Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Alureon.tk / Sirefef.j [Closed]

Started by gfawkes , Dec 03 2011 11:39 AM

This topic is locked

#1
gfawkes

Posted 03 December 2011 - 11:39 AM

New Member

Member
3 posts

Hi, Microsoft Security Essentials has detected alureon.tk and sirefef.j on my Vista Dell XPS Studio laptop. It is quite frustrating as my computer will not start properly. I can get the computer going by doing a system restore dureing start up repairs. I would be soo happy to get this fixed. Im entering exams for school and this has been a big headache. My dds log is provided below:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29
Run by Michael at 12:30:27 on 2011-12-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.5885.3508 [GMT -5:00]
.
SP: McAfee VirusScan *Enabled/Updated* {91492D4B-0869-000E-929C-AE00AA450731}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~2\mcafee\msc\mcuimgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\splwow64.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - C:\Program Files (x86)\GetRight\xx2gr.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\PROGRA~2\mcafee\msk\mcapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
mRun: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [FAStartup]
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B032ED4B-9B1F-4BCF-B2A3-AC49F8AFA23E} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IE to GetRight Helper: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll
BHO-X64: McAfee Phishing Filter: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~2\mcafee\msk\mcapbho.dll
BHO-X64: McAntiPhishingBHO - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [FAStartup]
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n9tpb8rm.default\
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2008-11-10 2344200]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-3-21 358224]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2009-3-21 695624]
R3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S1 cbwmplkk;cbwmplkk;\??\C:\Windows\system32\drivers\cbwmplkk.sys --> C:\Windows\system32\drivers\cbwmplkk.sys [?]
S1 cntgdhdn;cntgdhdn;\??\C:\Windows\system32\drivers\cntgdhdn.sys --> C:\Windows\system32\drivers\cntgdhdn.sys [?]
S1 crlgogpw;crlgogpw;\??\C:\Windows\system32\drivers\crlgogpw.sys --> C:\Windows\system32\drivers\crlgogpw.sys [?]
S1 cyhknacf;cyhknacf;\??\C:\Windows\system32\drivers\cyhknacf.sys --> C:\Windows\system32\drivers\cyhknacf.sys [?]
S1 hpnkwtoa;hpnkwtoa;\??\C:\Windows\system32\drivers\hpnkwtoa.sys --> C:\Windows\system32\drivers\hpnkwtoa.sys [?]
S1 mtbvxgce;mtbvxgce;\??\C:\Windows\system32\drivers\mtbvxgce.sys --> C:\Windows\system32\drivers\mtbvxgce.sys [?]
S1 qbdebhiv;qbdebhiv;\??\C:\Windows\system32\drivers\qbdebhiv.sys --> C:\Windows\system32\drivers\qbdebhiv.sys [?]
S1 qojhexjc;qojhexjc;\??\C:\Windows\system32\drivers\qojhexjc.sys --> C:\Windows\system32\drivers\qojhexjc.sys [?]
S1 ttburfmp;ttburfmp;\??\C:\Windows\system32\drivers\ttburfmp.sys --> C:\Windows\system32\drivers\ttburfmp.sys [?]
S1 tvdaqlaq;tvdaqlaq;\??\C:\Windows\system32\drivers\tvdaqlaq.sys --> C:\Windows\system32\drivers\tvdaqlaq.sys [?]
S1 ulbpgvnc;ulbpgvnc;\??\C:\Windows\system32\drivers\ulbpgvnc.sys --> C:\Windows\system32\drivers\ulbpgvnc.sys [?]
S1 vgwxlpjg;vgwxlpjg;\??\C:\Windows\system32\drivers\vgwxlpjg.sys --> C:\Windows\system32\drivers\vgwxlpjg.sys [?]
S1 xcwvsdvi;xcwvsdvi;\??\C:\Windows\system32\drivers\xcwvsdvi.sys --> C:\Windows\system32\drivers\xcwvsdvi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-3-21 153408]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-1-2 366152]
.
=============== Created Last 30 ================
.
2011-12-03 17:26:56 48464 ----a-w- C:\Windows\System32\drivers\tvdaqlaq.sys
2011-12-03 17:24:56 48464 ----a-w- C:\Windows\System32\drivers\cntgdhdn.sys
2011-12-03 17:12:33 48464 ----a-w- C:\Windows\System32\drivers\hpnkwtoa.sys
2011-12-03 17:10:59 48464 ----a-w- C:\Windows\System32\drivers\qbdebhiv.sys
2011-12-03 16:54:19 48464 ----a-w- C:\Windows\System32\drivers\cyhknacf.sys
2011-12-03 16:53:14 48464 ----a-w- C:\Windows\System32\drivers\mtbvxgce.sys
2011-12-03 16:52:07 48464 ----a-w- C:\Windows\System32\drivers\qojhexjc.sys
2011-12-03 16:48:28 48464 ----a-w- C:\Windows\System32\drivers\crlgogpw.sys
2011-12-03 05:35:56 48464 ----a-w- C:\Windows\System32\drivers\ulbpgvnc.sys
2011-12-03 05:05:41 48464 ----a-w- C:\Windows\System32\drivers\ttburfmp.sys
2011-12-03 04:22:56 48464 ----a-w- C:\Windows\System32\drivers\cbwmplkk.sys
2011-12-03 03:54:53 48464 ----a-w- C:\Windows\System32\drivers\vgwxlpjg.sys
2011-12-03 03:42:32 48464 ----a-w- C:\Windows\System32\drivers\xcwvsdvi.sys
2011-12-03 03:38:43 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{338E61FC-F13A-40F7-96DF-09A6B56EADA9}\gapaengine.dll
2011-12-03 03:38:37 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E46FC314-9891-4F32-8AC8-96EE3B45163C}\offreg.dll
2011-12-03 03:38:35 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E46FC314-9891-4F32-8AC8-96EE3B45163C}\mpengine.dll
2011-12-03 03:38:23 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-01 20:09:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-12-01 20:08:46 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-12-01 20:08:02 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-11-30 03:43:27 -------- d-----we C:\Windows\system64
2011-11-09 21:13:13 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2011-11-09 21:13:13 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 21:13:10 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-11-09 21:13:10 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 21:12:40 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 21:12:40 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 21:12:40 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2011-11-06 17:02:21 -------- d-----w- C:\Program Files (x86)\Cisco
.
==================== Find3M ====================
.
2011-12-03 16:46:27 17408 ----a-w- C:\Windows\System32\rpcnetp.exe
2011-12-03 03:31:05 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2011-12-03 03:31:05 17408 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-12-03 03:30:10 17408 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2011-11-30 03:43:34 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-23 04:52:37 58288 ------w- C:\Windows\SysWow64\rpcnet.exe
2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 12:31:13.07 ===============

