ESET
C:\Documents and Settings\OEM Customer\Application Data\WinLive\WinLive.dll a variant of MSIL/Adware.BHO.B application cleaned by deleting - quarantined
OTL
OTL logfile created on: 6/19/2013 8:21:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\OEM Customer\Desktop\SysHealth Utlities
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.37 Gb Total Physical Memory | 0.34 Gb Available Physical Memory | 24.69% Memory free
3.23 Gb Paging File | 2.24 Gb Available in Paging File | 69.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.10 Gb Total Space | 21.01 Gb Free Space | 31.31% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 0.98 Gb Free Space | 13.15% Space Free | Partition Type: FAT32
Computer Name: PC863512472119 | User Name: OEM Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/06/18 18:17:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OEM Customer\Desktop\SysHealth Utlities\OTL.exe
PRC - [2013/06/13 19:14:24 | 029,335,608 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\OEM Customer\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/06/04 10:58:48 | 002,095,752 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2013/06/04 10:58:48 | 001,297,544 | ---- | M] (Comodo) -- C:\Program Files\Comodo\Dragon\dragon.exe
PRC - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/22 17:46:08 | 001,089,888 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/11/08 00:37:38 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2012/10/23 12:25:14 | 000,237,792 | ---- | M] (LSoft Technologies Inc) -- C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
PRC - [2012/02/17 13:02:52 | 001,828,712 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe
PRC - [2012/02/17 13:02:08 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe
PRC - [2010/04/06 01:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2009/10/05 14:05:24 | 000,080,456 | ---- | M] (Online Media Technologies Ltd.) -- C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/08 16:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013/06/04 10:58:48 | 002,095,752 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\OEM Customer\Application Data\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\OEM Customer\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/10/05 01:33:30 | 000,070,352 | ---- | M] () -- C:\Program Files\Comodo\COMODO Internet Security\scanners\smart.cav
MOD - [2012/09/08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/06/13 10:33:16 | 002,300,416 | ---- | M] () -- C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\QtCore4.dll
MOD - [2012/01/18 06:39:26 | 000,979,456 | ---- | M] () -- C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\QtNetwork4.dll
MOD - [2005/12/08 16:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (FLEXnet Licensing Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/12 18:03:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/04 10:58:48 | 002,095,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/21 19:09:54 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/17 14:11:56 | 000,123,392 | ---- | M] (Flexera Software) [On_Demand | Stopped] -- C:\Program Files\IHMC CmapServer\bin\CmapServer.exe -- (CmapServer-Exceptional_Children_Education)
SRV - [2012/12/14 11:42:36 | 001,532,880 | ---- | M] (AVG) [Auto | Stopped] -- C:\Program Files\AVG\AVG PC Tuneup\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/11/08 00:37:38 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/10/23 12:25:14 | 000,237,792 | ---- | M] (LSoft Technologies Inc) [Auto | Running] -- C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe -- (Active@ Disk Monitor)
SRV - [2012/09/17 13:14:28 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/02/17 13:02:08 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/04/06 01:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2009/10/05 14:05:24 | 000,080,456 | ---- | M] (Online Media Technologies Ltd.) [Auto | Running] -- C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe -- (AVSFirewallService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\EABFiltr.sys -- (eabfiltr)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\OEMCUS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/08 00:38:16 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/11/08 00:38:14 | 000,018,096 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2012/07/04 14:26:12 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG PC Tuneup\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/02/11 17:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\npf.sys -- (npf)
DRV - [2009/10/05 14:05:26 | 000,024,648 | ---- | M] (Online Media Technologies Ltd.) [Kernel | System | Running] -- C:\Program Files\AVS4YOU\AVSFirewall\AVSTDIFilterDrv.sys -- (AVSTDIFilterDrv)
DRV - [2009/10/05 14:05:26 | 000,023,624 | ---- | M] (Online Media Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVSNDISIMDriver.sys -- (AVSNDISIMMP)
DRV - [2009/10/05 14:05:26 | 000,023,624 | ---- | M] (Online Media Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVSNDISIMDriver.sys -- (AVSNDISIM)
DRV - [2009/10/05 14:05:26 | 000,017,992 | ---- | M] (Online Media Technologies Ltd.) [Kernel | System | Running] -- C:\Program Files\AVS4YOU\AVSFirewall\AVSRegMonDrv.sys -- (AVSRegMonDrv)
