Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Internet Explorer Being HIJACKED (virumonde?)....

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Posts
    22

    Default Internet Explorer Being HIJACKED (virumonde?)....

    Only in internet explorer (not firefox) if I go to a website like yahoo.com and click a click it take me to some strange website. I can't click any link.
    Please Help! School has started and I despairing need it fix.

    Thank you in advance. Here are the Logs for from Hi-jack this and Spybot log as well.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:09:39 PM, on 1/6/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
    C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Windows\SysWOW64\OSDFORM.exe
    C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
    C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
    C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
    C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    C:\PROGRA~2\ACROSO~1\CUTEPD~1\cpwsave.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
    O4 - HKLM\..\Run: [HP KEYBOARD] "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
    O4 - HKLM\..\Run: [Buttons & OSDs control application gen2] "C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [FPCCSMiddleware] "C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [notepad] rundll32.exe C:\Windows\system32\notepad.dll,_IWMPEvents@0
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [HPSmartCenterBoot] _C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
    O4 - HKCU\..\Run: [notepad] rundll32.exe C:\Users\ARTIST~1\ntload.dll,_IWMPEvents@0
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Desktop Manager.lnk = C:\Program Files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe
    O4 - Global Startup: McAfee Security Scan.lnk = ?
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Cus...ataManager.CAB
    O16 - DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} (CPlayFirstDiaperDashControl Object) - http://www.shockwave.com/content/dia...eb.1.0.0.4.cab
    O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} (TeamOn Import Object) - https://bis.na.blackberry.com/html/w...s/TOImport.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Touch Screen Enhance - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14628 bytes

  2. #2
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Copy-paste following contents into custom scan -area:
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      /md5stop
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    Microsoft Windows Insider MVP 2016-2019
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Jun 2008
    Posts
    22

    Default otl.txt

    OTL logfile created on: 1/12/2010 9:02:55 PM - Run 1
    OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\chudneymiles\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18865)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.79 Gb Total Space | 34.78 Gb Free Space | 12.13% Space Free | Partition Type: NTFS
    Drive D: | 11.30 Gb Total Space | 1.52 Gb Free Space | 13.48% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: THEMILES
    Current User Name: chudneymiles
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\chudneymiles\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    PRC - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe (Microsoft Corp.)
    PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
    PRC - C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
    PRC - C:\Windows\SysWOW64\OSDForm.exe ()
    PRC - C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
    PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    PRC - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    PRC - C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\chudneymiles\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\SysWOW64\wininet.dll (Microsoft Corporation)
    MOD - C:\Windows\SysWOW64\notepad.dll (Microsoft)
    MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
    MOD - C:\Windows\SysWOW64\lz32.dll (Microsoft Corporation)
    MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll ()
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (iPod Service) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
    SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
    SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
    SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (HP Touch Screen Enhance) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
    SRV - (HP Health Check Service) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
    SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
    SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
    SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (WLSetupSvc) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
    SRV - (usnjsvc) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
    SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 00,000,000 | ---D | M]
    SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
    SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
    SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
    DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys ()
    DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys ()
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
    DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys ()
    DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys ()
    DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\DRIVERS\rcmirror.sys ()
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
    DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys ()
    DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys ()
    DRV:64bit: - (ACPIService) -- C:\Windows\SysNative\DRIVERS\OSDACPI.SYS ()
    DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys ()
    DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys ()
    DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys ()
    DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
    DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys ()
    DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
    DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
    DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys ()
    DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys ()
    DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys ()
    DRV:64bit: - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\DRIVERS\bthpan.sys ()
    DRV:64bit: - (winusb) -- C:\Windows\SysNative\DRIVERS\winusb.sys ()
    DRV:64bit: - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys ()
    DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
    DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
    DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
    DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys ()
    DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys ()
    DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
    DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
    DRV - (winusb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
    DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
    DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q="


    FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\Firefox [2009/12/01 16:40:24 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/12/01 16:40:27 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/06 11:31:35 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/06 11:31:35 | 00,000,000 | ---D | M]

    [2009/03/05 23:55:09 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Extensions
    [2009/03/05 23:55:09 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2010/01/12 19:11:13 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions
    [2009/07/28 21:01:31 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/12/31 11:34:46 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/01/04 02:44:15 | 00,002,186 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\searchplugins\bing.xml
    [2010/01/12 19:11:13 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

    O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
    O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
    O4:64bit: - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
    O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [Buttons & OSDs control application gen2] C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [FPCCSMiddleware] C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
    O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [HP KEYBOARD] C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
    O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [notepad] C:\Windows\SysWow64\notepad.DLL (Microsoft)
    O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [HPSmartCenterBoot] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe (Hewlett-Packard)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [notepad] C:\Users\chudneymiles\ntload.dll ()
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Cus...ataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} http://www.shockwave.com/content/dia...eb.1.0.0.4.cab (CPlayFirstDiaperDashControl Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.na.blackberry.com/html/w...s/TOImport.cab (TeamOn Import Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\chp.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\chp.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{191203ef-79a1-11de-ba2d-0021867c1f84}\Shell - "" = AutoRun
    O33 - MountPoints2\{191203ef-79a1-11de-ba2d-0021867c1f84}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{1a66da45-6205-11de-abac-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{1a66da45-6205-11de-abac-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{91d4cfa4-c090-11de-9797-0021867c1f84}\Shell - "" = AutoRun
    O33 - MountPoints2\{91d4cfa4-c090-11de-9797-0021867c1f84}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
    O33 - MountPoints2\{b160490a-4b14-11de-b049-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{b160490a-4b14-11de-b049-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{caa6ed2f-3742-11de-923c-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{caa6ed2f-3742-11de-923c-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    64bit: O35 - comfile [open] -- "%1" %* File not found
    64bit: O35 - exefile [open] -- "%1" %* File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/01/11 18:55:01 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\kBilling Company File Backup
    [2010/01/11 17:15:12 | 00,581,632 | ---- | C] (Christian Werner Software & Consulting) -- C:\Windows\SysWow64\sqlite3odbc.dll
    [2010/01/11 17:15:07 | 00,000,000 | ---D | C] -- C:\ProgramData\kBilling
    [2010/01/10 03:22:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
    [2010/01/10 03:01:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
    [2010/01/08 14:39:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\kBilling
    [2010/01/08 14:36:44 | 00,000,000 | ---D | C] -- C:\1d46e260dcf7a5394c623ba6e768
    [2010/01/06 17:39:55 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/01/06 17:39:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2010/01/06 17:27:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2010/01/06 16:33:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2010/01/06 16:33:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2010/01/05 10:13:28 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\carmiles
    [2010/01/05 10:13:16 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\New Folder (2)
    [2010/01/05 10:02:54 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\SmartDraw
    [2010/01/05 10:02:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SmartDraw 2010
    [2010/01/04 22:04:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
    [2010/01/04 21:23:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
    [2010/01/04 17:46:10 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\Malwarebytes
    [2010/01/04 17:46:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/01/04 17:46:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/01/04 17:46:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/01/04 13:36:02 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2010/01/04 13:22:16 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2010/01/04 13:22:16 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2010/01/04 13:22:16 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
    [2010/01/04 13:22:15 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
    [2010/01/04 13:22:15 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
    [2010/01/04 13:22:14 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
    [2010/01/04 13:22:14 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2010/01/04 13:22:14 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2010/01/04 13:22:13 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
    [2010/01/04 13:22:13 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2010/01/04 13:22:12 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
    [2010/01/04 13:22:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2010/01/04 13:22:11 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2010/01/04 13:22:06 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2010/01/04 13:22:06 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2010/01/04 13:20:25 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
    [2010/01/04 13:20:25 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
    [2010/01/04 13:20:24 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
    [2010/01/04 13:20:24 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2010/01/04 13:20:24 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll
    [2010/01/04 13:20:23 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2010/01/04 13:20:21 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2010/01/04 13:20:21 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
    [2010/01/04 13:20:21 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2010/01/04 13:20:21 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2010/01/04 13:20:19 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
    [2010/01/04 13:20:19 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
    [2010/01/04 13:20:19 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
    [2010/01/04 13:20:19 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
    [2010/01/04 13:20:18 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
    [2010/01/04 13:20:18 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2010/01/04 13:20:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
    [2010/01/04 13:20:18 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2010/01/04 13:20:18 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2010/01/04 13:20:18 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2010/01/04 13:20:17 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
    [2010/01/04 13:20:17 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe
    [2010/01/04 13:20:16 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2010/01/04 13:20:16 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2010/01/04 13:20:15 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2010/01/04 13:20:15 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2010/01/04 13:20:14 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2010/01/04 13:20:14 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe
    [2010/01/04 13:20:14 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2010/01/04 13:20:14 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2010/01/04 13:20:14 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
    [2010/01/04 01:22:48 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\TurboTax
    [2010/01/04 01:19:54 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\Intuit
    [2010/01/04 01:19:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
    [2010/01/04 01:14:08 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Local\IsolatedStorage
    [2010/01/04 01:14:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Intuit
    [2010/01/04 01:14:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
    [2010/01/04 01:12:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
    [2010/01/03 21:38:15 | 00,000,000 | ---D | C] -- C:\Windows\Hotel Dash Suite Success
    [2010/01/03 21:38:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hotel Dash Suite Success
    [2010/01/02 23:22:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo! Games
    [2009/12/17 05:10:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
    [2009/12/17 04:27:33 | 13,218,1104 | ---- | C] (Research In Motion Ltd. ) -- C:\Users\chudneymiles\Desktop\9530AMEA_PBr5_1_.0.0_rel508_PL4.2.0.128_A5.0.0.328.exe
    [2009/12/17 04:13:17 | 00,000,000 | ---D | C] -- C:\Program Files\JL_Cmder
    [2009/12/17 04:04:01 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1
    [2009/12/17 04:03:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\JL_Cmder
    [2009/11/20 17:56:27 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.sys
    [1 C:\Users\chudneymiles\Documents\*.tmp files -> C:\Users\chudneymiles\Documents\*.tmp -> ]
    [1 C:\Users\chudneymiles\Desktop\*.tmp files -> C:\Users\chudneymiles\Desktop\*.tmp -> ]