Attached Files

Attach.txt 7.68KB 110 downloads

#2
Essexboy

Posted 03 December 2011 - 01:45 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there I have two programmes for you to run

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
gfawkes

Posted 03 December 2011 - 04:58 PM

New Member

Topic Starter
Member
3 posts

I ran both progams, I've included the logs you requested below. Thanks tons for your help.

ComboFix 11-12-03.01 - Michael 12/03/2011 16:54:16.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.5885.3510 [GMT -5:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
SP: McAfee VirusScan *Enabled/Updated* {91492D4B-0869-000E-929C-AE00AA450731}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Hotspot Shield\HssIE\HsSIe.dll
c:\users\Michael\Documents\~WRL0001.tmp
c:\users\Michael\Documents\~WRL0002.tmp
c:\users\Michael\Documents\~WRL0003.tmp
c:\users\Michael\Documents\~WRL0057.tmp
c:\users\Michael\Documents\~WRL0142.tmp
c:\users\Michael\Documents\~WRL0521.tmp
c:\users\Michael\Documents\~WRL1191.tmp
c:\users\Michael\Documents\~WRL1201.tmp
c:\users\Michael\Documents\~WRL1640.tmp
c:\users\Michael\Documents\~WRL1973.tmp
c:\users\Michael\Documents\~WRL2130.tmp
c:\users\Michael\Documents\~WRL3907.tmp
c:\users\Michael\Documents\~WRL4058.tmp
c:\windows\iun6002.exe
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-03 22:09 . 2011-12-03 22:09 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E46FC314-9891-4F32-8AC8-96EE3B45163C}\offreg.dll
2011-12-03 22:06 . 2011-12-03 22:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-03 03:38 . 2011-12-03 03:38 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{338E61FC-F13A-40F7-96DF-09A6B56EADA9}\gapaengine.dll
2011-12-03 03:38 . 2011-11-21 08:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E46FC314-9891-4F32-8AC8-96EE3B45163C}\mpengine.dll
2011-12-03 03:38 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-12-01 20:09 . 2011-12-01 20:09 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-01 20:08 . 2011-12-01 20:09 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-01 20:08 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-09 21:13 . 2011-09-20 21:06 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:13 . 2011-09-20 14:04 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 21:13 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 21:13 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 21:12 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:12 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-09 21:12 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-06 17:02 . 2011-11-06 17:02 -------- d-----w- c:\program files (x86)\Cisco
2011-11-06 16:56 . 2011-11-06 16:56 -------- d-----w- c:\users\Michael\AppData\Roaming\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-03 22:09 . 2009-03-21 04:43 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-12-03 22:09 . 2009-09-06 13:58 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2011-12-03 03:31 . 2009-03-21 04:45 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-12-03 03:30 . 2009-03-21 04:43 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2011-11-30 03:43 . 2011-08-17 21:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-23 04:52 . 2009-09-06 13:58 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2011-10-03 09:06 . 2010-06-25 01:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-06 13:56 . 2011-10-13 00:36 2764288 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2008-11-10 95496]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2008-11-10 19:16 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-03-21 18:32]
.
2011-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-03-21 18:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2010-06-23 02:49 284208 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-12 1657128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-01 15869984]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-01 82464]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-02-01 89120]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 4119552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF27733.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=14196&l=dis
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - c:\program files (x86)\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files (x86)\GetRight\GRbrowse.htm
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n9tpb8rm.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Convert PowerPoint_is1 - c:\program files (x86)\Softinterface
AddRemove-EO_Video_1.3 - c:\windows\iun6002.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\mcafee.com\agent\mcagent.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\progra~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~2\mcafee\msc\mcuimgr.exe
c:\program files (x86)\Microsoft Office\Office12\WINWORD.EXE
.
**************************************************************************
.
Completion time: 2011-12-03 17:25:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-03 22:25
.
Pre-Run: 7,958,794,240 bytes free
Post-Run: 7,164,080,128 bytes free
.
- - End Of File - - 10932C25D65A0E0D01CAD650CFC371B9