DRV - [2008/10/23 01:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/01 19:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/20 06:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 16:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 15:06:14 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/22 15:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 05:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/18 04:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/01 19:00:04 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/01 18:58:28 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/05/02 18:26:18 | 000,053,690 | ---- | M] (Samsung Electro-Mechanics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swlubtl.sys -- (swlubtl)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {1E54E320-C5A5-4839-9E60-CCB5AC847A1A}
IE - HKCU\..\SearchScopes\{01E3302E-8115-402D-B1E5-C484F7F9E55B}: "URL" = http://www.timeanddate.com/worldclock/results.html?src=br&query={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1ABFE6DA-2550-49B2-B214-ACE8D43926F4}: "URL" = http://www.ted.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{1E54E320-C5A5-4839-9E60-CCB5AC847A1A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{85281B1D-3CA5-4080-8F4B-3E3304A1E0F7}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{8F26B5E2-FC73-4651-AFB7-0A61F93132F7}: "URL" = http://search.msdn.microsoft.com/?query={searchTerms}
IE - HKCU\..\SearchScopes\{CEC5A3E1-AB0F-4DAF-BF46-1ADC5439BFDF}: "URL" = http://www27.wolframalpha.com/input/?i={searchTerms}
IE - HKCU\..\SearchScopes\{D6590C64-8581-4AF7-A7CB-87E0D06D2609}: "URL" = http://www.youtube.com/results?search_query={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.foxnews.com"
FF - prefs.js..extensions.enabledAddons: nuance%40pdf7:1.0
FF - prefs.js..extensions.enabledAddons: %7B4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064%7D:1.2
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: multilinks%40plugin:3.0.0.19
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.9
FF - prefs.js..extensions.enabledAddons: copyplaintext%40teo.pl:1.2
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.7
FF - prefs.js..extensions.enabledAddons: readable%40evernote.com:9.3369.854.430
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://us.search.yahoo.com/search?fr=ytff-comodo&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
[2012/11/21 02:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Extensions
[2013/06/05 23:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Extensions
[2013/06/05 23:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix
[2013/06/19 05:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\Extensions
[2013/05/21 18:03:50 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/06/01 13:44:16 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2013/06/19 05:53:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\Extensions\staged
[2013/05/23 12:37:35 | 000,045,330 | ---- | M] () (No name found) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\Extensions\copyplaintext@teo.pl.xpi
[2013/05/19 20:48:34 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\Extensions\elemhidehelper@adblockplus.org.xpi
[2013/05/19 21:50:27 | 000,038,090 | ---- | M] () (No name found) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\Extensions\multilinks@plugin.xpi
[2013/06/01 13:44:17 | 001,343,607 | ---- | M] () (No name found) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\Extensions\readable@evernote.com.xpi
[2013/05/19 21:50:27 | 000,060,290 | ---- | M] () (No name found) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\Extensions\translator@zoli.bod.xpi
[2013/05/19 21:50:27 | 000,011,510 | ---- | M] () (No name found) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\Extensions\youtube2mp3@mondayx.de.xpi
[2013/05/19 21:50:25 | 000,049,303 | ---- | M] () (No name found) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
[2013/05/19 20:45:26 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/21 19:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/21 19:10:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/05 14:29:34 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- C:\PROGRAM FILES\NUANCE\PDF PROFESSIONAL 7\FIREFOX
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Yahoo! Search (Enabled)
CHR - default_search_provider: search_url = http://us.search.yahoo.com/search?fr=chrc-comodo&type=GC&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\OEM Customer\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\OEM Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\OEM Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\OEM Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/06/06 21:42:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVSFirewall] C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe (Online Media Technologies Ltd.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [Fences] C:\Program Files\Stardock\Fences\Fences.exe (Stardock Corporation)
O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\OEM Customer\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Open with PDF Professional 7 - C:\Program Files\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Zeon Append to existing PDF - res://C:\Program Files\Zeon\DocuCom\PDF Driver 9\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML File not found
O8 - Extra context menu item: Zeon Convert link target to DocuCom PDF - res://C:\Program Files\Zeon\DocuCom\PDF Driver 9\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML File not found
O8 - Extra context menu item: Zeon Convert link target to existing PDF - res://C:\Program Files\Zeon\DocuCom\PDF Driver 9\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML File not found
O8 - Extra context menu item: Zeon Convert selected links to DocuCom PDF - res://C:\Program Files\Zeon\DocuCom\PDF Driver 9\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML File not found
