-1-5-21-365443478-1480907561-30040671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://search.condui...&ctid=CT3001705IE - HKU\S-1-5-21-365443478-1480907561-30040671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKU\S-1-5-21-365443478-1480907561-30040671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-365443478-1480907561-30040671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-365443478-1480907561-30040671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Quixley_v2b Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "
http://search.condui...={searchTerms}"FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..keyword.URL: "
http://search.condui...rchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Chad\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/11 14:22:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 17:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 06:03:51 | 000,000,000 | ---D | M]
[2008/11/28 14:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions
[2011/12/02 19:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\od5fcwnc.default\extensions
[2011/12/01 19:50:47 | 000,000,000 | ---D | M] (Quixley_v2b Community Toolbar) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\od5fcwnc.default\extensions\{08a4f3d8-73a4-4212-b58c-2840ab3578ca}(28)
[2011/07/12 20:19:05 | 000,000,000 | ---D | M] (SocialRibbons LP2) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\od5fcwnc.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}
[2011/12/02 19:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\od5fcwnc.default\extensions\staged(27)
[2011/12/06 17:48:44 | 000,000,000 | ---D | M] (WindowShopper) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\od5fcwnc.default\extensions\
[email protected][2011/07/12 20:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\od5fcwnc.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}\chrome\content\dca\core\extensionManager
[2011/06/23 13:30:48 | 000,000,925 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\od5fcwnc.default\searchplugins\conduit.xml
[2011/07/12 20:19:53 | 000,009,965 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\od5fcwnc.default\searchplugins\mywebsearch.xml
[2011/03/31 20:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 17:44:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/09 20:56:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 17:44:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ========== O1 HOSTS File: ([2011/12/06 17:45:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-365443478-1480907561-30040671-1000..\Run: [Facebook Update] C:\Users\Chad\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKU\S-1-5-21-365443478-1480907561-30040671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-365443478-1480907561-30040671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-365443478-1480907561-30040671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6EC1223-5CF3-44E0-AD85-FAE65C70892E}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-365443478-1480907561-30040671-1000 Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/11 13:50:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-365443478-1480907561-30040671-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2011/12/06 17:47:23 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Chad\Desktop\aswMBR.exe
[2011/12/06 17:45:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/24 11:15:28 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/24 10:48:36 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\virus 2011
[2011/11/14 17:34:37 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Facebook
[2011/11/08 06:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/11/07 20:34:51 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\Cali 2011
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/12/06 17:50:37 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/06 17:50:37 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/06 17:47:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Chad\Desktop\aswMBR.exe
[2011/12/06 17:46:57 | 000,248,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/06 17:46:48 | 000,000,246 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/12/06 17:46:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 17:46:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 17:46:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/06 17:45:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/05 21:16:48 | 000,248,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/05 20:39:05 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-365443478-1480907561-30040671-1000UA.job
[2011/12/05 17:39:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-365443478-1480907561-30040671-1000Core.job
[2011/12/04 20:55:22 | 000,002,595 | ---- | M] () -- C:\Users\Chad\Desktop\Microsoft Word.lnk
[2011/12/02 20:09:17 | 000,055,641 | ---- | M] () -- C:\Users\Chad\Desktop\twilight.jpg
[2011/11/29 17:48:30 | 000,007,505 | ---- | M] () -- C:\Users\Chad\Desktop\attachment(2).ashx
[2011/11/29 17:48:13 | 000,007,505 | ---- | M] () -- C:\Users\Chad\Desktop\attachment(1).ashx
[2011/11/29 17:48:04 | 000,007,505 | ---- | M] () -- C:\Users\Chad\Desktop\attachment.ashx
[2011/11/16 23:08:00 | 000,036,864 | ---- | M] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/11 19:43:30 | 000,074,832 | ---- | M] () -- C:\Users\Chad\Desktop\newhallsalary.pdf
[2011/11/08 17:43:27 | 000,073,085 | ---- | M] () -- C:\Users\Chad\Desktop\carmensmile.jpg
[2011/11/08 06:22:25 | 000,177,664 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\firefox.exe