  4. #4
    Junior Member
    Join Date
    Jun 2008
    Posts
    22

    Default otl.txt continued

    ========== Files - Modified Within 30 Days ==========

    [2010/01/12 21:00:37 | 05,505,024 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat
    [2010/01/12 20:55:55 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/01/12 20:55:55 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/01/12 19:24:48 | 00,645,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/01/12 19:24:47 | 00,760,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/01/12 19:24:47 | 00,119,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/01/12 19:03:11 | 00,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
    [2010/01/12 19:00:51 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{083DAF79-A533-47B8-8521-868AF2AE6BD5}.job
    [2010/01/12 18:59:39 | 00,000,478 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
    [2010/01/12 18:55:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/01/12 18:55:52 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/01/12 18:04:46 | 00,004,775 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2010/01/12 18:02:22 | 00,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/01/12 10:04:26 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/12 10:04:26 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TM.blf
    [2010/01/12 10:02:38 | 03,241,330 | -H-- | M] () -- C:\Users\chudneymiles\AppData\Local\IconCache.db
    [2010/01/11 22:48:07 | 00,081,920 | ---- | M] () -- C:\Users\chudneymiles\Documents\C&C HOME & CLEANING SOLUTIONS.kpd
    [2010/01/11 22:02:39 | 00,010,517 | ---- | M] () -- C:\Users\chudneymiles\Documents\Letrisha I1002.pdf
    [2010/01/11 21:37:59 | 00,019,299 | ---- | M] () -- C:\Users\chudneymiles\Documents\psychology chapter 2.docx
    [2010/01/11 20:06:27 | 00,086,016 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/11 19:33:51 | 00,000,248 | ---- | M] () -- C:\Windows\ODBC.INI
    [2010/01/11 19:31:14 | 00,008,253 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1456.pdf
    [2010/01/11 19:28:33 | 00,008,737 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1001.pdf
    [2010/01/11 19:17:10 | 00,008,377 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Michael Lee & Bridgett Lee I1001.pdf
    [2010/01/11 17:15:12 | 00,000,191 | ---- | M] () -- C:\Windows\ODBCINST.INI
    [2010/01/11 17:15:11 | 00,001,622 | ---- | M] () -- C:\Users\Public\Desktop\kBilling.lnk
    [2010/01/10 19:23:57 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ychology chapter 2.docx
    [2010/01/10 03:22:33 | 00,001,666 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
    [2010/01/10 03:19:08 | 00,001,600 | ---- | M] () -- C:\Users\chudneymiles\Desktop\MagicISO.lnk
    [2010/01/10 02:17:58 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2010/01/10 02:14:16 | 00,000,744 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010/01/09 00:41:22 | 00,833,002 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8345.JPG
    [2010/01/09 00:41:08 | 00,847,598 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8350.JPG
    [2010/01/09 00:40:57 | 00,717,037 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8344.JPG
    [2010/01/09 00:40:38 | 00,820,746 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8348.JPG
    [2010/01/09 00:40:19 | 00,687,458 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8340.JPG
    [2010/01/08 22:59:29 | 00,001,831 | ---- | M] () -- C:\Users\chudneymiles\Desktop\kBilling.lnk
    [2010/01/08 21:37:59 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/08 19:18:26 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/08 19:18:26 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TM.blf
    [2010/01/08 19:18:17 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/08 18:51:32 | 00,098,748 | ---- | M] () -- C:\Users\chudneymiles\Documents\f psychology test.docx
    [2010/01/08 18:51:32 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$psychology test.docx
    [2010/01/08 15:40:04 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/08 15:40:04 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TM.blf
    [2010/01/08 15:26:32 | 00,068,608 | ---- | M] () -- C:\Users\chudneymiles\Documents\C & C Cleaning Solution.kpd
    [2010/01/08 14:39:35 | 00,005,024 | ---- | M] () -- C:\ProgramData\dbvvomjc.bpt
    [2010/01/07 22:16:05 | 00,001,041 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\vso_ts_preview.xml
    [2010/01/07 01:09:56 | 00,000,768 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\wklnhst.dat
    [2010/01/06 17:39:39 | 00,000,725 | ---- | M] () -- C:\Users\chudneymiles\Desktop\NTREGOPT.lnk
    [2010/01/06 17:39:39 | 00,000,706 | ---- | M] () -- C:\Users\chudneymiles\Desktop\ERUNT.lnk
    [2010/01/06 17:27:07 | 00,001,890 | ---- | M] () -- C:\Users\chudneymiles\Desktop\HijackThis.lnk
    [2010/01/05 12:25:46 | 03,293,062 | ---- | M] () -- C:\Users\chudneymiles\Documents\Doc1.docx
    [2010/01/05 12:25:46 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$Doc1.docx
    [2010/01/05 10:02:51 | 00,000,855 | ---- | M] () -- C:\Users\chudneymiles\Desktop\SmartDraw 2010.lnk
    [2010/01/04 22:45:11 | 02,279,985 | ---- | M] () -- C:\Users\chudneymiles\Documents\chapter 7 Patricia.pdf
    [2010/01/04 22:44:48 | 02,348,725 | ---- | M] () -- C:\Users\chudneymiles\Documents\ch7volpp.pdf
    [2010/01/04 22:13:29 | 00,125,048 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/01/04 22:11:21 | 00,455,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/01/04 22:02:37 | 00,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
    [2010/01/04 20:46:06 | 00,046,080 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLMC Resume.doc
    [2010/01/04 20:13:35 | 00,047,104 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLM Resume.doc
    [2010/01/04 17:46:07 | 00,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/04 13:39:09 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$udney ssi app.docx
    [2010/01/04 13:13:31 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ads.docx
    [2010/01/04 01:16:48 | 00,001,914 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
    [2010/01/03 21:38:23 | 00,001,851 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Hotel Dash Suite Success.lnk
    [2010/01/03 17:12:43 | 00,012,111 | ---- | M] () -- C:\Users\chudneymiles\Documents\move in.docx
    [2010/01/03 17:12:25 | 00,020,314 | ---- | M] () -- C:\Users\chudneymiles\Documents\ads.docx
    [2010/01/03 17:03:19 | 00,013,028 | ---- | M] () -- C:\Users\chudneymiles\Desktop\[isoHunt] TurboTax_Home_and_Business_2009_REPACKED__AAOO_.5241162.TPB.torrent
    [2010/01/03 15:16:54 | 00,010,655 | ---- | M] () -- C:\Users\chudneymiles\Documents\email list.docx
    [2010/01/02 23:22:10 | 00,001,340 | ---- | M] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
    [2009/12/31 20:17:36 | 00,043,504 | ---- | M] () -- C:\Users\chudneymiles\Desktop\[isoHunt] The Boondocks-(Uncut)-Season 1 and 2 Season 2 (Extras)-MILLIONDOLLAMAN1.torrent
    [2009/12/31 20:15:27 | 00,000,744 | ---- | M] () -- C:\Users\chudneymiles\Desktop\µTorrent.lnk
    [2009/12/30 20:28:24 | 00,021,723 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLEANING SOLUTIONS.docx
    [2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2009/12/30 14:55:06 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
    [2009/12/29 08:08:28 | 00,006,080 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\d3d9caps.dat
    [2009/12/28 11:27:20 | 00,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2009/12/28 08:50:16 | 00,000,000 | ---- | M] () -- C:\Users\chudneymiles\Documents\Nuance Image Printer Writer Port
    [2009/12/25 22:34:02 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2009/12/22 20:27:57 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2009/12/22 20:27:57 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TM.blf
    [2009/12/19 15:35:41 | 00,015,433 | ---- | M] () -- C:\Users\chudneymiles\Documents\desmond.docx
    [2009/12/17 06:34:33 | 00,049,152 | ---- | M] () -- C:\Users\chudneymiles\Desktop\CHOICE.EXE
    [2009/12/17 05:54:23 | 00,001,879 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
    [2009/12/17 05:54:23 | 00,001,861 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
    [2009/12/17 05:08:47 | 13,218,1104 | ---- | M] (Research In Motion Ltd. ) -- C:\Users\chudneymiles\Desktop\9530AMEA_PBr5_1_.0.0_rel508_PL4.2.0.128_A5.0.0.328.exe
    [2009/12/17 04:02:53 | 00,109,819 | ---- | M] () -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1.zip
    [2009/12/16 08:32:03 | 00,024,576 | ---- | M] () -- C:\Users\chudneymiles\Documents\chudney ssi app.docx
    [2009/12/16 08:31:33 | 00,016,266 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Adult Disability and Work H...pdf
    [2009/12/16 08:18:01 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$M Resume.doc
    [2009/12/16 06:42:19 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ far as my Manic depression.docx
    [2009/12/15 10:32:42 | 00,012,096 | ---- | M] () -- C:\Users\chudneymiles\Documents\As far as my Manic depression.docx
    [1 C:\Users\chudneymiles\Documents\*.tmp files -> C:\Users\chudneymiles\Documents\*.tmp -> ]
    [1 C:\Users\chudneymiles\Desktop\*.tmp files -> C:\Users\chudneymiles\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/01/11 21:52:09 | 00,010,517 | ---- | C] () -- C:\Users\chudneymiles\Documents\Letrisha I1002.pdf
    [2010/01/11 19:30:20 | 00,008,253 | ---- | C] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1456.pdf
    [2010/01/11 19:24:10 | 00,008,737 | ---- | C] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1001.pdf
    [2010/01/11 19:17:09 | 00,008,377 | ---- | C] () -- C:\Users\chudneymiles\Desktop\Michael Lee & Bridgett Lee I1001.pdf
    [2010/01/11 17:55:30 | 00,081,920 | ---- | C] () -- C:\Users\chudneymiles\Documents\C&C HOME & CLEANING SOLUTIONS.kpd
    [2010/01/11 17:15:11 | 00,001,622 | ---- | C] () -- C:\Users\Public\Desktop\kBilling.lnk
    [2010/01/10 19:23:57 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$ychology chapter 2.docx
    [2010/01/10 19:23:56 | 00,019,299 | ---- | C] () -- C:\Users\chudneymiles\Documents\psychology chapter 2.docx
    [2010/01/10 03:22:33 | 00,001,666 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
    [2010/01/10 03:19:08 | 00,001,600 | ---- | C] () -- C:\Users\chudneymiles\Desktop\MagicISO.lnk
    [2010/01/10 02:17:57 | 00,871,408 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2010/01/10 02:14:16 | 00,000,744 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010/01/09 00:40:56 | 00,833,002 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8345.JPG
    [2010/01/09 00:40:40 | 00,847,598 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8350.JPG
    [2010/01/09 00:40:31 | 00,717,037 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8344.JPG
    [2010/01/09 00:40:20 | 00,820,746 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8348.JPG
    [2010/01/09 00:40:04 | 00,687,458 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8340.JPG
    [2010/01/08 19:26:33 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/08 19:26:33 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/08 19:26:32 | 00,065,536 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TM.blf
    [2010/01/08 18:51:32 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$psychology test.docx
    [2010/01/08 18:51:29 | 00,098,748 | ---- | C] () -- C:\Users\chudneymiles\Documents\f psychology test.docx
    [2010/01/08 16:30:14 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/08 16:30:14 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/08 16:30:14 | 00,065,536 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TM.blf
    [2010/01/08 14:46:56 | 00,068,608 | ---- | C] () -- C:\Users\chudneymiles\Documents\C & C Cleaning Solution.kpd
    [2010/01/08 14:39:35 | 00,005,024 | ---- | C] () -- C:\ProgramData\dbvvomjc.bpt
    [2010/01/08 13:38:37 | 00,000,248 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/01/08 13:26:47 | 00,001,831 | ---- | C] () -- C:\Users\chudneymiles\Desktop\kBilling.lnk
    [2010/01/06 17:39:39 | 00,000,725 | ---- | C] () -- C:\Users\chudneymiles\Desktop\NTREGOPT.lnk
    [2010/01/06 17:39:39 | 00,000,706 | ---- | C] () -- C:\Users\chudneymiles\Desktop\ERUNT.lnk
    [2010/01/06 17:27:07 | 00,001,890 | ---- | C] () -- C:\Users\chudneymiles\Desktop\HijackThis.lnk
    [2010/01/05 12:25:46 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$Doc1.docx
    [2010/01/05 12:25:45 | 03,293,062 | ---- | C] () -- C:\Users\chudneymiles\Documents\Doc1.docx
    [2010/01/05 10:02:51 | 00,000,855 | ---- | C] () -- C:\Users\chudneymiles\Desktop\SmartDraw 2010.lnk
    [2010/01/05 10:02:51 | 00,000,478 | ---- | C] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
    [2010/01/04 22:45:09 | 02,279,985 | ---- | C] () -- C:\Users\chudneymiles\Documents\chapter 7 Patricia.pdf
    [2010/01/04 22:16:23 | 02,348,725 | ---- | C] () -- C:\Users\chudneymiles\Documents\ch7volpp.pdf
    [2010/01/04 22:03:28 | 00,051,032 | R--- | C] () -- C:\Windows\SysNative\AdobePDF.dll
    [2010/01/04 22:03:28 | 00,024,416 | R--- | C] () -- C:\Windows\SysNative\AdobePDFUI.dll
    [2010/01/04 22:02:37 | 00,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
    [2010/01/04 20:13:55 | 00,046,080 | ---- | C] () -- C:\Users\chudneymiles\Documents\CLMC Resume.doc
    [2010/01/04 17:46:07 | 00,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/04 17:46:03 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/01/04 13:39:09 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$udney ssi app.docx
    [2010/01/04 13:36:02 | 00,818,176 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
    [2010/01/04 13:22:17 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
    [2010/01/04 13:22:16 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
    [2010/01/04 13:22:16 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
    [2010/01/04 13:22:16 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
    [2010/01/04 13:22:16 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
    [2010/01/04 13:22:15 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
    [2010/01/04 13:22:14 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
    [2010/01/04 13:22:14 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
    [2010/01/04 13:22:14 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
    [2010/01/04 13:22:14 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
    [2010/01/04 13:22:14 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
    [2010/01/04 13:22:14 | 00,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2010/01/04 13:22:14 | 00,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2010/01/04 13:22:14 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
    [2010/01/04 13:22:13 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
    [2010/01/04 13:22:13 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
    [2010/01/04 13:22:12 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
    [2010/01/04 13:22:11 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
    [2010/01/04 13:22:08 | 12,462,080 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
    [2010/01/04 13:22:06 | 09,237,504 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
    [2010/01/04 13:22:06 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
    [2010/01/04 13:22:06 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
    [2010/01/04 13:20:25 | 00,161,792 | ---- | C] () -- C:\Windows\SysNative\advpack.dll
    [2010/01/04 13:20:25 | 00,088,064 | ---- | C] () -- C:\Windows\SysNative\admparse.dll
    [2010/01/04 13:20:25 | 00,085,504 | ---- | C] () -- C:\Windows\SysNative\icardie.dll
    [2010/01/04 13:20:25 | 00,022,528 | ---- | C] () -- C:\Windows\SysNative\corpol.dll
    [2010/01/04 13:20:24 | 00,223,232 | ---- | C] () -- C:\Windows\SysNative\msls31.dll
    [2010/01/04 13:20:24 | 00,157,696 | ---- | C] () -- C:\Windows\SysNative\ieakeng.dll
    [2010/01/04 13:20:23 | 00,077,824 | ---- | C] () -- C:\Windows\SysNative\tdc.ocx
    [2010/01/04 13:20:22 | 00,125,952 | ---- | C] () -- C:\Windows\SysNative\inseng.dll
    [2010/01/04 13:20:22 | 00,055,808 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
    [2010/01/04 13:20:22 | 00,052,736 | ---- | C] () -- C:\Windows\SysNative\imgutil.dll
    [2010/01/04 13:20:21 | 00,481,280 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
    [2010/01/04 13:20:21 | 00,076,288 | ---- | C] () -- C:\Windows\SysNative\wextract.exe
    [2010/01/04 13:20:21 | 00,063,488 | ---- | C] () -- C:\Windows\SysNative\pngfilt.dll
    [2010/01/04 13:20:19 | 01,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
    [2010/01/04 13:20:19 | 00,508,416 | ---- | C] () -- C:\Windows\SysNative\dxtmsft.dll
    [2010/01/04 13:20:19 | 00,318,464 | ---- | C] () -- C:\Windows\SysNative\dxtrans.dll
    [2010/01/04 13:20:19 | 00,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
    [2010/01/04 13:20:18 | 00,304,640 | ---- | C] () -- C:\Windows\SysNative\webcheck.dll
    [2010/01/04 13:20:18 | 00,271,872 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
    [2010/01/04 13:20:18 | 00,241,664 | ---- | C] () -- C:\Windows\SysNative\msrating.dll
    [2010/01/04 13:20:18 | 00,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll
    [2010/01/04 13:20:17 | 00,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
    [2010/01/04 13:20:17 | 00,278,528 | ---- | C] () -- C:\Windows\SysNative\WinFXDocObj.exe
    [2010/01/04 13:20:17 | 00,131,584 | ---- | C] () -- C:\Windows\SysNative\PDMSetup.exe
    [2010/01/04 13:20:17 | 00,129,024 | ---- | C] () -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2010/01/04 13:20:17 | 00,128,512 | ---- | C] () -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2010/01/04 13:20:17 | 00,125,440 | ---- | C] () -- C:\Windows\SysNative\SetDepNx.exe
    [2010/01/04 13:20:17 | 00,041,984 | ---- | C] () -- C:\Windows\SysNative\mshta.exe
    [2010/01/04 13:20:16 | 00,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll
    [2010/01/04 13:20:16 | 00,048,128 | ---- | C] () -- C:\Windows\SysNative\mshtmler.dll
    [2010/01/04 13:20:15 | 00,479,744 | ---- | C] () -- C:\Windows\SysNative\html.iec
    [2010/01/04 13:20:14 | 03,698,584 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
    [2010/01/04 13:20:14 | 00,193,536 | ---- | C] () -- C:\Windows\SysNative\iexpress.exe
    [2010/01/04 13:13:31 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$ads.docx
    [2010/01/04 01:16:48 | 00,001,914 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
    [2010/01/03 21:38:23 | 00,001,851 | ---- | C] () -- C:\Users\chudneymiles\Desktop\Hotel Dash Suite Success.lnk
    [2010/01/03 17:12:42 | 00,012,111 | ---- | C] () -- C:\Users\chudneymiles\Documents\move in.docx
    [2010/01/03 17:03:11 | 00,013,028 | ---- | C] () -- C:\Users\chudneymiles\Desktop\[isoHunt] TurboTax_Home_and_Business_2009_REPACKED__AAOO_.5241162.TPB.torrent
    [2010/01/02 23:22:10 | 00,001,340 | ---- | C] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
    [2010/01/02 22:17:54 | 00,010,655 | ---- | C] () -- C:\Users\chudneymiles\Documents\email list.docx
    [2009/12/31 20:15:27 | 00,000,744 | ---- | C] () -- C:\Users\chudneymiles\Desktop\µTorrent.lnk
    [2009/12/31 20:14:15 | 00,043,504 | ---- | C] () -- C:\Users\chudneymiles\Desktop\[isoHunt] The Boondocks-(Uncut)-Season 1 and 2 Season 2 (Extras)-MILLIONDOLLAMAN1.torrent
    [2009/12/30 20:28:23 | 00,021,723 | ---- | C] () -- C:\Users\chudneymiles\Documents\CLEANING SOLUTIONS.docx
    [2009/12/30 18:18:02 | 00,020,314 | ---- | C] () -- C:\Users\chudneymiles\Documents\ads.docx
    [2009/12/28 10:20:42 | 00,001,740 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2009/12/24 09:30:26 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2009/12/24 09:30:26 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2009/12/24 09:30:26 | 00,065,536 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TM.blf
    [2009/12/19 15:35:39 | 00,015,433 | ---- | C] () -- C:\Users\chudneymiles\Documents\desmond.docx
    [2009/12/17 06:34:30 | 00,049,152 | ---- | C] () -- C:\Users\chudneymiles\Desktop\CHOICE.EXE
    [2009/12/17 06:05:43 | 00,002,554 | ---- | C] () -- C:\Users\chudneymiles\Desktop\JL_Cmder.lnk
    [2009/12/17 05:54:23 | 00,001,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
    [2009/12/17 05:54:22 | 00,001,861 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
    [2009/12/17 04:02:47 | 00,109,819 | ---- | C] () -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1.zip
    [2009/12/16 08:31:33 | 00,016,266 | ---- | C] () -- C:\Users\chudneymiles\Desktop\Adult Disability and Work H...pdf
    [2009/12/16 08:18:01 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$M Resume.doc
    [2009/12/16 06:42:19 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$ far as my Manic depression.docx
    [2009/12/15 10:32:41 | 00,012,096 | ---- | C] () -- C:\Users\chudneymiles\Documents\As far as my Manic depression.docx
    [2009/12/15 08:53:14 | 00,024,576 | ---- | C] () -- C:\Users\chudneymiles\Documents\chudney ssi app.docx
    [2009/12/01 19:00:07 | 00,000,000 | ---- | C] () -- C:\Windows\ResortingToDanger.INI
    [2009/11/28 02:44:21 | 00,004,096 | -H-- | C] () -- C:\Users\chudneymiles\AppData\Local\keyfile3.drm
    [2009/11/20 17:58:47 | 00,001,041 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\vso_ts_preview.xml
    [2009/11/20 17:58:14 | 00,000,034 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.log
    [2009/11/20 17:56:27 | 00,099,384 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\inst.exe
    [2009/11/20 17:56:27 | 00,007,859 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.cat
    [2009/11/20 17:56:27 | 00,001,167 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.inf
    [2009/07/20 22:02:12 | 00,712,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/07/16 12:22:40 | 00,000,768 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\wklnhst.dat
    [2009/07/11 04:57:47 | 00,000,000 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\bcrypt.html
    [2009/04/12 02:53:04 | 00,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
    [2009/04/03 21:57:37 | 00,000,068 | ---- | C] () -- C:\Windows\eyeQ Screen Saver.ini
    [2009/02/20 02:39:20 | 00,000,858 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2009/02/20 02:39:20 | 00,000,168 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2009/02/20 02:38:58 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2009/02/20 02:38:58 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2009/02/20 02:37:22 | 00,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
    [2009/02/20 02:33:59 | 00,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
    [2009/01/13 23:37:10 | 00,006,080 | ---- | C] () -- C:\Users\chudneymiles\AppData\Local\d3d9caps.dat
    [2009/01/10 22:15:25 | 00,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2009/01/10 22:15:25 | 00,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2009/01/02 04:30:20 | 00,323,584 | ---- | C] () -- C:\Windows\SysWow64\FoxImager.dll
    [2009/01/01 22:44:53 | 00,086,016 | ---- | C] () -- C:\Users\chudneymiles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/12 11:06:30 | 00,058,672 | ---- | C] () -- C:\Windows\SysWow64\ASUSACPIDLL.dll
    [2008/07/16 04:41:55 | 00,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
    [2008/07/16 04:41:55 | 00,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
    [2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2008/01/14 17:47:06 | 00,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