O8 - Extra context menu item: Zeon Convert selected links to existing PDF - res://C:\Program Files\Zeon\DocuCom\PDF Driver 9\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML File not found
O8 - Extra context menu item: Zeon Convert to DocuCom PDF - res://C:\Program Files\Zeon\DocuCom\PDF Driver 9\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML File not found
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347721740343 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347894656437 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDC993FF-2095-449E-BE84-8D7BC3D270B2}: DhcpNameServer = 192.168.200.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\OEM Customer\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OEM Customer\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 03:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 19:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/06/18 17:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/18 04:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint 5.2
[2013/06/18 01:29:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\OEM Customer\Recent
[2013/06/16 01:35:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/16 01:35:00 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/12 15:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\Application Data\GTek
[2013/06/11 03:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\Application Data\Malwarebytes
[2013/06/11 03:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/11 03:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/06/11 03:01:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/11 03:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/11 01:14:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$
[2013/06/10 21:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gtek
[2013/06/09 02:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2013/06/09 01:24:42 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\thawbrkr.dll
[2013/06/07 00:08:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/06 21:30:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/06/06 20:47:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/06 20:47:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/06 20:47:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/06 20:47:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/06 20:41:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/06 20:16:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/05 23:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZIP Password
[2013/06/05 23:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\Application Data\WinLive
[2013/06/05 23:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\Application Data\MCommon
[2013/06/05 23:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/06/05 21:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\Application Data\EssentialPIM
[2013/06/05 14:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
[2013/06/05 06:09:49 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/06/04 15:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\Desktop\Converted
[2013/05/31 00:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\Local Settings\Application Data\Progeny
[2013/05/31 00:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Progeny
[2013/05/31 00:56:13 | 004,840,448 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf450.dll
[2013/05/31 00:55:48 | 000,000,000 | ---D | C] -- C:\PCOMP5
[2013/05/31 00:48:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/05/30 23:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FamilySearch
[2013/05/30 23:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\FamilySearch
[2013/05/30 23:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\My Documents\Gateway Church Sermons
[2013/05/30 23:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\Desktop\Horticulture Articles
[2013/05/30 11:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\My Documents\Genealogy - temp
[2013/05/29 11:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/05/28 12:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\Desktop\BB 9790 Docs
[2013/05/28 12:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\My Documents\BlackBerry
[2013/05/26 17:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\Desktop\current_lmrp
[2013/05/24 17:38:52 | 000,023,624 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\drivers\AVSNDISIMDriver.sys
[2013/05/24 17:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\My Documents\My Downloads
[2013/05/23 17:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Evernote
[2013/05/23 14:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2013/05/23 13:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\My Documents\Audacity
[2013/05/23 13:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OEM Customer\My Documents\New Folder
[2013/05/23 13:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2013/05/23 05:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013/05/21 19:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/06/19 08:27:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/06/19 08:02:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/19 07:33:02 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/19 06:18:54 | 000,001,081 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/19 06:16:15 | 000,001,047 | ---- | M] () -- C:\Documents and Settings\OEM Customer\Desktop\Dropbox.lnk