[2011/11/07 21:05:22 | 000,177,664 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\wmplayer.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/12/02 20:09:17 | 000,055,641 | ---- | C] () -- C:\Users\Chad\Desktop\twilight.jpg
[2011/11/29 17:48:29 | 000,007,505 | ---- | C] () -- C:\Users\Chad\Desktop\attachment(2).ashx
[2011/11/29 17:48:13 | 000,007,505 | ---- | C] () -- C:\Users\Chad\Desktop\attachment(1).ashx
[2011/11/29 17:48:04 | 000,007,505 | ---- | C] () -- C:\Users\Chad\Desktop\attachment.ashx
[2011/11/14 17:34:43 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-365443478-1480907561-30040671-1000UA.job
[2011/11/14 17:34:42 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-365443478-1480907561-30040671-1000Core.job
[2011/11/11 19:43:30 | 000,074,832 | ---- | C] () -- C:\Users\Chad\Desktop\newhallsalary.pdf
[2011/11/08 17:43:26 | 000,073,085 | ---- | C] () -- C:\Users\Chad\Desktop\carmensmile.jpg
[2011/11/07 20:35:24 | 000,177,664 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\wmplayer.exe
[2011/10/16 09:52:26 | 000,177,664 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\firefox.exe
[2009/02/21 21:32:59 | 000,007,592 | ---- | C] () -- C:\Users\Chad\AppData\Local\d3d9caps.dat
[2008/12/15 19:00:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/28 19:06:13 | 000,036,864 | ---- | C] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/28 09:58:27 | 000,248,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/11/28 09:58:01 | 000,248,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/10/08 17:36:55 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/08/11 14:05:13 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/01/20 20:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,297,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/08/06 21:16:34 | 000,045,056 | ---- | C] () -- C:\Windows\OTS_UI.EXE
========== LOP Check ========== [2011/07/22 12:42:08 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Acoustica
[2009/01/12 21:50:40 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Crayon Physics Deluxe
[2011/12/06 17:47:11 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Dropbox
[2011/07/27 08:39:43 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\GetRightToGo
[2010/10/07 15:43:23 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\ICAClient
[2009/06/01 18:20:23 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\muvee Technologies
[2008/12/23 13:20:31 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\NCH Swift Sound
[2009/08/08 21:33:33 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\PlayFirst
[2008/11/30 17:35:40 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Super-Cow
[2011/07/22 12:57:34 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\SynthMaker
[2011/06/13 13:13:50 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Unity
[2008/11/28 09:56:21 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\WildTangent
[2011/12/05 17:39:05 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-365443478-1480907561-30040671-1000Core.job
[2011/12/05 20:39:05 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-365443478-1480907561-30040671-1000UA.job
[2011/12/06 17:45:29 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe
[2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/01/20 20:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 20:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/09 17:44:10 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/09 17:44:10 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/09 17:44:10 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/09 17:44:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/09 17:44:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/09 17:44:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2008/01/20 20:23:50 | 000,625,664 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/09 17:44:10 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/09 17:44:10 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/09 17:44:10 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/09 17:44:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/09 17:44:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/09 17:44:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2008/01/20 20:23:50 | 000,625,664 | ---- | M] (Microsoft Corporation)
< C:\Windows\assembly\tmp\U\*.* /s >< End of report >
______________________________________________________________________________
OTL Extras logfile created on: 12/6/2011 5:59:18 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chad\Desktop\virus 2011
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 61.37% Memory free
3.74 Gb Paging File | 2.81 Gb Available in Paging File | 75.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.93 Gb Total Space | 61.92 Gb Free Space | 60.75% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.73 Gb Free Space | 17.58% Space Free | Partition Type: NTFS
Computer Name: CHADLAPTOP | User Name: Chad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-365443478-1480907561-30040671-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-365443478-1480907561-30040671-1000]
"EnableNotificationsRef" = 2