_____________________________________________________________________________________________________________________

OTL logfile created on: 12/3/2011 5:34:55 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.94 Gb Available Physical Memory | 68.60% Memory free
11.66 Gb Paging File | 9.72 Gb Available in Paging File | 83.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.99 Gb Total Space | 6.79 Gb Free Space | 2.40% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.52 Gb Free Space | 50.14% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/03 16:42:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2011/10/22 23:52:37 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/22 21:48:00 | 000,348,208 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2008/12/17 23:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
PRC - [2008/11/10 14:17:02 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2008/11/10 14:17:00 | 001,836,296 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2008/11/10 14:16:36 | 002,344,200 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2007/12/11 12:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/12/05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/11/26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/03/21 16:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2008/12/17 23:24:14 | 006,510,416 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtGui4.dll
MOD - [2008/12/17 23:24:14 | 001,657,168 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtCore4.dll
MOD - [2008/12/17 23:24:14 | 000,396,112 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtOpenGL4.dll
MOD - [2008/12/17 23:24:14 | 000,366,928 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtNetwork4.dll
MOD - [2008/12/17 23:24:14 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\SDL.dll
MOD - [2008/11/10 14:17:04 | 000,059,144 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2008/11/10 14:16:38 | 000,087,816 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2008/11/10 14:16:12 | 000,233,736 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/12/22 03:42:14 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/22 03:41:48 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/11/17 07:29:18 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2007/11/07 09:35:40 | 000,702,792 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2007/07/24 12:01:38 | 000,153,408 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2011/10/22 23:52:37 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/06/22 21:48:08 | 000,322,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/06/22 21:48:00 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/10 14:16:36 | 002,344,200 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/11 12:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/12/05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/01 18:41:44 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/01/13 05:00:40 | 000,318,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/01/13 05:00:40 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/12/22 03:42:30 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/17 03:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/11/17 07:29:18 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/11/12 07:05:30 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/11/12 07:05:28 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/11/12 07:05:26 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/11/12 01:33:46 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/27 06:49:56 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/10/27 06:34:02 | 000,058,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/09/24 19:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/12/02 12:51:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2007/11/22 06:44:08 | 000,293,192 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2007/11/22 06:44:08 | 000,101,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2007/11/22 06:43:40 | 000,040,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/07/13 06:21:36 | 000,173,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2145520341-1081225889-2418946269-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKU\S-1-5-21-2145520341-1081225889-2418946269-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2145520341-1081225889-2418946269-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2145520341-1081225889-2418946269-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 00:05:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/29 22:21:56 | 000,000,000 | ---D | M]