[2013/06/19 05:29:21 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/06/19 05:20:06 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/19 05:20:03 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013/06/19 05:19:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/19 05:19:35 | 1474,547,712 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/18 04:51:03 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013/06/18 03:21:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2013/06/18 01:39:37 | 000,231,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/18 01:33:27 | 000,000,332 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/06/17 19:06:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/16 01:38:33 | 000,055,861 | ---- | M] () -- C:\Junkware Removal screensho 2t.jpg
[2013/06/16 01:36:55 | 000,195,898 | ---- | M] () -- C:\Junkware Removal screenshot.jpg
[2013/06/15 11:12:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/06/12 18:44:04 | 000,057,028 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Glossary_Lay_Terms.pdf
[2013/06/12 18:02:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/12 18:02:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/06/12 17:52:32 | 000,043,232 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Echocardiogram Complete with Bubble Study_Weech_V_A_20121018.pdf
[2013/06/10 23:31:44 | 000,000,273 | ---- | M] () -- C:\hpqp.ini
[2013/06/10 23:31:41 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2013/06/07 23:57:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/06 21:42:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/06 20:56:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/06/05 23:51:25 | 000,047,934 | ---- | M] () -- C:\Documents and Settings\OEM Customer\Desktop\Zip screen shot.jpg
[2013/06/05 19:07:20 | 000,032,692 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\List of biotechnology companies - Wik.pdf
[2013/06/05 06:09:49 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/06/04 21:38:23 | 000,493,542 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\New Tracking Frontier_License Plates_WSJ.pdf
[2013/06/04 20:12:08 | 000,002,223 | ---- | M] () -- C:\Documents and Settings\OEM Customer\Desktop\EndNote.lnk
[2013/06/04 15:36:24 | 000,049,452 | ---- | M] () -- C:\Documents and Settings\OEM Customer\Desktop\Abbreviations related to the digestive system_Table 8_2_Ann Ehrlich and Carol Schroeder.jpg
[2013/06/03 11:07:50 | 001,019,698 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\A different atmoshere of Love_A qualitative study of experiences_2013.pdf
[2013/06/03 11:06:05 | 001,089,632 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Reducing service and substance use among frequent service users_report from Toronto Comm Addictions Team (TCAT)_2013.pdf
[2013/06/03 10:44:23 | 000,033,159 | ---- | M] () -- C:\Documents and Settings\OEM Customer\Desktop\Bookmarks.htm
[2013/06/03 00:58:40 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Weech.paf
[2013/06/02 23:14:03 | 000,507,240 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Account Overview - Cincinnati Bell My Account_V A Weech_20130602.pdf
[2013/06/01 15:18:10 | 000,004,531 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Defragmenter Report.pdf
[2013/05/31 22:39:33 | 000,016,047 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Weech.zip
[2013/05/31 20:58:01 | 000,016,649 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\History of Medicine_Sherwin B Nuland_Wikipedia.pdf
[2013/05/31 20:53:00 | 000,174,773 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\History of Medicine_Joseph Lister_pioneer of antiseptic surgery_Wikipedia, the free encyclopedia.pdf
[2013/05/31 20:51:35 | 000,519,037 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\History of Medicine - Wikipedia.pdf
[2013/05/31 20:50:37 | 000,166,047 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\History of Medicine_Galen - Wikipedia.pdf
[2013/05/31 20:19:08 | 000,100,397 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\2013-3-14 BIO Comments on Drug Shortages Task Force and Strategic Plan Final.pdf
[2013/05/31 18:33:16 | 000,517,204 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Rotech amended petition(1).pdf
[2013/05/31 16:19:28 | 001,141,138 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\UC-Health-Financial-Aid-Assitance-Form_COMPLETED_20130531.pdf
[2013/05/31 16:17:58 | 001,138,549 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\UC-Health-Financial-Aid-Assitance-Form_COMPLETED.pdf
[2013/05/31 16:14:50 | 001,003,776 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\UC-Health-Financial-Aid-Assitance-Form_ATTACHMENTS_eng_only application_20130531.pdf
[2013/05/31 15:55:24 | 000,136,385 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\UC-Health-Financial-Aid-Assitance-Form_FILLED-OUT_eng_only application_20130531.pdf
[2013/05/31 15:38:52 | 000,132,878 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\UC-Health-Financial-Aid-Assitance-Form-eng_only application_20130531.pdf
[2013/05/31 14:07:52 | 000,066,508 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\UC-Health-Financial-Aid-Assitance-Form-eng_20130531.pdf
[2013/05/31 13:10:22 | 000,209,549 | ---- | M] () -- C:\Documents and Settings\OEM Customer\Desktop\Gatkinsons[dot]net_index.ged
[2013/05/31 00:55:52 | 000,001,331 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PAF Companion.lnk
[2013/05/30 23:51:17 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PAF 5.lnk
[2013/05/28 19:38:51 | 000,289,123 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Studies of Trauma Survivors Show Trauma’s Short-Term and Enduring Effects on Mind and Body_Tucker_2013.pdf
[2013/05/28 19:35:19 | 000,104,714 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\New Approach Aids Treatment of Severe Addictions_Psych Central News.pdf