    ========== Custom Scans ==========



    < MD5 for: AGP440.SYS >
    [2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
    [2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2008/01/20 21:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
    [2009/04/11 02:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2006/11/02 06:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
    [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

    < MD5 for: IASTOR.SYS >
    [2008/06/06 06:56:50 | 00,382,488 | ---- | M] (Intel Corporation) MD5=170CE3F0190702EA9EFDD2DD77130EF8 -- C:\hp\drivers\Intel_RAID\iastor.sys

    < MD5 for: IASTORV.SYS >
    [2008/01/20 21:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2008/01/20 21:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
    [2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
    [2009/04/11 02:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
    [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
    [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
    [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2008/01/20 21:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
    [2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
    [2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
    [2008/01/20 21:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
    [2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
    [2009/04/11 02:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:0A051701
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\wii.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west test on halo.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west test on 2 halo.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west pass.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\welcome letter.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\verizon.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\verizon order number.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\usbank.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\usaa.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\taxcut caleb.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\sstatefarm.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\silver certificate.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shops.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shopping list.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shopper cert.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\santos.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\reciepes.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\professional[1].doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\prices.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\party saturday.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\Parent Info sheet1.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\overnight.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\old w2.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\number verzion.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\note for halo.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\no.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\nissan.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\nicole.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\new parent sheet.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\new jersey turnpike.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\NAVAL BASES.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\more research.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\mold.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\magonia.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\list.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\kriasat.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\kes.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\ir.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\info on baby.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\hsbc bank.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\hsbc bank dispute.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\HOW TO FILTER HALO.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\housing.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\house list.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\home.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\girls ssa.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\get.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\for kris.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\food list.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\fax number.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\dispute.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\diane'.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\denver housing.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\daycare1223.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\daycare.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\datcare.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\D1234370957.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\customer service.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\craigist babysit2.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\craigist babysit.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cox.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cox order number.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\Contract for Infants1.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\consumer adjustmentdispute.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\consumer adjustment.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\come in get on waitingg list camp.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\church.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\chudney pay w2.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\chris blackberry email.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\childcare6.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cheat codes.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certficsaat.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certfc.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certf.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cerf.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\care.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\camp.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb W2.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb state.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb 2008TaxReturn.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\blogg.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bin.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bedding for girls.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bed 4 girlss.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\auctions.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\altima.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\aleb.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\ALBLUMS.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afbank.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afbank dispute3 13 2009.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afb.txt:Roxio EMC Stream
    @Alternate Data Stream - 452 bytes -> C:\ProgramData\TEMP:6283A8D3
    @Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:4BBAA745
    @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:FC5A6A39
    @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:05E0618E
    @Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:82591FF7
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DA3FF453
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:904251FD
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:1CF2F47C
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:21192FCF
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:B4DCBA8B
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:9B285B76
    < End of report >