[2009/09/05 18:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2011/12/02 16:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n9tpb8rm.default\extensions
[2010/05/04 17:55:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n9tpb8rm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(115)
[2010/05/04 17:55:00 | 000,000,000 | ---D | M] ("BTP Toolbar") -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n9tpb8rm.default\extensions\{5355be22-20f5-11dc-8314-0800200c9a66}(116)
[2010/05/04 17:55:05 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n9tpb8rm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(117)
[2010/03/13 12:14:37 | 000,001,820 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n9tpb8rm.default\searchplugins\bing.xml
[2011/11/10 00:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/25 16:38:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9TPB8RM.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9TPB8RM.DEFAULT\EXTENSIONS\{5355BE22-20F5-11DC-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9TPB8RM.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9TPB8RM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/10 00:05:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/10 00:05:54 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/10 00:05:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 00:05:54 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/10 00:05:54 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/10 00:05:54 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/12/03 17:10:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files (x86)\McAfee\MSK\mcapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files (x86)\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2145520341-1081225889-2418946269-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-2145520341-1081225889-2418946269-1000..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2145520341-1081225889-2418946269-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2145520341-1081225889-2418946269-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8:64bit: - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B032ED4B-9B1F-4BCF-B2A3-AC49F8AFA23E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/03 17:25:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\temp
[2011/12/03 17:10:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/03 16:52:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/03 16:52:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/03 16:52:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/03 16:52:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/03 16:52:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/03 16:44:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/03 16:42:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/12/03 12:04:16 | 004,326,308 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011/12/01 17:25:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\labour_review2_data
[2011/12/01 15:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/12/01 15:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/01 15:08:02 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/12/01 13:03:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\labour_review_data
[2011/11/30 09:51:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\emp_nov30humanrights_clientintak_data
[2011/11/28 09:51:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\emp_drugtestingsexharassment_data
[2011/11/24 11:32:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\labour_collectiveagreementsarbitration_data
[2011/11/23 17:22:55 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\crim_jurytrials2_data
[2011/11/21 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\crim_juries_data
[2011/11/21 09:48:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\emp_humanrights_data
[2011/11/17 17:24:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\labour_nov17_data
[2011/11/17 13:33:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\labour_international_collectiveagreements_data
[2011/11/16 17:19:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\crim_prelim3_data
[2011/11/16 09:56:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\emp_ESA2_CanadaLabourCode_data
[2011/11/14 11:03:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\emp_ESA_data
[2011/11/13 20:40:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Christmas
[2011/11/10 17:24:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\labour_nov10_class2_data
[2011/11/10 12:46:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\labour_Film_ESA_data
[2011/11/09 17:20:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\crim_preliminquiries_pretrialmotions_data
[2011/11/07 14:42:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Crim_disclosure_preliminquiry_data
[2011/11/07 09:50:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\emp_justcause_data
[2011/11/06 12:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2011/11/06 12:00:44 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
[2011/11/06 11:56:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\InstallShield
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/03 17:30:44 | 000,023,070 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011/12/03 17:11:27 | 000,108,637 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/03 17:10:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/03 17:09:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/03 17:09:56 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/03 17:09:52 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2011/12/03 17:09:44 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2011/12/03 17:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/03 16:42:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/12/03 12:39:12 | 000,002,551 | ---- | M] () -- C:\Users\Michael\Desktop\Attach.rar