[2013/05/28 19:27:00 | 000,188,967 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Microsoft Remote Connectivity Analyzer_20130528.pdf
[2013/05/28 18:03:37 | 000,292,283 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Is Reality TV Making Narcissism Normal.pdf
[2013/05/28 18:01:26 | 000,410,825 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\American Psychiatric Association Releases DSM-5.pdf
[2013/05/28 18:00:51 | 000,287,878 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Childhood-neglect-linked-to-problems-sustaining-relationships.pdf
[2013/05/26 17:45:33 | 007,371,729 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\ASD_Apps_from_OCALI.pdf
[2013/05/23 18:15:43 | 176,152,576 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\precise-3.8.3.1-SCSI.iso
[2013/05/23 11:25:51 | 000,197,352 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Modern Attachment Theory_Schore & Schore_2008.pdf
[2013/05/23 10:18:40 | 000,083,823 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\KGI _ Corporate Partnerships _ Advisory Council.pdf
[2013/05/23 09:27:33 | 000,059,672 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Adopt-A-Class Annual Schedule 8-09.pdf
[2013/05/23 09:21:00 | 000,281,416 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Adopt-A-Class Program_2013.pdf
[2013/05/23 07:48:43 | 000,101,583 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\KGI_PhD_Thesis_Formats.pdf
[2013/05/23 06:33:02 | 000,129,572 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Theories of Personality_Chapter 5_quiz.pdf
[2013/05/22 18:28:13 | 003,055,436 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\NGS Translate Conference_May 28-30_2013.pdf
[2013/05/21 01:52:14 | 000,102,167 | ---- | M] () -- C:\Documents and Settings\OEM Customer\Desktop\phikap_Willaim T L Weech signature_18571127.jpg
[2013/05/20 09:17:35 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\AVSRegistryCleaner.job
[2013/05/20 08:44:39 | 000,128,282 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\Graphemic complexity and multiple print-to-sound associations in visual word recognition_Rey_2005.pdf
[2013/05/20 08:38:19 | 001,690,128 | ---- | M] () -- C:\Documents and Settings\OEM Customer\My Documents\From print to sound in mature readers_Mason_1978.pdf
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/06/19 06:18:52 | 000,001,081 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/18 01:39:37 | 000,231,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/17 22:19:31 | 1474,547,712 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/16 01:38:32 | 000,055,861 | ---- | C] () -- C:\Junkware Removal screensho 2t.jpg
[2013/06/16 01:36:55 | 000,195,898 | ---- | C] () -- C:\Junkware Removal screenshot.jpg
[2013/06/12 18:44:04 | 000,057,028 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Glossary_Lay_Terms.pdf
[2013/06/12 17:52:26 | 000,043,232 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Echocardiogram Complete with Bubble Study_Weech_V_A_20121018.pdf
[2013/06/11 01:56:57 | 000,000,332 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/06/06 21:41:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/06/06 21:30:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/06/06 21:30:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/06/06 20:47:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/06 20:47:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/06 20:47:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/06 20:47:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/06 20:47:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/06/05 23:51:23 | 000,047,934 | ---- | C] () -- C:\Documents and Settings\OEM Customer\Desktop\Zip screen shot.jpg
[2013/06/05 15:53:20 | 000,032,692 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\List of biotechnology companies - Wik.pdf
[2013/06/04 21:37:04 | 000,493,542 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\New Tracking Frontier_License Plates_WSJ.pdf
[2013/06/04 15:36:24 | 000,049,452 | ---- | C] () -- C:\Documents and Settings\OEM Customer\Desktop\Abbreviations related to the digestive system_Table 8_2_Ann Ehrlich and Carol Schroeder.jpg
[2013/06/03 11:07:50 | 001,019,698 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\A different atmoshere of Love_A qualitative study of experiences_2013.pdf
[2013/06/03 11:06:05 | 001,089,632 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Reducing service and substance use among frequent service users_report from Toronto Comm Addictions Team (TCAT)_2013.pdf
[2013/06/03 10:44:22 | 000,033,159 | ---- | C] () -- C:\Documents and Settings\OEM Customer\Desktop\Bookmarks.htm
[2013/06/02 23:04:03 | 000,507,240 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Account Overview - Cincinnati Bell My Account_V A Weech_20130602.pdf
[2013/06/01 15:18:08 | 000,004,531 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Defragmenter Report.pdf
[2013/05/31 22:39:32 | 000,016,047 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Weech.zip
[2013/05/31 20:57:58 | 000,016,649 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\History of Medicine_Sherwin B Nuland_Wikipedia.pdf
[2013/05/31 20:52:54 | 000,174,773 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\History of Medicine_Joseph Lister_pioneer of antiseptic surgery_Wikipedia, the free encyclopedia.pdf
[2013/05/31 20:51:18 | 000,519,037 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\History of Medicine - Wikipedia.pdf
[2013/05/31 20:50:22 | 000,166,047 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\History of Medicine_Galen - Wikipedia.pdf