  5. #5
    Junior Member
    Join Date
    Jun 2008
    Posts
    22

    Default Extras.txt

    OTL Extras logfile created on: 1/12/2010 9:02:55 PM - Run 1
    OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\chudneymiles\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18865)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.79 Gb Total Space | 34.78 Gb Free Space | 12.13% Space Free | Partition Type: NTFS
    Drive D: | 11.30 Gb Total Space | 1.52 Gb Free Space | 13.48% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: THEMILES
    Current User Name: chudneymiles
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
    https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
    https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06B63C0D-987C-4057-B860-E5AF3BC1E2BB}" = rport=138 | protocol=17 | dir=out | app=system |
    "{128A5D24-2853-4BF2-BEFE-5C7A6C8705DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{17457B93-55CC-41D6-9EB2-54F44C4B4B47}" = rport=137 | protocol=17 | dir=out | app=system |
    "{2812F710-BDB9-4335-9602-9EF6D2BAB883}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{3A4FCADF-050C-4876-9025-411979ECBE84}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{514AA414-BC12-4763-A811-4A409E810BDF}" = lport=137 | protocol=17 | dir=in | app=system |
    "{53097EE3-62FC-4D78-8481-AB926B354BA2}" = lport=445 | protocol=6 | dir=in | app=system |
    "{773C562A-8AD7-49B3-9A51-C47D566240F9}" = rport=139 | protocol=6 | dir=out | app=system |
    "{AA401507-D36B-4ED7-98F8-A951963D3982}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
    "{AB25E0D9-46CE-4FA5-9BA1-A97A3E2663D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{B5CA378D-ADD6-4C1F-AB40-B740B887194F}" = lport=138 | protocol=17 | dir=in | app=system |
    "{B9533262-1D88-431F-8BFE-5CE6052AD748}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D07CAB81-83BF-4852-942A-BBDB2FC82902}" = rport=445 | protocol=6 | dir=out | app=system |
    "{E6BAA054-FB61-4202-A473-55DEB5958426}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05D5E93E-91E3-4D8E-8F48-D8B3A1023F9D}" = protocol=6 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{0DDFE973-AE11-43D0-812C-96C04B847E30}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{12F87AB9-907E-4796-B3E2-850DA734E29B}" = protocol=17 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{2934923D-D9F9-40B5-B13F-A9E2AE1AAD20}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
    "{2A1C50B9-44DF-4A40-A66D-CAF435F01CAB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
    "{3AA5B14F-722B-4C17-B038-AA3D76F3CFC4}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08b\faxrx.exe |
    "{3E3DD8B7-4680-48E0-A5A3-78187E5E118D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{4140CFD1-7469-41C6-B23D-E6FC4A7821B4}" = protocol=17 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{4353FD67-E1A5-4033-A23F-26313FA52E9F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    "{464CE930-2056-4522-8F06-D4FB25C17967}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{4CA4F0C3-8384-4593-A298-07782D175ABC}" = protocol=6 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{4F42C5BF-0D65-4A00-A2A3-D1D5E1CD6857}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{50C5F0CE-41FB-40C3-91CE-17155D5E42E9}" = protocol=6 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{5A95A9C0-906D-4E83-875B-77A93E7E9DEE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    "{602F4A6F-F3FB-47A6-8D8B-30899F4DE55A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{66F908E1-8A4A-4822-B217-CA49F845E5BB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    "{6814CB9B-8DBC-4CA9-9EB6-77D9B720935A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{69FC9FEF-F56A-4365-A26C-6D52FB8E92B1}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{6D7BEBA7-E0E2-4BC9-9019-092F01EB76C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{6EB93A48-3F58-4B20-BB9E-E842B07063D0}" = protocol=6 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{713F639E-06EF-4241-91BC-BBCA49D6B638}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{74213F19-F142-4DAA-8EB6-09499D9D41BE}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{7EE0D742-E1AA-43A4-9552-AC7A6F8BBFB8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{7FBCC0C2-60FF-4ABA-B01D-E0BEDCB04F3A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{A7261E29-E2E0-4681-A05F-4B0C77660D2D}" = protocol=17 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{A881025D-9D1D-4F78-A5DB-F8DF82883B3C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
    "{A92A220C-8F4D-4049-AF9D-AD9254F97C77}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{B13E3063-961F-4B51-911E-2B744BF4A9ED}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
    "{B2B3634C-CCBC-43A2-B5FC-901714A7104F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
    "{B8E7CCAC-4025-4909-B8FC-3CAEA35A1159}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
    "{BFF5E783-3D4D-4A86-823F-D53105ABF0BE}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08b\faxrx.exe |
    "{D3C54041-6B28-4079-AC57-9B86261D682C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{D7389840-7E42-4888-92A8-F96400421BFB}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{DF7DA845-4679-4DC2-94DE-A1E0B82456CF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{E1966132-8A4A-47CE-8CCC-0160E6CEAB90}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{F1E402AC-7391-417B-926C-D9BE8DC80C15}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{F69E0F58-DBAE-41A3-8ECE-344612DA570E}" = protocol=17 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{FA9B41B7-2552-41CF-AABF-5C1D18003718}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    "{FD191748-721D-4D87-BB75-C9B9BD623AF5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    "TCP Query User{4AF72490-5453-478D-B4FD-1F7A0D020390}C:\users\chudneymiles\appdata\roaming\vusbsp\vonagetalkusb.exe" = protocol=6 | dir=in | app=c:\users\chudneymiles\appdata\roaming\vusbsp\vonagetalkusb.exe |
    "TCP Query User{4E2D07DD-E1ED-4871-8219-6A33DA5421E5}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{7CF697EA-64C0-4D91-A6F4-442C87FA6850}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "TCP Query User{D48C7933-2F51-421F-95F9-891BCB321BA8}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{11C5AAEA-6160-43EF-A940-CA139C379D74}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "UDP Query User{2BE5DCA4-33FF-4CE5-9C16-09E9198F5AFF}C:\users\chudneymiles\appdata\roaming\vusbsp\vonagetalkusb.exe" = protocol=17 | dir=in | app=c:\users\chudneymiles\appdata\roaming\vusbsp\vonagetalkusb.exe |
    "UDP Query User{B6786095-4187-4823-A104-183C9CC79098}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Bluetooth by hp 6.1.0.2200
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{243579CC-CCE4-42F2-B48B-C90D15687A26}" = HP Touch Screen Configuration
    "{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom
    "{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
    "{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
    "{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
    "{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
    "{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
    "CutePDF Writer Installation" = CutePDF Writer 2.7
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
    "{13086F8B-2AA9-4488-BC9C-BB6B912A5524}" = muvee autoProducer 6.1
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
    "{28226DF6-3F3B-4BCC-9E97-FD11A461FEB4}" = Rapid Rote
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{2B4508B3-7403-44FF-8FBC-5CCD032E3635}" = MSN Toolbar Platform
    "{2C0CD17D-0B06-4700-83FA-7344B868B0A2}" = Opera 9.63
    "{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v5.0 ActiveX Control
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}" = Buttons & OSDs control application gen2
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7A3735D0-2119-40D5-971C-4FFC1E2C7695}" = HP TouchSmart Calendar
    "{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
    "{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{A98AFBC7-D5A7-46A1-8795-EABE2F55A7D6}" = Microsoft Office Live Meeting 2007
    "{ABDC7CFA-FEB4-4743-A18A-D549571F0B2A}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Media
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B33CD700-6738-11D4-87FE-0080C6F974A2}" = eyeQ
    "{B38A9B1A-DAEF-4ECC-AC7D-FDB12EAE5663}_is1" = kBilling Invoicing Software
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
    "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{D7BA6898-F0D0-4F23-898B-928530DAF061}" = HP Touch Screen Enhance Service
    "{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.5.315
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
    "{E72728C3-E9D6-4965-AFC1-73B064697F9D}" = HP TouchSmart
    "{E7A9B8E3-060D-4D02-8ED7-D629BD6404EC}" = Fisher-Price SpongeBob's Classroom
    "{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
    "{EE031CEC-748D-429A-9A5C-8C53CD193335}" = BlackBerry Device Software Updater
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
    "{F41E9A47-0119-4DB7-849C-6BE6DA948B74}" = HP TouchSmart Notes
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
    "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
    "7-Zip" = 7-Zip 4.65
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "BlackBerry_{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "Dream Day Wedding - Viva Las Vegas 1.00" = Dream Day Wedding - Viva Las Vegas 1.00
    "dvdSanta 3.45 - Create Your Own DVD Movies!_is1" = dvdSanta 3.45
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ERUNT_is1" = ERUNT 1.1j
    "HijackThis" = HijackThis 2.0.2
    "Hotel Dash - Suite Success" = Hotel Dash - Suite Success (remove only)
    "Hotel Dash Suite Success1.0" = Hotel Dash Suite Success
    "HP KEYBOARD V1.5.2_is1" = HP KEYBOARD V1.5.2
    "ImgBurn" = ImgBurn
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Media
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{E7A9B8E3-060D-4D02-8ED7-D629BD6404EC}" = Fisher-Price SpongeBob's Classroom
    "kBilling" = kBilling
    "Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MetaProducts Offline Explorer" = MetaProducts Offline Explorer
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
    "Nancy Drew Dossier-Resorting To Danger ." = Nancy Drew Dossier-Resorting To Danger .
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "PROR" = Microsoft Office Professional 2007 Trial
    "Rapid Rote" = Rapid Rote
    "ResumeMaker Professional" = ResumeMaker Professional
    "sp40348" = sp40348
    "sp41098" = sp41098
    "sp41119" = sp41119
    "sp43205" = sp43205
    "STANDARDR" = Microsoft Office Standard 2007 Trial
    "TurboTax 2009" = TurboTax 2009
    "uTorrent" = µTorrent
    "VirtualCloneDrive" = VirtualCloneDrive
    "WildTangent hp Master Uninstall" = My HP Games
    "WinRAR archiver" = WinRAR archiver
    "Xvid_is1" = Xvid 1.2.1 final uninstall
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "SmartDraw 2010" = SmartDraw 2010

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/9/2010 2:52:42 PM | Computer Name = TheMiles | Source = Application Hang | ID = 1002
    Description = The program EXCEL.EXE version 12.0.6514.5000 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1bd0 Start Time: 01ca915c73f94b14 Termination Time: 0

    Error - 1/9/2010 7:24:29 PM | Computer Name = TheMiles | Source = WinMgmt | ID = 10
    Description =

    Error - 1/10/2010 3:17:23 AM | Computer Name = TheMiles | Source = VSS | ID = 8194
    Description =

    Error - 1/10/2010 4:13:43 AM | Computer Name = TheMiles | Source = WinMgmt | ID = 10
    Description =

    Error - 1/10/2010 12:35:07 PM | Computer Name = TheMiles | Source = WinMgmt | ID = 10
    Description =

    Error - 1/11/2010 11:38:16 AM | Computer Name = TheMiles | Source = WinMgmt | ID = 10
    Description =

    Error - 1/11/2010 7:51:12 PM | Computer Name = TheMiles | Source = Application Error | ID = 1000
    Description = Faulting application kbilling.exe, version 0.0.0.0, time stamp 0x43614f7f,
    faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a783, exception
    code 0xc0000005, fault offset 0x00060267, process id 0x1404, application start time
    0x01ca9318f1e474d3.

    Error - 1/12/2010 11:35:37 AM | Computer Name = TheMiles | Source = WinMgmt | ID = 10
    Description =

    Error - 1/12/2010 7:56:06 PM | Computer Name = TheMiles | Source = WinMgmt | ID = 10
    Description =

    Error - 1/12/2010 10:01:18 PM | Computer Name = TheMiles | Source = Application Hang | ID = 1002
    Description = The program OTL.exe version 3.1.24.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Problem Reports and Solutions control panel. Process
    ID: bd4 Start Time: 01ca93f3753ec218 Termination Time: 15

    [ Media Center Events ]
    Error - 10/11/2009 11:16:17 PM | Computer Name = TheMiles | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 10/7/2009 6:38:28 PM | Computer Name = TheMiles | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 2644 seconds with 1320 seconds of active time. This session ended with a
    crash.