"EnableNotifications" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09299410-832E-4261-8E77-EDD716CBAD94}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1FAFB9E9-C38E-4266-9C6C-1EF5FD7001D6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3DF47EDF-6044-4F09-A7EB-627E4E174757}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{445C883C-71DB-425C-8851-F147A6D64ACF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{561377B9-36DB-4BF6-96B7-4B00ECA4D983}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BE9E307A-29EA-4FC4-B04A-311CEB449270}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4135FD4-8FFF-4A56-AAC1-F912B36345D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1B8064E-28A0-40FD-BF4B-EBBB2625FBD6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DB54E5-04C2-41EC-96FE-CCCF0C3BE847}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2745BBE1-D8DF-4D3E-A7A6-DBEB445B8F45}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4D88F9B5-0A7E-406E-8A5E-D953D184DF18}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{53A672E4-CE22-4C41-9A5D-0E84DDFEA1EF}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{54F4F3EE-BBA8-4822-A2BD-EF8430D4B894}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{562D153A-244B-4167-872E-C5AF80E3FC5F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{59639179-9648-43CC-A7ED-65A81095A8FD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{842B7AF2-6A05-4DFD-9B08-4CA6A71EB74B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{872D0836-493A-4541-986C-9FB6BCFCA5C2}" = dir=in | app=c:\users\chad\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{8F78E3F4-89F4-4A8F-8338-BD001DA72E56}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9ECA344C-088D-4425-BAAD-7B8B57162963}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{B1CE5338-20BF-4F68-B6B6-996944C9A6E5}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{B9DD911E-1966-4F26-9E97-06B36E8D2F6E}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{BB9356B4-D4BC-4DAD-B3AC-A77CC0FA28A6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D7BA198F-EB15-4F28-92FA-9CAB2165E5C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EAD465E8-3680-44DC-B509-62F191DFEE26}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FD3C97DA-046E-46EE-BEAB-A367C9742662}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{0EFAF3B0-971D-473B-BA52-3BAB9A2C132D}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"TCP Query User{2AECD448-9096-4829-831C-D27D6D5CAAFF}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"TCP Query User{818A3CB4-30F6-49C5-A5E0-6E3155651CB9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CB281532-2E6A-4164-A5AB-B5D60972B3D3}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{217B97FE-2785-43FE-B705-0D76DD008923}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"UDP Query User{4068B725-7BF3-476C-AC25-98AF958A0637}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6772FA22-5C42-45ED-B045-793571575C16}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{EC64F058-78CC-48AC-ABE1-11E432FE4E83}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{07D4A7C5-C55C-45B5-9E86-D8068D25EF40}" = Fast Track
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}" = HP Deskjet 1000 J110 series Basic Device Software
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"Acoustica Effects Pack" = Acoustica Effects Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AP Tuner 3.08" = AP Tuner 3.08
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Desktop Taipei_is1" = Desktop Taipei version 2.2
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NVIDIA Drivers" = NVIDIA Drivers
"OtsTurntables Free" = OtsTurntables Free 1.00.027
"ReadPlease 2003_is1" = ReadPlease 2003/ReadPlease PLUS 2003
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-365443478-1480907561-30040671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 9/6/2010 9:06:40 AM | Computer Name = Chadlaptop | Source = WinMgmt | ID = 10
Description =
Error - 9/7/2010 9:49:29 PM | Computer Name = Chadlaptop | Source = WinMgmt | ID = 10
Description =
Error - 9/7/2010 9:50:07 PM | Computer Name = Chadlaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/8/2010 6:25:27 PM | Computer Name = Chadlaptop | Source = WinMgmt | ID = 10
Description =
Error - 9/8/2010 6:25:30 PM | Computer Name = Chadlaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/9/2010 7:24:45 AM | Computer Name = Chadlaptop | Source = WinMgmt | ID = 10
Description =
Error - 9/9/2010 7:25:45 AM | Computer Name = Chadlaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/9/2010 7:41:34 PM | Computer Name = Chadlaptop | Source = WinMgmt | ID = 10
Description =
Error - 9/9/2010 7:41:35 PM | Computer Name = Chadlaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/10/2010 8:03:28 AM | Computer Name = Chadlaptop | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 12/31/2008 2:32:45 PM | Computer Name = Chadlaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 6/24/2009 11:42:13 PM | Computer Name = Chadlaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 12/31/2010 9:26:47 PM | Computer Name = Chadlaptop | Source = Service Control Manager | ID = 7011
Description =
Error - 1/1/2011 1:29:28 PM | Computer Name = Chadlaptop | Source = HTTP | ID = 15016
Description =
Error - 1/1/2011 1:32:24 PM | Computer Name = Chadlaptop | Source = HTTP | ID = 15016
Description =
Error - 1/1/2011 1:32:40 PM | Computer Name = Chadlaptop | Source = Service Control Manager | ID = 7000
Description =
Error - 1/1/2011 2:27:49 PM | Computer Name = Chadlaptop | Source = HTTP | ID = 15016
Description =
Error - 1/1/2011 2:28:07 PM | Computer Name = Chadlaptop | Source = Service Control Manager | ID = 7000
Description =
Error - 1/1/2011 2:32:00 PM | Computer Name = Chadlaptop | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.65 for the Network Card with network
address 00234D2CBE66 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 1/1/2011 6:37:28 PM | Computer Name = Chadlaptop | Source = HTTP | ID = 15016
Description =
Error - 1/1/2011 6:37:41 PM | Computer Name = Chadlaptop | Source = Service Control Manager | ID = 7000
Description =
Error - 1/1/2011 6:39:55 PM | Computer Name = Chadlaptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:38:17 PM on 1/1/2011 was unexpected.
< End of report >