[2013/05/31 20:19:07 | 000,100,397 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\2013-3-14 BIO Comments on Drug Shortages Task Force and Strategic Plan Final.pdf
[2013/05/31 18:33:15 | 000,517,204 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Rotech amended petition(1).pdf
[2013/05/31 16:17:57 | 001,138,549 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\UC-Health-Financial-Aid-Assitance-Form_COMPLETED.pdf
[2013/05/31 16:17:40 | 001,141,138 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\UC-Health-Financial-Aid-Assitance-Form_COMPLETED_20130531.pdf
[2013/05/31 16:14:50 | 001,003,776 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\UC-Health-Financial-Aid-Assitance-Form_ATTACHMENTS_eng_only application_20130531.pdf
[2013/05/31 15:55:23 | 000,136,385 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\UC-Health-Financial-Aid-Assitance-Form_FILLED-OUT_eng_only application_20130531.pdf
[2013/05/31 15:09:45 | 000,132,878 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\UC-Health-Financial-Aid-Assitance-Form-eng_only application_20130531.pdf
[2013/05/31 14:07:51 | 000,066,508 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\UC-Health-Financial-Aid-Assitance-Form-eng_20130531.pdf
[2013/05/31 13:10:14 | 000,209,549 | ---- | C] () -- C:\Documents and Settings\OEM Customer\Desktop\Gatkinsons[dot]net_index.ged
[2013/05/31 01:03:31 | 000,159,744 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Weech.paf
[2013/05/31 00:55:52 | 000,001,331 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PAF Companion.lnk
[2013/05/30 23:51:17 | 000,001,655 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PAF 5.lnk
[2013/05/28 19:38:51 | 000,289,123 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Studies of Trauma Survivors Show Trauma’s Short-Term and Enduring Effects on Mind and Body_Tucker_2013.pdf
[2013/05/28 19:35:16 | 000,104,714 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\New Approach Aids Treatment of Severe Addictions_Psych Central News.pdf
[2013/05/28 19:26:54 | 000,188,967 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Microsoft Remote Connectivity Analyzer_20130528.pdf
[2013/05/28 18:03:37 | 000,292,283 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Is Reality TV Making Narcissism Normal.pdf
[2013/05/28 18:01:25 | 000,410,825 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\American Psychiatric Association Releases DSM-5.pdf
[2013/05/28 18:00:51 | 000,287,878 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Childhood-neglect-linked-to-problems-sustaining-relationships.pdf
[2013/05/26 17:43:54 | 007,371,729 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\ASD_Apps_from_OCALI.pdf
[2013/05/23 20:09:58 | 000,152,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/05/23 18:06:31 | 176,152,576 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\precise-3.8.3.1-SCSI.iso
[2013/05/23 13:07:48 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2013/05/23 11:25:51 | 000,197,352 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Modern Attachment Theory_Schore & Schore_2008.pdf
[2013/05/23 10:18:31 | 000,083,823 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\KGI _ Corporate Partnerships _ Advisory Council.pdf
[2013/05/23 09:27:33 | 000,059,672 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Adopt-A-Class Annual Schedule 8-09.pdf
[2013/05/23 09:20:59 | 000,281,416 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Adopt-A-Class Program_2013.pdf
[2013/05/23 07:48:42 | 000,101,583 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\KGI_PhD_Thesis_Formats.pdf
[2013/05/23 06:32:57 | 000,129,572 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Theories of Personality_Chapter 5_quiz.pdf
[2013/05/22 18:28:12 | 003,055,436 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\NGS Translate Conference_May 28-30_2013.pdf
[2013/05/21 01:52:03 | 000,102,167 | ---- | C] () -- C:\Documents and Settings\OEM Customer\Desktop\phikap_Willaim T L Weech signature_18571127.jpg
[2013/05/20 08:44:39 | 000,128,282 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\Graphemic complexity and multiple print-to-sound associations in visual word recognition_Rey_2005.pdf
[2013/05/20 08:38:18 | 001,690,128 | ---- | C] () -- C:\Documents and Settings\OEM Customer\My Documents\From print to sound in mature readers_Mason_1978.pdf
[2013/05/17 05:15:46 | 000,005,642 | ---- | C] () -- C:\Documents and Settings\OEM Customer\Local Settings\Application Data\recently-used.xbel
[2013/05/03 18:38:23 | 000,059,908 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/03/17 12:30:19 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\OEM Customer\.powerupdate.user.properties
[2013/03/15 22:58:05 | 1319,238,504 | ---- | C] () -- C:\Documents and Settings\OEM Customer\TRACE_BOOT+DRIVERS_1_1.BIN
[2013/03/14 22:11:47 | 000,067,584 | ---- | C] () -- C:\WINDOWS\unlite2.exe
[2013/03/14 22:11:27 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2013/03/14 22:11:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2013/03/14 22:11:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2013/03/14 22:11:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2013/03/14 22:11:25 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2013/03/14 22:11:25 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2013/02/16 00:34:40 | 001,716,474 | ---- | C] () -- C:\Documents and Settings\OEM Customer\Localizable.strings
[2013/02/15 16:16:48 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\OEM Customer\Application Data\wklnhst.dat