    Error - 11/15/2009 1:42:55 PM | Computer Name = TheMiles | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10943
    seconds with 1680 seconds of active time. This session ended with a crash.

    Error - 11/15/2009 1:49:40 PM | Computer Name = TheMiles | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 397
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 1/12/2010 7:35:34 AM | Computer Name = TheMiles | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.100.10 for the Network Card with network
    address 002215F4E132 has been denied by the DHCP server 68.87.68.13 (The DHCP Server
    sent a DHCPNACK message).

    Error - 1/12/2010 11:03:25 AM | Computer Name = TheMiles | Source = DCOM | ID = 10010
    Description =

    Error - 1/12/2010 11:03:59 AM | Computer Name = TheMiles | Source = Service Control Manager | ID = 7034
    Description =

    Error - 1/12/2010 11:04:39 AM | Computer Name = TheMiles | Source = DCOM | ID = 10010
    Description =

    Error - 1/12/2010 11:35:27 AM | Computer Name = TheMiles | Source = HTTP | ID = 15016
    Description =

    Error - 1/12/2010 11:35:38 AM | Computer Name = TheMiles | Source = Service Control Manager | ID = 7024
    Description =

    Error - 1/12/2010 4:25:48 PM | Computer Name = TheMiles | Source = Dhcp | ID = 1002
    Description = The IP address lease 24.126.234.199 for the Network Card with network
    address 002215F4E132 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 1/12/2010 4:26:15 PM | Computer Name = TheMiles | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.100.10 for the Network Card with network
    address 002215F4E132 has been denied by the DHCP server 68.87.68.13 (The DHCP Server
    sent a DHCPNACK message).

    Error - 1/12/2010 7:55:57 PM | Computer Name = TheMiles | Source = HTTP | ID = 15016
    Description =

    Error - 1/12/2010 7:56:06 PM | Computer Name = TheMiles | Source = Service Control Manager | ID = 7024
    Description =


    < End of report >

  6. #6
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent


    I'd like you to read this thread.

    Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).



    After that:

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location.
    • Please post contents of that file & fresh OTL.txt log in your next reply.
    Microsoft Windows Insider MVP 2016-2019
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Junior Member
    Join Date
    Jun 2008
    Posts
    22

    Default Malwarebytes

    Malwarebytes' Anti-Malware 1.44
    Database version: 3557
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.18865

    1/13/2010 10:35:41 PM
    mbam-log-2010-01-13 (22-35-41).txt

    Scan type: Quick Scan
    Objects scanned: 112516
    Time elapsed: 6 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\chudneymiles\AppData\Local\Temp\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.

  8. #8
    Junior Member
    Join Date
    Jun 2008
    Posts
    22

    Default otl 2nd

    OTL logfile created on: 1/13/2010 10:39:57 PM - Run 2
    OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\chudneymiles\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18865)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.79 Gb Total Space | 33.70 Gb Free Space | 11.75% Space Free | Partition Type: NTFS
    Drive D: | 11.30 Gb Total Space | 1.52 Gb Free Space | 13.48% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: THEMILES
    Current User Name: chudneymiles
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\chudneymiles\Downloads\OTL(2).exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    PRC - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe (Microsoft Corp.)
    PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
    PRC - C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
    PRC - C:\Windows\SysWOW64\OSDForm.exe ()
    PRC - C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
    PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
    PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    PRC - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    PRC - C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\chudneymiles\Downloads\OTL(2).exe (OldTimer Tools)
    MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll ()
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (iPod Service) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
    SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
    SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
    SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (HP Touch Screen Enhance) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
    SRV - (HP Health Check Service) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
    SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
    SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
    SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (WLSetupSvc) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
    SRV - (usnjsvc) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
    SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 00,000,000 | ---D | M]
    SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
    SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
    SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
    DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys ()
    DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys ()
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
    DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys ()
    DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys ()
    DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\DRIVERS\rcmirror.sys ()
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
    DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys ()
    DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys ()
    DRV:64bit: - (ACPIService) -- C:\Windows\SysNative\DRIVERS\OSDACPI.SYS ()
    DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys ()
    DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys ()
    DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys ()
    DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
    DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys ()
    DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
    DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
    DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys ()
    DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys ()
    DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys ()
    DRV:64bit: - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\DRIVERS\bthpan.sys ()
    DRV:64bit: - (winusb) -- C:\Windows\SysNative\DRIVERS\winusb.sys ()
    DRV:64bit: - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys ()
    DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
    DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
    DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
    DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys ()
    DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys ()
    DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
    DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
    DRV - (winusb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
    DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
    DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ssfire&pf=cndt
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q="


    FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\Firefox [2009/12/01 16:40:24 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/12/01 16:40:27 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/06 11:31:35 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/06 11:31:35 | 00,000,000 | ---D | M]

    [2009/03/05 23:55:09 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Extensions
    [2009/03/05 23:55:09 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2010/01/13 21:16:06 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions
    [2009/07/28 21:01:31 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/12/31 11:34:46 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/01/04 02:44:15 | 00,002,186 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\searchplugins\bing.xml
    [2010/01/13 21:16:06 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