[2011/12/03 12:04:55 | 004,326,308 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011/12/03 00:49:24 | 000,073,641 | ---- | M] () -- C:\Users\Michael\Desktop\labourgraphic.jpg
[2011/12/02 22:32:30 | 000,108,637 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/02 22:31:05 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/12/02 22:30:10 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2011/12/01 21:04:36 | 000,000,000 | ---- | M] () -- C:\ProgramData\BmkBbUbLh.dat
[2011/12/01 17:25:43 | 000,116,761 | ---- | M] () -- C:\Users\Michael\Desktop\labour_review2.aup
[2011/12/01 15:13:31 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/01 13:03:34 | 000,103,602 | ---- | M] () -- C:\Users\Michael\Desktop\labour_review.aup
[2011/11/30 15:09:17 | 000,000,497 | ---- | M] () -- C:\Users\Michael\Desktop\employerliability.htm
[2011/11/30 09:53:37 | 000,120,603 | ---- | M] () -- C:\Users\Michael\Desktop\emp_nov30humanrights_clientintak.aup
[2011/11/30 09:53:27 | 030,616,372 | ---- | M] () -- C:\Users\Michael\Desktop\emp_nov30humanrights_clientintak.mp3
[2011/11/30 09:51:20 | 000,120,604 | ---- | M] () -- C:\Users\Michael\Desktop\emp_nov30humanrights_clientintak.aup.bak
[2011/11/29 22:43:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/28 09:51:10 | 000,116,775 | ---- | M] () -- C:\Users\Michael\Desktop\emp_drugtestingsexharassment.aup
[2011/11/27 19:42:47 | 000,239,616 | ---- | M] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/26 20:57:31 | 000,023,346 | ---- | M] () -- C:\Users\Michael\Desktop\IMG_0509.jpg
[2011/11/24 11:32:02 | 000,083,738 | ---- | M] () -- C:\Users\Michael\Desktop\labour_collectiveagreementsarbitration.aup
[2011/11/23 17:22:57 | 000,115,846 | ---- | M] () -- C:\Users\Michael\Desktop\crim_jurytrials2.aup
[2011/11/23 12:39:32 | 061,179,637 | ---- | M] () -- C:\Users\Michael\Desktop\crim_prelim3.mp3
[2011/11/21 14:23:05 | 000,124,103 | ---- | M] () -- C:\Users\Michael\Desktop\crim_juries.aup
[2011/11/21 09:48:29 | 000,112,938 | ---- | M] () -- C:\Users\Michael\Desktop\emp_humanrights.aup
[2011/11/20 14:17:22 | 000,405,566 | ---- | M] () -- C:\Users\Michael\Documents\employerliability.pdf
[2011/11/19 15:23:35 | 003,794,643 | ---- | M] () -- C:\Users\Michael\Documents\Perfect Legal Storm FINAL EN wc.pdf
[2011/11/17 17:24:35 | 000,126,246 | ---- | M] () -- C:\Users\Michael\Desktop\labour_nov17.aup
[2011/11/17 13:33:15 | 000,079,609 | ---- | M] () -- C:\Users\Michael\Desktop\labour_international_collectiveagreements.aup
[2011/11/16 17:19:27 | 000,098,705 | ---- | M] () -- C:\Users\Michael\Desktop\crim_prelim3.aup
[2011/11/16 09:56:17 | 000,127,024 | ---- | M] () -- C:\Users\Michael\Desktop\emp_ESA2_CanadaLabourCode.aup
[2011/11/14 17:21:04 | 000,563,902 | ---- | M] () -- C:\Users\Michael\Documents\Balancing Rights_paper_final.pdf
[2011/11/14 15:50:43 | 000,088,698 | ---- | M] () -- C:\Users\Michael\Documents\healthviolence_good.pdf
[2011/11/14 11:03:37 | 000,122,110 | ---- | M] () -- C:\Users\Michael\Desktop\emp_ESA.aup
[2011/11/10 17:24:14 | 000,125,029 | ---- | M] () -- C:\Users\Michael\Desktop\labour_nov10_class2.aup
[2011/11/10 12:46:22 | 000,121,811 | ---- | M] () -- C:\Users\Michael\Desktop\labour_Film_ESA.aup
[2011/11/09 17:20:24 | 000,112,041 | ---- | M] () -- C:\Users\Michael\Desktop\crim_preliminquiries_pretrialmotions.aup
[2011/11/09 10:01:13 | 408,944,684 | ---- | M] () -- C:\Users\Michael\Desktop\emp_justcause_recovery_block1_channel2.wav
[2011/11/09 09:58:40 | 409,225,260 | ---- | M] () -- C:\Users\Michael\Desktop\emp_justcause_recovery_block1_channel1.wav
[2011/11/07 14:42:30 | 000,125,651 | ---- | M] () -- C:\Users\Michael\Desktop\Crim_disclosure_preliminquiry.aup
[2011/11/07 09:50:14 | 000,114,619 | ---- | M] () -- C:\Users\Michael\Desktop\emp_justcause.aup
[2011/11/06 12:24:16 | 000,086,012 | ---- | M] () -- C:\Users\Michael\Desktop\emp_successor.aup
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/03 16:52:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/03 16:52:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/03 16:52:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/03 16:52:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/03 16:52:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/03 12:39:12 | 000,002,551 | ---- | C] () -- C:\Users\Michael\Desktop\Attach.rar
[2011/12/01 21:04:36 | 000,000,000 | ---- | C] () -- C:\ProgramData\BmkBbUbLh.dat
[2011/12/01 17:25:43 | 000,116,761 | ---- | C] () -- C:\Users\Michael\Desktop\labour_review2.aup
[2011/12/01 15:13:31 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/01 15:09:04 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/01 13:10:56 | 000,073,641 | ---- | C] () -- C:\Users\Michael\Desktop\labourgraphic.jpg
[2011/12/01 13:03:34 | 000,103,602 | ---- | C] () -- C:\Users\Michael\Desktop\labour_review.aup
[2011/11/30 15:09:16 | 000,000,497 | ---- | C] () -- C:\Users\Michael\Desktop\employerliability.htm
[2011/11/30 09:51:40 | 030,616,372 | ---- | C] () -- C:\Users\Michael\Desktop\emp_nov30humanrights_clientintak.mp3
[2011/11/30 09:51:20 | 000,120,604 | ---- | C] () -- C:\Users\Michael\Desktop\emp_nov30humanrights_clientintak.aup.bak
[2011/11/30 09:51:20 | 000,120,603 | ---- | C] () -- C:\Users\Michael\Desktop\emp_nov30humanrights_clientintak.aup
[2011/11/28 09:51:10 | 000,116,775 | ---- | C] () -- C:\Users\Michael\Desktop\emp_drugtestingsexharassment.aup
[2011/11/26 20:44:39 | 000,023,346 | ---- | C] () -- C:\Users\Michael\Desktop\IMG_0509.jpg
[2011/11/24 11:32:02 | 000,083,738 | ---- | C] () -- C:\Users\Michael\Desktop\labour_collectiveagreementsarbitration.aup
[2011/11/23 17:22:57 | 000,115,846 | ---- | C] () -- C:\Users\Michael\Desktop\crim_jurytrials2.aup
[2011/11/23 12:33:23 | 061,179,637 | ---- | C] () -- C:\Users\Michael\Desktop\crim_prelim3.mp3
[2011/11/21 14:23:05 | 000,124,103 | ---- | C] () -- C:\Users\Michael\Desktop\crim_juries.aup
[2011/11/21 09:48:29 | 000,112,938 | ---- | C] () -- C:\Users\Michael\Desktop\emp_humanrights.aup