[2013/02/12 07:06:52 | 000,109,696 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2013/02/12 07:06:52 | 000,091,264 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2013/02/11 20:04:43 | 000,030,048 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2012/11/14 10:16:34 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/09/27 18:41:19 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\OEM Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/27 00:34:34 | 000,010,709 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat
[2012/09/27 00:30:40 | 000,176,478 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2012/09/27 00:30:40 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2012/09/26 17:03:41 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/15 12:37:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/15 12:37:03 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\OEM Customer\Local Settings\Application Data\fusioncache.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2004/08/07 09:05:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/06/28 17:33:05 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[color=#E56717]========== LOP Check ==========[/color]
[2013/05/02 04:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/02/15 17:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4Media
[2013/05/19 15:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2012/10/16 08:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Copernic
[2012/11/14 10:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2013/02/22 10:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2013/05/11 16:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firebird
[2013/04/18 10:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
[2012/09/14 20:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2013/04/05 15:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2013/02/28 08:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2013/05/31 00:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Progeny
[2013/03/04 08:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/06/09 02:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2013/05/01 23:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2013/02/28 06:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
[2013/02/18 21:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2013/05/19 15:47:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/02/15 17:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\4Media
[2013/05/23 14:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Audacity
[2012/09/18 11:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Auslogics
[2013/05/19 15:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\AVG
[2012/09/26 23:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Bullzip
[2012/11/13 00:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\ClassRoom GradeBook
[2013/05/18 12:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\CmapTools
[2013/03/04 06:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\CompuClever
[2013/03/16 22:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Dexpot
[2013/06/19 06:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Dropbox
[2013/04/22 19:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\ElevatedDiagnostics
[2013/06/04 20:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\EndNote
[2013/04/06 15:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\EQATEC Analytics
[2013/06/11 01:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\EssentialPIM
[2013/03/01 16:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Gapminder Foundation
[2013/02/28 07:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Leadertech
[2013/06/05 23:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\MCommon
[2012/11/20 21:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Netscape
[2013/04/05 14:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Nuance
[2012/09/26 07:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\OpenOffice.org
[2013/05/15 05:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Participatory Culture Foundation
[2013/05/05 00:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\RadioMaximus
[2013/02/28 10:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\RaimaRadioPro
[2013/03/17 00:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Research In Motion
[2013/05/01 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Stardock
[2013/02/15 16:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Template
[2013/02/14 07:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Western Digital
[2012/09/17 10:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Windows Desktop Search
[2012/09/25 17:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Windows Search
[2013/06/19 08:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\WinLive
[2013/04/05 14:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OEM Customer\Application Data\Zeon
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 242 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0574215C
@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
< End of report >
OTL Extras logfile created on: 6/19/2013 8:21:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\OEM Customer\Desktop\SysHealth Utlities
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.37 Gb Total Physical Memory | 0.34 Gb Available Physical Memory | 24.69% Memory free
3.23 Gb Paging File | 2.24 Gb Available in Paging File | 69.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.10 Gb Total Space | 21.01 Gb Free Space | 31.31% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 0.98 Gb Free Space | 13.15% Space Free | Partition Type: FAT32