    O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
    O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
    O4:64bit: - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
    O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [Buttons & OSDs control application gen2] C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [FPCCSMiddleware] C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
    O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [HP KEYBOARD] C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
    O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [HPSmartCenterBoot] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe (Hewlett-Packard)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Cus...ataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} http://www.shockwave.com/content/dia...eb.1.0.0.4.cab (CPlayFirstDiaperDashControl Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.na.blackberry.com/html/w...s/TOImport.cab (TeamOn Import Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\chp.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\chp.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{191203ef-79a1-11de-ba2d-0021867c1f84}\Shell - "" = AutoRun
    O33 - MountPoints2\{191203ef-79a1-11de-ba2d-0021867c1f84}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{1a66da45-6205-11de-abac-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{1a66da45-6205-11de-abac-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{91d4cfa4-c090-11de-9797-0021867c1f84}\Shell - "" = AutoRun
    O33 - MountPoints2\{91d4cfa4-c090-11de-9797-0021867c1f84}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
    O33 - MountPoints2\{b160490a-4b14-11de-b049-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{b160490a-4b14-11de-b049-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{caa6ed2f-3742-11de-923c-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{caa6ed2f-3742-11de-923c-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    64bit: O35 - comfile [open] -- "%1" %* File not found
    64bit: O35 - exefile [open] -- "%1" %* File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/01/13 01:11:41 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
    [2010/01/13 01:11:41 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
    [2010/01/11 18:55:01 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\kBilling Company File Backup
    [2010/01/11 17:15:12 | 00,581,632 | ---- | C] (Christian Werner Software & Consulting) -- C:\Windows\SysWow64\sqlite3odbc.dll
    [2010/01/11 17:15:07 | 00,000,000 | ---D | C] -- C:\ProgramData\kBilling
    [2010/01/10 03:22:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
    [2010/01/10 03:01:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
    [2010/01/08 14:39:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\kBilling
    [2010/01/08 14:36:44 | 00,000,000 | ---D | C] -- C:\1d46e260dcf7a5394c623ba6e768
    [2010/01/06 17:39:55 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/01/06 17:39:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2010/01/06 17:27:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2010/01/06 16:33:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2010/01/06 16:33:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2010/01/05 10:13:28 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\carmiles
    [2010/01/05 10:13:16 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\New Folder (2)
    [2010/01/05 10:02:54 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\SmartDraw
    [2010/01/05 10:02:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SmartDraw 2010
    [2010/01/04 22:04:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
    [2010/01/04 21:23:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
    [2010/01/04 17:46:10 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\Malwarebytes
    [2010/01/04 17:46:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/01/04 17:46:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/01/04 17:46:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/01/04 13:36:02 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2010/01/04 13:22:16 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2010/01/04 13:22:16 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2010/01/04 13:22:16 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
    [2010/01/04 13:22:15 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
    [2010/01/04 13:22:15 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
    [2010/01/04 13:22:14 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
    [2010/01/04 13:22:14 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2010/01/04 13:22:14 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2010/01/04 13:22:13 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
    [2010/01/04 13:22:13 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2010/01/04 13:22:12 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
    [2010/01/04 13:22:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2010/01/04 13:22:11 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2010/01/04 13:22:06 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2010/01/04 13:22:06 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2010/01/04 13:20:25 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
    [2010/01/04 13:20:25 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
    [2010/01/04 13:20:24 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
    [2010/01/04 13:20:24 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2010/01/04 13:20:24 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll
    [2010/01/04 13:20:23 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2010/01/04 13:20:21 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2010/01/04 13:20:21 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
    [2010/01/04 13:20:21 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2010/01/04 13:20:21 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2010/01/04 13:20:19 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
    [2010/01/04 13:20:19 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
    [2010/01/04 13:20:19 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
    [2010/01/04 13:20:19 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
    [2010/01/04 13:20:18 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
    [2010/01/04 13:20:18 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2010/01/04 13:20:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
    [2010/01/04 13:20:18 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2010/01/04 13:20:18 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2010/01/04 13:20:18 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2010/01/04 13:20:17 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
    [2010/01/04 13:20:17 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe
    [2010/01/04 13:20:16 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2010/01/04 13:20:16 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2010/01/04 13:20:15 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2010/01/04 13:20:15 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2010/01/04 13:20:14 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2010/01/04 13:20:14 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe
    [2010/01/04 13:20:14 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2010/01/04 13:20:14 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2010/01/04 13:20:14 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
    [2010/01/04 01:22:48 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\TurboTax
    [2010/01/04 01:19:54 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\Intuit
    [2010/01/04 01:19:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
    [2010/01/04 01:14:08 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Local\IsolatedStorage
    [2010/01/04 01:14:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Intuit
    [2010/01/04 01:14:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
    [2010/01/04 01:12:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
    [2010/01/03 21:38:15 | 00,000,000 | ---D | C] -- C:\Windows\Hotel Dash Suite Success
    [2010/01/03 21:38:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hotel Dash Suite Success
    [2010/01/02 23:22:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo! Games
    [2009/12/17 05:10:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
    [2009/12/17 04:27:33 | 13,218,1104 | ---- | C] (Research In Motion Ltd. ) -- C:\Users\chudneymiles\Desktop\9530AMEA_PBr5_1_.0.0_rel508_PL4.2.0.128_A5.0.0.328.exe
    [2009/12/17 04:13:17 | 00,000,000 | ---D | C] -- C:\Program Files\JL_Cmder
    [2009/12/17 04:04:01 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1
    [2009/12/17 04:03:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\JL_Cmder
    [2009/11/20 17:56:27 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.sys
    [1 C:\Users\chudneymiles\Documents\*.tmp files -> C:\Users\chudneymiles\Documents\*.tmp -> ]
    [1 C:\Users\chudneymiles\Desktop\*.tmp files -> C:\Users\chudneymiles\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/01/13 22:39:47 | 05,505,024 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat
    [2010/01/13 22:36:22 | 00,760,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/01/13 22:36:22 | 00,645,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/01/13 22:36:22 | 00,119,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/01/13 22:25:58 | 00,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
    [2010/01/13 22:25:54 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/01/13 22:25:54 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/01/13 21:30:44 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{083DAF79-A533-47B8-8521-868AF2AE6BD5}.job
    [2010/01/13 21:27:47 | 00,000,478 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
    [2010/01/13 21:24:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/01/13 21:24:35 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/01/13 21:23:32 | 00,004,775 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2010/01/13 21:23:31 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/13 21:23:31 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TM.blf
    [2010/01/13 21:23:30 | 03,240,832 | -H-- | M] () -- C:\Users\chudneymiles\AppData\Local\IconCache.db
    [2010/01/13 02:41:32 | 00,010,532 | ---- | M] () -- C:\Users\chudneymiles\Documents\My goals are not as complex as most.docx
    [2010/01/12 22:11:31 | 00,081,920 | ---- | M] () -- C:\Users\chudneymiles\Documents\C&C HOME & CLEANING SOLUTIONS.kpd
    [2010/01/12 22:05:20 | 00,008,485 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1456.pdf
    [2010/01/12 21:49:01 | 00,000,248 | ---- | M] () -- C:\Windows\ODBC.INI
    [2010/01/12 18:02:22 | 00,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/01/11 22:02:39 | 00,010,517 | ---- | M] () -- C:\Users\chudneymiles\Documents\Letrisha I1002.pdf
    [2010/01/11 21:37:59 | 00,019,299 | ---- | M] () -- C:\Users\chudneymiles\Documents\psychology chapter 2.docx
    [2010/01/11 20:06:27 | 00,086,016 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/11 19:28:33 | 00,008,737 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1001.pdf
    [2010/01/11 19:17:10 | 00,008,377 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Michael Lee & Bridgett Lee I1001.pdf
    [2010/01/11 17:15:12 | 00,000,191 | ---- | M] () -- C:\Windows\ODBCINST.INI
    [2010/01/11 17:15:11 | 00,001,622 | ---- | M] () -- C:\Users\Public\Desktop\kBilling.lnk
    [2010/01/10 19:23:57 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ychology chapter 2.docx
    [2010/01/10 03:22:33 | 00,001,666 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
    [2010/01/10 03:19:08 | 00,001,600 | ---- | M] () -- C:\Users\chudneymiles\Desktop\MagicISO.lnk
    [2010/01/10 02:17:58 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2010/01/10 02:14:16 | 00,000,744 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010/01/09 00:41:22 | 00,833,002 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8345.JPG
    [2010/01/09 00:41:08 | 00,847,598 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8350.JPG
    [2010/01/09 00:40:57 | 00,717,037 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8344.JPG
    [2010/01/09 00:40:38 | 00,820,746 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8348.JPG
    [2010/01/09 00:40:19 | 00,687,458 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8340.JPG
    [2010/01/08 22:59:29 | 00,001,831 | ---- | M] () -- C:\Users\chudneymiles\Desktop\kBilling.lnk
    [2010/01/08 21:37:59 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/08 19:18:26 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/08 19:18:26 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TM.blf
    [2010/01/08 19:18:17 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/08 18:51:32 | 00,098,748 | ---- | M] () -- C:\Users\chudneymiles\Documents\f psychology test.docx
    [2010/01/08 18:51:32 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$psychology test.docx
    [2010/01/08 15:40:04 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/08 15:40:04 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TM.blf
    [2010/01/08 15:26:32 | 00,068,608 | ---- | M] () -- C:\Users\chudneymiles\Documents\C & C Cleaning Solution.kpd
    [2010/01/08 14:39:35 | 00,005,024 | ---- | M] () -- C:\ProgramData\dbvvomjc.bpt
    [2010/01/07 22:16:05 | 00,001,041 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\vso_ts_preview.xml
    [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/01/07 16:07:06 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/01/07 01:09:56 | 00,000,768 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\wklnhst.dat
    [2010/01/06 17:39:39 | 00,000,725 | ---- | M] () -- C:\Users\chudneymiles\Desktop\NTREGOPT.lnk
    [2010/01/06 17:39:39 | 00,000,706 | ---- | M] () -- C:\Users\chudneymiles\Desktop\ERUNT.lnk
    [2010/01/06 17:27:07 | 00,001,890 | ---- | M] () -- C:\Users\chudneymiles\Desktop\HijackThis.lnk
    [2010/01/05 12:25:46 | 03,293,062 | ---- | M] () -- C:\Users\chudneymiles\Documents\Doc1.docx
    [2010/01/05 12:25:46 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$Doc1.docx
    [2010/01/05 10:02:51 | 00,000,855 | ---- | M] () -- C:\Users\chudneymiles\Desktop\SmartDraw 2010.lnk
    [2010/01/04 22:45:11 | 02,279,985 | ---- | M] () -- C:\Users\chudneymiles\Documents\chapter 7 Patricia.pdf
    [2010/01/04 22:44:48 | 02,348,725 | ---- | M] () -- C:\Users\chudneymiles\Documents\ch7volpp.pdf
    [2010/01/04 22:13:29 | 00,125,048 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/01/04 22:11:21 | 00,455,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/01/04 22:02:37 | 00,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
    [2010/01/04 20:46:06 | 00,046,080 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLMC Resume.doc
    [2010/01/04 20:13:35 | 00,047,104 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLM Resume.doc
    [2010/01/04 17:46:07 | 00,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/04 13:39:09 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$udney ssi app.docx
    [2010/01/04 13:13:31 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ads.docx
    [2010/01/04 01:16:48 | 00,001,914 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
    [2010/01/03 21:38:23 | 00,001,851 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Hotel Dash Suite Success.lnk
    [2010/01/03 17:12:43 | 00,012,111 | ---- | M] () -- C:\Users\chudneymiles\Documents\move in.docx
    [2010/01/03 17:12:25 | 00,020,314 | ---- | M] () -- C:\Users\chudneymiles\Documents\ads.docx
    [2010/01/03 17:03:19 | 00,013,028 | ---- | M] () -- C:\Users\chudneymiles\Desktop\[isoHunt] TurboTax_Home_and_Business_2009_REPACKED__AAOO_.5241162.TPB.torrent
    [2010/01/03 15:16:54 | 00,010,655 | ---- | M] () -- C:\Users\chudneymiles\Documents\email list.docx
    [2010/01/02 23:22:10 | 00,001,340 | ---- | M] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
    [2009/12/31 20:17:36 | 00,043,504 | ---- | M] () -- C:\Users\chudneymiles\Desktop\[isoHunt] The Boondocks-(Uncut)-Season 1 and 2 Season 2 (Extras)-MILLIONDOLLAMAN1.torrent
    [2009/12/31 20:15:27 | 00,000,744 | ---- | M] () -- C:\Users\chudneymiles\Desktop\µTorrent.lnk
    [2009/12/30 20:28:24 | 00,021,723 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLEANING SOLUTIONS.docx
    [2009/12/29 08:08:28 | 00,006,080 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\d3d9caps.dat
    [2009/12/28 11:27:20 | 00,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2009/12/28 08:50:16 | 00,000,000 | ---- | M] () -- C:\Users\chudneymiles\Documents\Nuance Image Printer Writer Port
    [2009/12/25 22:34:02 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2009/12/22 20:27:57 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2009/12/22 20:27:57 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TM.blf
    [2009/12/19 15:35:41 | 00,015,433 | ---- | M] () -- C:\Users\chudneymiles\Documents\desmond.docx
    [2009/12/17 06:34:33 | 00,049,152 | ---- | M] () -- C:\Users\chudneymiles\Desktop\CHOICE.EXE
    [2009/12/17 05:54:23 | 00,001,879 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
    [2009/12/17 05:54:23 | 00,001,861 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
    [2009/12/17 05:08:47 | 13,218,1104 | ---- | M] (Research In Motion Ltd. ) -- C:\Users\chudneymiles\Desktop\9530AMEA_PBr5_1_.0.0_rel508_PL4.2.0.128_A5.0.0.328.exe
    [2009/12/17 04:02:53 | 00,109,819 | ---- | M] () -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1.zip
    [2009/12/16 08:32:03 | 00,024,576 | ---- | M] () -- C:\Users\chudneymiles\Documents\chudney ssi app.docx
    [2009/12/16 08:31:33 | 00,016,266 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Adult Disability and Work H...pdf
    [2009/12/16 08:18:01 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$M Resume.doc
    [2009/12/16 06:42:19 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ far as my Manic depression.docx
    [2009/12/15 10:32:42 | 00,012,096 | ---- | M] () -- C:\Users\chudneymiles\Documents\As far as my Manic depression.docx
    [1 C:\Users\chudneymiles\Documents\*.tmp files -> C:\Users\chudneymiles\Documents\*.tmp -> ]
    [1 C:\Users\chudneymiles\Desktop\*.tmp files -> C:\Users\chudneymiles\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

  9. #9
    Junior Member
    Join Date
    Jun 2008
    Posts
    22

    Default otl 2nd ( Part 2)