[2011/11/20 14:17:22 | 000,405,566 | ---- | C] () -- C:\Users\Michael\Documents\employerliability.pdf
[2011/11/19 15:23:35 | 003,794,643 | ---- | C] () -- C:\Users\Michael\Documents\Perfect Legal Storm FINAL EN wc.pdf
[2011/11/17 17:24:35 | 000,126,246 | ---- | C] () -- C:\Users\Michael\Desktop\labour_nov17.aup
[2011/11/17 13:33:15 | 000,079,609 | ---- | C] () -- C:\Users\Michael\Desktop\labour_international_collectiveagreements.aup
[2011/11/16 17:19:27 | 000,098,705 | ---- | C] () -- C:\Users\Michael\Desktop\crim_prelim3.aup
[2011/11/16 09:56:17 | 000,127,024 | ---- | C] () -- C:\Users\Michael\Desktop\emp_ESA2_CanadaLabourCode.aup
[2011/11/14 17:21:04 | 000,563,902 | ---- | C] () -- C:\Users\Michael\Documents\Balancing Rights_paper_final.pdf
[2011/11/14 15:50:43 | 000,088,698 | ---- | C] () -- C:\Users\Michael\Documents\healthviolence_good.pdf
[2011/11/14 11:03:37 | 000,122,110 | ---- | C] () -- C:\Users\Michael\Desktop\emp_ESA.aup
[2011/11/10 17:24:14 | 000,125,029 | ---- | C] () -- C:\Users\Michael\Desktop\labour_nov10_class2.aup
[2011/11/10 12:46:21 | 000,121,811 | ---- | C] () -- C:\Users\Michael\Desktop\labour_Film_ESA.aup
[2011/11/09 17:20:24 | 000,112,041 | ---- | C] () -- C:\Users\Michael\Desktop\crim_preliminquiries_pretrialmotions.aup
[2011/11/09 09:58:40 | 408,944,684 | ---- | C] () -- C:\Users\Michael\Desktop\emp_justcause_recovery_block1_channel2.wav
[2011/11/09 09:56:12 | 409,225,260 | ---- | C] () -- C:\Users\Michael\Desktop\emp_justcause_recovery_block1_channel1.wav
[2011/11/07 14:42:30 | 000,125,651 | ---- | C] () -- C:\Users\Michael\Desktop\Crim_disclosure_preliminquiry.aup
[2011/11/07 09:50:14 | 000,114,619 | ---- | C] () -- C:\Users\Michael\Desktop\emp_justcause.aup
[2011/05/04 16:06:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/16 17:52:09 | 000,000,150 | ---- | C] () -- C:\Windows\Readiris.ini
[2011/04/07 17:25:55 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/09/01 16:07:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2010/03/18 15:38:39 | 000,001,356 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2009/12/03 16:30:36 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 16:29:42 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 16:28:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/24 22:48:39 | 000,000,180 | ---- | C] () -- C:\Windows\SW_Win2000X6.DLL
[2009/11/24 22:46:13 | 000,000,048 | ---- | C] () -- C:\Windows\SW_Win2146X32.DLL
[2009/11/24 22:46:01 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx14_ic.ini
[2009/11/24 22:46:00 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\CSVSpecialProcessing.dll
[2009/11/24 22:46:00 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll
[2009/11/24 22:46:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RegisterExe.exe
[2009/09/13 09:22:12 | 000,001,460 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps64.dat
[2009/09/08 08:57:22 | 000,032,786 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\wklnhst.dat
[2009/09/05 18:56:05 | 000,239,616 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/21 07:34:58 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/21 05:12:22 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/03/21 04:54:21 | 000,108,637 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/21 04:54:21 | 000,108,637 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/20 23:45:12 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009/03/20 23:43:36 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2008/11/10 14:17:04 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2008/11/10 14:16:38 | 000,087,816 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2008/11/10 14:16:12 | 000,233,736 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/03/21 07:32:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/03/21 07:32:00 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/03/21 07:32:00 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/03/21 07:31:59 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/03/21 07:32:00 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/03/21 07:32:00 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/03/21 07:31:59 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/03/21 07:32:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache86\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\ERDNT\cache64\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = TdxtcpipMPFP [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{0A0D2949-4F36-4614-93EF-11F0CF18D3C9}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{226F35C9-603E-4F57-984F-01578DF61BCA}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{B032ED4B-9B1F-4BCF-B2A3-AC49F8AFA23E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 08 01 00 01 03 01 05 01 09 01 0A 01 0B 01 0C 01 0D 01 07 01 01 01 02 01 04 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 13
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Files - Unicode (All) ==========
[2011/11/20 18:53:40 | 007,497,856 | ---- | M] ()(C:\Users\Michael\Desktop\?_Daft_Punk_TRS_80_End_of_Line_The_Hype_Machine_186513.mp3) -- C:\Users\Michael\Desktop\►_Daft_Punk_TRS_80_End_of_Line_The_Hype_Machine_186513.mp3
[2011/11/20 18:53:40 | 007,497,856 | ---- | C] ()(C:\Users\Michael\Desktop\?_Daft_Punk_TRS_80_End_of_Line_The_Hype_Machine_186513.mp3) -- C:\Users\Michael\Desktop\►_Daft_Punk_TRS_80_End_of_Line_The_Hype_Machine_186513.mp3
[2011/11/20 18:51:15 | 003,647,616 | ---- | M] ()(C:\Users\Michael\Desktop\?_Miles_Davis_Chez_Le_Photographe_Du_Motel_The_Hype_Machine_472144.mp3) -- C:\Users\Michael\Desktop\►_Miles_Davis_Chez_Le_Photographe_Du_Motel_The_Hype_Machine_472144.mp3
[2011/11/20 18:51:14 | 003,647,616 | ---- | C] ()(C:\Users\Michael\Desktop\?_Miles_Davis_Chez_Le_Photographe_Du_Motel_The_Hype_Machine_472144.mp3) -- C:\Users\Michael\Desktop\►_Miles_Davis_Chez_Le_Photographe_Du_Motel_The_Hype_Machine_472144.mp3