Computer Name: PC863512472119 | User Name: OEM Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = DragonHTML] -- Reg Error: Key error. File not found
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5000:TCP" = 5000:TCP:*:Enabled:Active@ SMART Monitor
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\IHMC CmapTools\jre\bin\javaw.exe" = C:\Program Files\IHMC CmapTools\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\OEM Customer\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\OEM Customer\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0445CB69-8F32-4067-9A36-B48D26C108EE}" = Human Development Trends 2005
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{13CD417D-F1F1-4AC4-945D-FDDEB884756F}" = Microsoft Baseline Security Analyzer 2.2
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1C42D474-BDBD-4200-829D-28246879365D}" = Active@ Hard Disk Monitor
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{291820D0-A626-40F9-BDFF-8D5CEAB04243}" = Google Advertising Cookie Opt-out
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2B4B2BD0-AF01-450F-BD44-6630E297A80A}" = ClassRoom GradeBook 8
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CC2635-60EB-451F-BECB-4F5B25FABE6D}" = Nuance PDF Converter Professional 7
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5F6C549F-78DA-4E0E-AE70-0BD981936D99}" = Nuance PDF Reader
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6146B9DC-C33D-11E2-BDE1-984BE15F174E}" = Evernote v. 4.6.6
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7606E6DA-E168-42B5-8345-B08BF774CB30}" = The Scala Programming Language
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}" = Microsoft Small Basic v1.0
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}" = Personal Ancestral File Companion 5.7
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}" = HP Product Detection
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E36B69-687C-43B3-93BA-5E4B6E531023}_is1" = RAMMon V1.0
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E62381A7-B1C1-4121-8262-84D38C77786C}" = COMODO Internet Security
"{EA561FC0-A965-11E2-94D3-B8AC6F98CCE3}" = Google Earth Plug-in
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Media iPod to PC Transfer" = 4Media iPod to PC Transfer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Agena" = Agena
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 2.0.3
"AudibleManager" = AudibleManager
"AVG PC TuneUp" = AVG PC TuneUp
"AVS Audio Converter_is1" = AVS Audio Converter 7
"AVS Audio Editor_is1" = AVS Audio Editor 7.1
"AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0
"AVS Disc Creator_is1" = AVS Disc Creator 5
"AVS Document Converter_is1" = AVS Document Converter 2.2.6
"AVS DVD Copy_is1" = AVS DVD Copy 4.1.2.283
"AVS Firewall_is1" = AVS Firewall version 2.1
"AVS Image Converter_is1" = AVS Image Converter 2.3.3.249
"AVS Media Player_is1" = AVS Media Player 4.1.11.100
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Registry Cleaner_is1" = AVS Registry Cleaner 2.2.3.237
"AVS Ringtone Maker 1.6_is1" = AVS Ringtone Maker version 1.6
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.1.4.150
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"AVSRegistryCleaner_is1" = AVS Registry Cleaner version 2.1
"CCleaner" = CCleaner
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"Comodo Dragon" = Comodo Dragon
"Do Not Track Me Add-on_is1" = Do Not Track Me Add-on 2.2.8.122
"ESET Online Scanner" = ESET Online Scanner v3
"Eusing Cleaner" = Eusing Cleaner
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free Internet Window Washer" = Free Internet Window Washer
"Free IP Switcher" = Free IP Switcher
"FreeCommander_is1" = FreeCommander 2009.02b
"Freemake Video Downloader_is1" = Freemake Video Downloader
"Gapminder World 0.0.6 (x86 en-US)" = Gapminder World 0.0.6 (x86 en-US)
"GIMP-2_is1" = GIMP 2.8.4
"ie8" = Windows Internet Explorer 8
"IHMC CmapServer v5.04.03" = IHMC CmapServer v5.04.03
"IHMC CmapTools v5.05.01" = IHMC CmapTools v5.05.01
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"ONENOTER" = Microsoft Office OneNote 2007
"OSForensics_is1" = OSForensics
"RarmaRadio_is1" = RarmaRadio 2.69
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"Stardock Fences 2" = Stardock Fences 2
"TopStyle Lite (Version 2)" = TopStyle Lite (Version 2)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"Dropbox" = Dropbox
"RadioMaximus_is1" = RadioMaximus 1.85
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 6/18/2013 5:09:22 PM | Computer Name = PC863512472119 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.
Error - 6/18/2013 5:09:22 PM | Computer Name = PC863512472119 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.
Error - 6/18/2013 5:09:23 PM | Computer Name = PC863512472119 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.
Error - 6/18/2013 5:09:23 PM | Computer Name = PC863512472119 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.
Error - 6/18/2013 5:09:23 PM | Computer Name = PC863512472119 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.
Error - 6/18/2013 5:09:23 PM | Computer Name = PC863512472119 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.
Error - 6/18/2013 5:09:23 PM | Computer Name = PC863512472119 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.
Error - 6/18/2013 5:09:23 PM | Computer Name = PC863512472119 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.
Error - 6/18/2013 5:09:24 PM | Computer Name = PC863512472119 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.
Error - 6/19/2013 5:31:08 AM | Computer Name = PC863512472119 | Source = FolderSize | ID = 0
Description =
< End of report >