    [2010/01/13 02:41:31 | 00,010,532 | ---- | C] () -- C:\Users\chudneymiles\Documents\My goals are not as complex as most.docx
    [2010/01/13 01:11:41 | 00,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
    [2010/01/13 01:11:41 | 00,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
    [2010/01/11 21:52:09 | 00,010,517 | ---- | C] () -- C:\Users\chudneymiles\Documents\Letrisha I1002.pdf
    [2010/01/11 19:30:20 | 00,008,485 | ---- | C] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1456.pdf
    [2010/01/11 19:24:10 | 00,008,737 | ---- | C] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1001.pdf
    [2010/01/11 19:17:09 | 00,008,377 | ---- | C] () -- C:\Users\chudneymiles\Desktop\Michael Lee & Bridgett Lee I1001.pdf
    [2010/01/11 17:55:30 | 00,081,920 | ---- | C] () -- C:\Users\chudneymiles\Documents\C&C HOME & CLEANING SOLUTIONS.kpd
    [2010/01/11 17:15:11 | 00,001,622 | ---- | C] () -- C:\Users\Public\Desktop\kBilling.lnk
    [2010/01/10 19:23:57 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$ychology chapter 2.docx
    [2010/01/10 19:23:56 | 00,019,299 | ---- | C] () -- C:\Users\chudneymiles\Documents\psychology chapter 2.docx
    [2010/01/10 03:22:33 | 00,001,666 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
    [2010/01/10 03:19:08 | 00,001,600 | ---- | C] () -- C:\Users\chudneymiles\Desktop\MagicISO.lnk
    [2010/01/10 02:17:57 | 00,871,408 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2010/01/10 02:14:16 | 00,000,744 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010/01/09 00:40:56 | 00,833,002 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8345.JPG
    [2010/01/09 00:40:40 | 00,847,598 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8350.JPG
    [2010/01/09 00:40:31 | 00,717,037 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8344.JPG
    [2010/01/09 00:40:20 | 00,820,746 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8348.JPG
    [2010/01/09 00:40:04 | 00,687,458 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8340.JPG
    [2010/01/08 19:26:33 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/08 19:26:33 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/08 19:26:32 | 00,065,536 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TM.blf
    [2010/01/08 18:51:32 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$psychology test.docx
    [2010/01/08 18:51:29 | 00,098,748 | ---- | C] () -- C:\Users\chudneymiles\Documents\f psychology test.docx
    [2010/01/08 16:30:14 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/08 16:30:14 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/08 16:30:14 | 00,065,536 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TM.blf
    [2010/01/08 14:46:56 | 00,068,608 | ---- | C] () -- C:\Users\chudneymiles\Documents\C & C Cleaning Solution.kpd
    [2010/01/08 14:39:35 | 00,005,024 | ---- | C] () -- C:\ProgramData\dbvvomjc.bpt
    [2010/01/08 13:38:37 | 00,000,248 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/01/08 13:26:47 | 00,001,831 | ---- | C] () -- C:\Users\chudneymiles\Desktop\kBilling.lnk
    [2010/01/06 17:39:39 | 00,000,725 | ---- | C] () -- C:\Users\chudneymiles\Desktop\NTREGOPT.lnk
    [2010/01/06 17:39:39 | 00,000,706 | ---- | C] () -- C:\Users\chudneymiles\Desktop\ERUNT.lnk
    [2010/01/06 17:27:07 | 00,001,890 | ---- | C] () -- C:\Users\chudneymiles\Desktop\HijackThis.lnk
    [2010/01/05 12:25:46 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$Doc1.docx
    [2010/01/05 12:25:45 | 03,293,062 | ---- | C] () -- C:\Users\chudneymiles\Documents\Doc1.docx
    [2010/01/05 10:02:51 | 00,000,855 | ---- | C] () -- C:\Users\chudneymiles\Desktop\SmartDraw 2010.lnk
    [2010/01/05 10:02:51 | 00,000,478 | ---- | C] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
    [2010/01/04 22:45:09 | 02,279,985 | ---- | C] () -- C:\Users\chudneymiles\Documents\chapter 7 Patricia.pdf
    [2010/01/04 22:16:23 | 02,348,725 | ---- | C] () -- C:\Users\chudneymiles\Documents\ch7volpp.pdf
    [2010/01/04 22:03:28 | 00,051,032 | R--- | C] () -- C:\Windows\SysNative\AdobePDF.dll
    [2010/01/04 22:03:28 | 00,024,416 | R--- | C] () -- C:\Windows\SysNative\AdobePDFUI.dll
    [2010/01/04 22:02:37 | 00,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
    [2010/01/04 20:13:55 | 00,046,080 | ---- | C] () -- C:\Users\chudneymiles\Documents\CLMC Resume.doc
    [2010/01/04 17:46:07 | 00,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/04 17:46:03 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/01/04 13:39:09 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$udney ssi app.docx
    [2010/01/04 13:36:02 | 00,818,176 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
    [2010/01/04 13:22:17 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
    [2010/01/04 13:22:16 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
    [2010/01/04 13:22:16 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
    [2010/01/04 13:22:16 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
    [2010/01/04 13:22:16 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
    [2010/01/04 13:22:15 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
    [2010/01/04 13:22:14 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
    [2010/01/04 13:22:14 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
    [2010/01/04 13:22:14 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
    [2010/01/04 13:22:14 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
    [2010/01/04 13:22:14 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
    [2010/01/04 13:22:14 | 00,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2010/01/04 13:22:14 | 00,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2010/01/04 13:22:14 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
    [2010/01/04 13:22:13 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
    [2010/01/04 13:22:13 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
    [2010/01/04 13:22:12 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
    [2010/01/04 13:22:11 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
    [2010/01/04 13:22:08 | 12,462,080 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
    [2010/01/04 13:22:06 | 09,237,504 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
    [2010/01/04 13:22:06 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
    [2010/01/04 13:22:06 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
    [2010/01/04 13:20:25 | 00,161,792 | ---- | C] () -- C:\Windows\SysNative\advpack.dll
    [2010/01/04 13:20:25 | 00,088,064 | ---- | C] () -- C:\Windows\SysNative\admparse.dll
    [2010/01/04 13:20:25 | 00,085,504 | ---- | C] () -- C:\Windows\SysNative\icardie.dll
    [2010/01/04 13:20:25 | 00,022,528 | ---- | C] () -- C:\Windows\SysNative\corpol.dll
    [2010/01/04 13:20:24 | 00,223,232 | ---- | C] () -- C:\Windows\SysNative\msls31.dll
    [2010/01/04 13:20:24 | 00,157,696 | ---- | C] () -- C:\Windows\SysNative\ieakeng.dll
    [2010/01/04 13:20:23 | 00,077,824 | ---- | C] () -- C:\Windows\SysNative\tdc.ocx
    [2010/01/04 13:20:22 | 00,125,952 | ---- | C] () -- C:\Windows\SysNative\inseng.dll
    [2010/01/04 13:20:22 | 00,055,808 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
    [2010/01/04 13:20:22 | 00,052,736 | ---- | C] () -- C:\Windows\SysNative\imgutil.dll
    [2010/01/04 13:20:21 | 00,481,280 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
    [2010/01/04 13:20:21 | 00,076,288 | ---- | C] () -- C:\Windows\SysNative\wextract.exe
    [2010/01/04 13:20:21 | 00,063,488 | ---- | C] () -- C:\Windows\SysNative\pngfilt.dll
    [2010/01/04 13:20:19 | 01,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
    [2010/01/04 13:20:19 | 00,508,416 | ---- | C] () -- C:\Windows\SysNative\dxtmsft.dll
    [2010/01/04 13:20:19 | 00,318,464 | ---- | C] () -- C:\Windows\SysNative\dxtrans.dll
    [2010/01/04 13:20:19 | 00,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
    [2010/01/04 13:20:18 | 00,304,640 | ---- | C] () -- C:\Windows\SysNative\webcheck.dll
    [2010/01/04 13:20:18 | 00,271,872 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
    [2010/01/04 13:20:18 | 00,241,664 | ---- | C] () -- C:\Windows\SysNative\msrating.dll
    [2010/01/04 13:20:18 | 00,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll
    [2010/01/04 13:20:17 | 00,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
    [2010/01/04 13:20:17 | 00,278,528 | ---- | C] () -- C:\Windows\SysNative\WinFXDocObj.exe
    [2010/01/04 13:20:17 | 00,131,584 | ---- | C] () -- C:\Windows\SysNative\PDMSetup.exe
    [2010/01/04 13:20:17 | 00,129,024 | ---- | C] () -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2010/01/04 13:20:17 | 00,128,512 | ---- | C] () -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2010/01/04 13:20:17 | 00,125,440 | ---- | C] () -- C:\Windows\SysNative\SetDepNx.exe
    [2010/01/04 13:20:17 | 00,041,984 | ---- | C] () -- C:\Windows\SysNative\mshta.exe
    [2010/01/04 13:20:16 | 00,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll
    [2010/01/04 13:20:16 | 00,048,128 | ---- | C] () -- C:\Windows\SysNative\mshtmler.dll
    [2010/01/04 13:20:15 | 00,479,744 | ---- | C] () -- C:\Windows\SysNative\html.iec
    [2010/01/04 13:20:14 | 03,698,584 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
    [2010/01/04 13:20:14 | 00,193,536 | ---- | C] () -- C:\Windows\SysNative\iexpress.exe
    [2010/01/04 13:13:31 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$ads.docx
    [2010/01/04 01:16:48 | 00,001,914 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
    [2010/01/03 21:38:23 | 00,001,851 | ---- | C] () -- C:\Users\chudneymiles\Desktop\Hotel Dash Suite Success.lnk
    [2010/01/03 17:12:42 | 00,012,111 | ---- | C] () -- C:\Users\chudneymiles\Documents\move in.docx
    [2010/01/03 17:03:11 | 00,013,028 | ---- | C] () -- C:\Users\chudneymiles\Desktop\[isoHunt] TurboTax_Home_and_Business_2009_REPACKED__AAOO_.5241162.TPB.torrent
    [2010/01/02 23:22:10 | 00,001,340 | ---- | C] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
    [2010/01/02 22:17:54 | 00,010,655 | ---- | C] () -- C:\Users\chudneymiles\Documents\email list.docx
    [2009/12/31 20:15:27 | 00,000,744 | ---- | C] () -- C:\Users\chudneymiles\Desktop\µTorrent.lnk
    [2009/12/31 20:14:15 | 00,043,504 | ---- | C] () -- C:\Users\chudneymiles\Desktop\[isoHunt] The Boondocks-(Uncut)-Season 1 and 2 Season 2 (Extras)-MILLIONDOLLAMAN1.torrent
    [2009/12/30 20:28:23 | 00,021,723 | ---- | C] () -- C:\Users\chudneymiles\Documents\CLEANING SOLUTIONS.docx
    [2009/12/30 18:18:02 | 00,020,314 | ---- | C] () -- C:\Users\chudneymiles\Documents\ads.docx
    [2009/12/28 10:20:42 | 00,001,740 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2009/12/24 09:30:26 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2009/12/24 09:30:26 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2009/12/24 09:30:26 | 00,065,536 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TM.blf
    [2009/12/19 15:35:39 | 00,015,433 | ---- | C] () -- C:\Users\chudneymiles\Documents\desmond.docx
    [2009/12/17 06:34:30 | 00,049,152 | ---- | C] () -- C:\Users\chudneymiles\Desktop\CHOICE.EXE
    [2009/12/17 06:05:43 | 00,002,554 | ---- | C] () -- C:\Users\chudneymiles\Desktop\JL_Cmder.lnk
    [2009/12/17 05:54:23 | 00,001,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
    [2009/12/17 05:54:22 | 00,001,861 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
    [2009/12/17 04:02:47 | 00,109,819 | ---- | C] () -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1.zip
    [2009/12/16 08:31:33 | 00,016,266 | ---- | C] () -- C:\Users\chudneymiles\Desktop\Adult Disability and Work H...pdf
    [2009/12/16 08:18:01 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$M Resume.doc
    [2009/12/16 06:42:19 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$ far as my Manic depression.docx
    [2009/12/15 10:32:41 | 00,012,096 | ---- | C] () -- C:\Users\chudneymiles\Documents\As far as my Manic depression.docx
    [2009/12/15 08:53:14 | 00,024,576 | ---- | C] () -- C:\Users\chudneymiles\Documents\chudney ssi app.docx
    [2009/12/01 19:00:07 | 00,000,000 | ---- | C] () -- C:\Windows\ResortingToDanger.INI
    [2009/11/28 02:44:21 | 00,004,096 | -H-- | C] () -- C:\Users\chudneymiles\AppData\Local\keyfile3.drm
    [2009/11/20 17:58:47 | 00,001,041 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\vso_ts_preview.xml
    [2009/11/20 17:58:14 | 00,000,034 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.log
    [2009/11/20 17:56:27 | 00,099,384 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\inst.exe
    [2009/11/20 17:56:27 | 00,007,859 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.cat
    [2009/11/20 17:56:27 | 00,001,167 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.inf
    [2009/07/20 22:02:12 | 00,712,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/07/16 12:22:40 | 00,000,768 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\wklnhst.dat
    [2009/07/11 04:57:47 | 00,000,000 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\bcrypt.html
    [2009/04/12 02:53:04 | 00,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
    [2009/04/03 21:57:37 | 00,000,068 | ---- | C] () -- C:\Windows\eyeQ Screen Saver.ini
    [2009/02/20 02:39:20 | 00,000,858 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2009/02/20 02:39:20 | 00,000,168 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2009/02/20 02:38:58 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2009/02/20 02:38:58 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2009/02/20 02:37:22 | 00,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
    [2009/02/20 02:33:59 | 00,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
    [2009/01/13 23:37:10 | 00,006,080 | ---- | C] () -- C:\Users\chudneymiles\AppData\Local\d3d9caps.dat
    [2009/01/10 22:15:25 | 00,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2009/01/10 22:15:25 | 00,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2009/01/02 04:30:20 | 00,323,584 | ---- | C] () -- C:\Windows\SysWow64\FoxImager.dll
    [2009/01/01 22:44:53 | 00,086,016 | ---- | C] () -- C:\Users\chudneymiles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/12 11:06:30 | 00,058,672 | ---- | C] () -- C:\Windows\SysWow64\ASUSACPIDLL.dll
    [2008/07/16 04:41:55 | 00,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
    [2008/07/16 04:41:55 | 00,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
    [2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2008/01/14 17:47:06 | 00,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

    ========== Custom Scans ==========



    < MD5 for: AGP440.SYS >
    [2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
    [2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2008/01/20 21:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
    [2009/04/11 02:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2006/11/02 06:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
    [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

    < MD5 for: IASTOR.SYS >
    [2008/06/06 06:56:50 | 00,382,488 | ---- | M] (Intel Corporation) MD5=170CE3F0190702EA9EFDD2DD77130EF8 -- C:\hp\drivers\Intel_RAID\iastor.sys