< End of report >

___________________________________________________________________________________________________________________________

OTL Extras logfile created on: 12/3/2011 5:34:55 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.94 Gb Available Physical Memory | 68.60% Memory free
11.66 Gb Paging File | 9.72 Gb Available in Paging File | 83.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.99 Gb Total Space | 6.79 Gb Free Space | 2.40% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.52 Gb Free Space | 50.14% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2145520341-1081225889-2418946269-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 5F B4 ED 36 6A 77 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22DA83A2-3CE8-4F62-8C94-E25AD873FB30}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{443273F9-9380-4B57-B08F-76EDF88690AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A0519B2-36F1-4888-BDDF-7E81859D5A35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{84EDB3FF-4C57-42BD-99B3-F13BECE14CA6}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{8B0CB4BE-C5C0-4FA4-AF6E-0F32D39461AB}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{D67F16D8-D674-4ACD-9E0A-A600503D3292}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E8CE08A5-47F0-49A9-A5E4-D51AB81CD635}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{F0970C75-0E7B-474F-8477-7DE5DE535A11}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D762B4-4FF9-454C-BC55-453ED9550EDD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0CC7426E-03E1-47B6-8C77-656022C2AFE9}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{107E65A9-BF73-4118-9971-0513BA205C5B}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{1342295F-64FB-45D7-9C7C-0190D9DEFC3A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{15E706B8-CBB3-4D23-BA13-2F46B7608B62}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1755A68B-2D52-465C-9453-857485D28029}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{305DE10A-0F3E-4030-96B1-98D1D3B7EB30}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{579312E2-65A3-49DB-A274-F238510987C7}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{59933ECF-6D65-4338-B604-C9355ACCDC46}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{5A0F1A73-48B2-48AD-8144-47AC02F2CE06}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{5A4BC5A2-3109-40DA-9543-37DBB69A4779}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{8BD93305-A326-4332-8FF5-E2C9794D5224}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{A4424611-A323-4DE6-A5DB-42FB3C55724D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C6BFB1A5-2971-4981-9B4C-7B4392FF4517}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CA4495BE-9AA3-4370-9A48-5AC56AF712A3}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{D0230F25-FC60-40F1-9CCD-DD44D9BEB55E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D0597811-CB63-439F-B44F-1FFFE3EFFC83}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D3AF8AD6-BFB4-402D-97A3-2A8CC19E6319}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{DF44CB25-1982-42ED-8E3D-2A5EAB535587}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{F3DE6AEA-1CFD-43DE-BB44-4AF5D93F4705}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{F8209295-7415-4B4D-AE0F-DB83DAA0FD7C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{FBD3F7BA-212C-4D26-BC5A-B41550FA66DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF251384-08B8-461E-926F-860F1172569A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64CF95D4-DEDB-479A-8EAE-00147449A2F0}" = FastAccess
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.05.02.1227)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 29
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B840E248-C91D-4B07-A15C-5AEF86627346}" = Watson and McGowan Ontario Civil Practice
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity_is1" = Audacity 1.2.6
"AURC_is1" = Audacity Recovery Utility
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Convert PowerPoint_is1" = Convert PowerPoint
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EO_Video_1.3" = EO Video 1.36
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.94
"GetRight_is1" = GetRight
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
"MSC" = McAfee SecurityCenter
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.3.2
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.0.1
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2145520341-1081225889-2418946269-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/28/2010 12:01:49 PM | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/28/2010 12:07:33 PM | Computer Name = Michael-PC | Source = LoadPerf | ID = 3002
Description =

Error - 11/28/2010 12:28:29 PM | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/28/2010 12:28:29 PM | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1794

Error - 11/28/2010 12:28:29 PM | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1794

Error - 11/28/2010 12:28:30 PM | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/28/2010 12:28:30 PM | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2824

Error - 11/28/2010 12:28:30 PM | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2824

Error - 11/28/2010 12:29:08 PM | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/28/2010 12:29:08 PM | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 40560

[ Broadcom Wireless LAN Events ]
Error - 11/18/2011 7:51:54 PM | Computer Name = Michael-PC | Source = WLAN-Tray | ID = 0
Description = 18:51:53, Fri, Nov 18, 11 Error - Unable to gain access to user store

[ OSession Events ]
Error - 11/30/2009 9:30:27 PM | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1317
seconds with 720 seconds of active time. This session ended with a crash.

Error - 11/30/2009 9:31:17 PM | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/30/2009 11:26:42 PM | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6904
seconds with 2100 seconds of active time. This session ended with a crash.

Error - 4/9/2010 4:05:35 PM | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7217
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 4/9/2010 4:05:43 PM | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/9/2010 4:06:13 PM | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/9/2010 4:06:29 PM | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/9/2010 4:07:10 PM | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/9/2009 12:51:20 PM | Computer Name = Michael-PC | Source = HTTP | ID = 15016
Description =

Error - 9/9/2009 4:27:18 PM | Computer Name = Michael-PC | Source = HTTP | ID = 15016
Description =

Error - 9/9/2009 9:27:33 PM | Computer Name = Michael-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 9/10/2009 9:50:17 AM | Computer Name = Michael-PC | Source = HTTP | ID = 15016
Description =

Error - 9/10/2009 2:29:41 PM | Computer Name = Michael-PC | Source = HTTP | ID = 15016
Description =

Error - 9/10/2009 2:37:24 PM | Computer Name = Michael-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.115 for the Network Card with network
address 00242BC10C41 has been denied by the DHCP server 172.16.32.5 (The DHCP Server
sent a DHCPNACK message).

Error - 9/10/2009 4:43:01 PM | Computer Name = Michael-PC | Source = HTTP | ID = 15016
Description =

Error - 9/11/2009 7:24:15 AM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/11/2009 7:28:31 AM | Computer Name = Michael-PC | Source = bowser | ID = 8003
Description =

Error - 9/11/2009 9:39:16 AM | Computer Name = Michael-PC | Source = HTTP | ID = 15016
Description =

< End of report >

Attached Files

OTL.Txt 110.25KB 86 downloads
Extras.Txt 64.46KB 109 downloads
log.txt 14.09KB 114 downloads

#4
Essexboy

Posted 03 December 2011 - 05:26 PM

GeekU Moderator

Retired Staff
69,964 posts

OK another two checks now, how is the system behaving ?

Do the following:

Click on the Start button and then choose Control Panel.
Click on the System and Security link.

Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
In the Administrative Tools window, double-click on the Computer Management icon.
When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#5
gfawkes

Posted 03 December 2011 - 06:55 PM

New Member

Topic Starter
Member
3 posts

After the first two tests I havent had any issues. Seems back to normal :thumbsup:

I really appreciate the help. Do you think I should keep doing the second set of tests you recommended?

#6
Essexboy

Posted 04 December 2011 - 05:20 AM

GeekU Moderator

Retired Staff
69,964 posts

Just to be totally sure, yes. But, I feel they will show clean

Also could you check that windows updates work please

#7
Essexboy

Posted 08 December 2011 - 03:31 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.