    < MD5 for: IASTORV.SYS >
    [2008/01/20 21:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2008/01/20 21:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
    [2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
    [2009/04/11 02:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
    [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
    [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
    [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2008/01/20 21:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
    [2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
    [2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
    [2008/01/20 21:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
    [2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
    [2009/04/11 02:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:0A051701
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\wii.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west test on halo.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west test on 2 halo.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west pass.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\welcome letter.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\verizon.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\verizon order number.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\usbank.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\usaa.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\taxcut caleb.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\sstatefarm.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\silver certificate.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shops.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shopping list.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shopper cert.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\santos.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\reciepes.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\professional[1].doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\prices.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\party saturday.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\Parent Info sheet1.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\overnight.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\old w2.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\number verzion.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\note for halo.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\no.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\nissan.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\nicole.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\new parent sheet.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\new jersey turnpike.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\NAVAL BASES.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\more research.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\mold.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\magonia.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\list.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\kriasat.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\kes.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\ir.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\info on baby.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\hsbc bank.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\hsbc bank dispute.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\HOW TO FILTER HALO.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\housing.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\house list.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\home.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\girls ssa.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\get.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\for kris.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\food list.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\fax number.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\dispute.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\diane'.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\denver housing.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\daycare1223.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\daycare.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\datcare.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\D1234370957.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\customer service.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\craigist babysit2.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\craigist babysit.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cox.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cox order number.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\Contract for Infants1.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\consumer adjustmentdispute.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\consumer adjustment.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\come in get on waitingg list camp.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\church.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\chudney pay w2.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\chris blackberry email.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\childcare6.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cheat codes.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certficsaat.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certfc.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certf.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cerf.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\care.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\camp.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb W2.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb state.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb 2008TaxReturn.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\blogg.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bin.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bedding for girls.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bed 4 girlss.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\auctions.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\altima.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\aleb.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\ALBLUMS.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afbank.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afbank dispute3 13 2009.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afb.txt:Roxio EMC Stream
    @Alternate Data Stream - 452 bytes -> C:\ProgramData\TEMP:6283A8D3
    @Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:4BBAA745
    @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:FC5A6A39
    @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:05E0618E
    @Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:82591FF7
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DA3FF453
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:904251FD
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:1CF2F47C
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:21192FCF
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:B4DCBA8B
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:9B285B76
    < End of report >
    [2010/01/13 22:36:22 | 00,760,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/01/13 22:36:22 | 00,645,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/01/13 22:36:22 | 00,119,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/01/13 03:12:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mail
    [2010/01/08 19:25:34 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
    [2010/01/08 19:25:34 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2010/01/08 19:20:50 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\Microsoft Shared
    [2010/01/04 17:35:35 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2009/12/17 04:13:17 | 00,000,000 | ---D | M] -- C:\Program Files\JL_Cmder

    ========== Files - Modified Within 30 Days ==========

    [2010/01/13 22:39:47 | 05,505,024 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat
    [2010/01/13 22:36:22 | 00,760,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/01/13 22:36:22 | 00,645,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/01/13 22:36:22 | 00,119,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/01/13 22:25:58 | 00,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
    [2010/01/13 22:25:54 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/01/13 22:25:54 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/01/13 21:30:44 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{083DAF79-A533-47B8-8521-868AF2AE6BD5}.job
    [2010/01/13 21:27:47 | 00,000,478 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
    [2010/01/13 21:24:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/01/13 21:24:35 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/01/13 21:23:32 | 00,004,775 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2010/01/13 21:23:31 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/13 21:23:31 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TM.blf
    [2010/01/13 21:23:30 | 03,240,832 | -H-- | M] () -- C:\Users\chudneymiles\AppData\Local\IconCache.db
    [2010/01/13 02:41:32 | 00,010,532 | ---- | M] () -- C:\Users\chudneymiles\Documents\My goals are not as complex as most.docx
    [2010/01/12 22:11:31 | 00,081,920 | ---- | M] () -- C:\Users\chudneymiles\Documents\C&C HOME & CLEANING SOLUTIONS.kpd
    [2010/01/12 22:05:20 | 00,008,485 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1456.pdf
    [2010/01/12 21:49:01 | 00,000,248 | ---- | M] () -- C:\Windows\ODBC.INI
    [2010/01/12 18:02:22 | 00,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/01/11 22:02:39 | 00,010,517 | ---- | M] () -- C:\Users\chudneymiles\Documents\Letrisha I1002.pdf
    [2010/01/11 21:37:59 | 00,019,299 | ---- | M] () -- C:\Users\chudneymiles\Documents\psychology chapter 2.docx
    [2010/01/11 20:06:27 | 00,086,016 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/11 19:28:33 | 00,008,737 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1001.pdf
    [2010/01/11 19:17:10 | 00,008,377 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Michael Lee & Bridgett Lee I1001.pdf
    [2010/01/11 17:15:12 | 00,000,191 | ---- | M] () -- C:\Windows\ODBCINST.INI
    [2010/01/11 17:15:11 | 00,001,622 | ---- | M] () -- C:\Users\Public\Desktop\kBilling.lnk
    [2010/01/10 19:23:57 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ychology chapter 2.docx
    [2010/01/10 03:22:33 | 00,001,666 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
    [2010/01/10 03:19:08 | 00,001,600 | ---- | M] () -- C:\Users\chudneymiles\Desktop\MagicISO.lnk
    [2010/01/10 02:17:58 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2010/01/10 02:14:16 | 00,000,744 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010/01/09 00:41:22 | 00,833,002 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8345.JPG
    [2010/01/09 00:41:08 | 00,847,598 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8350.JPG
    [2010/01/09 00:40:57 | 00,717,037 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8344.JPG
    [2010/01/09 00:40:38 | 00,820,746 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8348.JPG
    [2010/01/09 00:40:19 | 00,687,458 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8340.JPG
    [2010/01/08 22:59:29 | 00,001,831 | ---- | M] () -- C:\Users\chudneymiles\Desktop\kBilling.lnk
    [2010/01/08 21:37:59 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/08 19:18:26 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/08 19:18:26 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TM.blf
    [2010/01/08 19:18:17 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/08 18:51:32 | 00,098,748 | ---- | M] () -- C:\Users\chudneymiles\Documents\f psychology test.docx
    [2010/01/08 18:51:32 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$psychology test.docx
    [2010/01/08 15:40:04 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/08 15:40:04 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TM.blf
    [2010/01/08 15:26:32 | 00,068,608 | ---- | M] () -- C:\Users\chudneymiles\Documents\C & C Cleaning Solution.kpd
    [2010/01/08 14:39:35 | 00,005,024 | ---- | M] () -- C:\ProgramData\dbvvomjc.bpt
    [2010/01/07 22:16:05 | 00,001,041 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\vso_ts_preview.xml
    [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/01/07 16:07:06 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/01/07 01:09:56 | 00,000,768 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\wklnhst.dat
    [2010/01/06 17:39:39 | 00,000,725 | ---- | M] () -- C:\Users\chudneymiles\Desktop\NTREGOPT.lnk
    [2010/01/06 17:39:39 | 00,000,706 | ---- | M] () -- C:\Users\chudneymiles\Desktop\ERUNT.lnk
    [2010/01/06 17:27:07 | 00,001,890 | ---- | M] () -- C:\Users\chudneymiles\Desktop\HijackThis.lnk
    [2010/01/05 12:25:46 | 03,293,062 | ---- | M] () -- C:\Users\chudneymiles\Documents\Doc1.docx
    [2010/01/05 12:25:46 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$Doc1.docx
    [2010/01/05 10:02:51 | 00,000,855 | ---- | M] () -- C:\Users\chudneymiles\Desktop\SmartDraw 2010.lnk
    [2010/01/04 22:45:11 | 02,279,985 | ---- | M] () -- C:\Users\chudneymiles\Documents\chapter 7 Patricia.pdf
    [2010/01/04 22:44:48 | 02,348,725 | ---- | M] () -- C:\Users\chudneymiles\Documents\ch7volpp.pdf
    [2010/01/04 22:13:29 | 00,125,048 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/01/04 22:11:21 | 00,455,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/01/04 22:02:37 | 00,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
    [2010/01/04 20:46:06 | 00,046,080 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLMC Resume.doc
    [2010/01/04 20:13:35 | 00,047,104 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLM Resume.doc
    [2010/01/04 17:46:07 | 00,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/04 13:39:09 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$udney ssi app.docx
    [2010/01/04 13:13:31 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ads.docx
    [2010/01/04 01:16:48 | 00,001,914 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
    [2010/01/03 21:38:23 | 00,001,851 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Hotel Dash Suite Success.lnk
    [2010/01/03 17:12:43 | 00,012,111 | ---- | M] () -- C:\Users\chudneymiles\Documents\move in.docx
    [2010/01/03 17:12:25 | 00,020,314 | ---- | M] () -- C:\Users\chudneymiles\Documents\ads.docx
    [2010/01/03 17:03:19 | 00,013,028 | ---- | M] () -- C:\Users\chudneymiles\Desktop\[isoHunt] TurboTax_Home_and_Business_2009_REPACKED__AAOO_.5241162.TPB.torrent
    [2010/01/03 15:16:54 | 00,010,655 | ---- | M] () -- C:\Users\chudneymiles\Documents\email list.docx
    [2010/01/02 23:22:10 | 00,001,340 | ---- | M] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
    [2009/12/31 20:17:36 | 00,043,504 | ---- | M] () -- C:\Users\chudneymiles\Desktop\[isoHunt] The Boondocks-(Uncut)-Season 1 and 2 Season 2 (Extras)-MILLIONDOLLAMAN1.torrent
    [2009/12/31 20:15:27 | 00,000,744 | ---- | M] () -- C:\Users\chudneymiles\Desktop\µTorrent.lnk
    [2009/12/30 20:28:24 | 00,021,723 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLEANING SOLUTIONS.docx
    [2009/12/29 08:08:28 | 00,006,080 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\d3d9caps.dat
    [2009/12/28 11:27:20 | 00,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2009/12/28 08:50:16 | 00,000,000 | ---- | M] () -- C:\Users\chudneymiles\Documents\Nuance Image Printer Writer Port
    [2009/12/25 22:34:02 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
    [2009/12/22 20:27:57 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
    [2009/12/22 20:27:57 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TM.blf
    [2009/12/19 15:35:41 | 00,015,433 | ---- | M] () -- C:\Users\chudneymiles\Documents\desmond.docx
    [2009/12/17 06:34:33 | 00,049,152 | ---- | M] () -- C:\Users\chudneymiles\Desktop\CHOICE.EXE
    [2009/12/17 05:54:23 | 00,001,879 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
    [2009/12/17 05:54:23 | 00,001,861 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
    [2009/12/17 05:08:47 | 13,218,1104 | ---- | M] (Research In Motion Ltd. ) -- C:\Users\chudneymiles\Desktop\9530AMEA_PBr5_1_.0.0_rel508_PL4.2.0.128_A5.0.0.328.exe
    [2009/12/17 04:02:53 | 00,109,819 | ---- | M] () -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1.zip
    [2009/12/16 08:32:03 | 00,024,576 | ---- | M] () -- C:\Users\chudneymiles\Documents\chudney ssi app.docx
    [2009/12/16 08:31:33 | 00,016,266 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Adult Disability and Work H...pdf
    [2009/12/16 08:18:01 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$M Resume.doc
    [2009/12/16 06:42:19 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ far as my Manic depression.docx
    [2009/12/15 10:32:42 | 00,012,096 | ---- | M] () -- C:\Users\chudneymiles\Documents\As far as my Manic depression.docx
    [1 C:\Users\chudneymiles\Documents\*.tmp files -> C:\Users\chudneymiles\Documents\*.tmp -> ]
    [1 C:\Users\chudneymiles\Desktop\*.tmp files -> C:\Users\chudneymiles\Desktop\*.tmp -> ]

    ========== Custom Scans ==========



    < MD5 for: AGP440.SYS >
    [2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
    [2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2008/01/20 21:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
    [2009/04/11 02:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2006/11/02 06:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
    [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

    < MD5 for: IASTOR.SYS >
    [2008/06/06 06:56:50 | 00,382,488 | ---- | M] (Intel Corporation) MD5=170CE3F0190702EA9EFDD2DD77130EF8 -- C:\hp\drivers\Intel_RAID\iastor.sys

    < MD5 for: IASTORV.SYS >
    [2008/01/20 21:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2008/01/20 21:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
    [2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
    [2009/04/11 02:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
    [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
    [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
    [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2008/01/20 21:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
    [2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
    [2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
    [2008/01/20 21:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
    [2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
    [2009/04/11 02:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:0A051701
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\wii.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west test on halo.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west test on 2 halo.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west pass.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\welcome letter.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\verizon.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\verizon order number.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\usbank.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\usaa.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\taxcut caleb.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\sstatefarm.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\silver certificate.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shops.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shopping list.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shopper cert.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\santos.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\reciepes.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\professional[1].doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\prices.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\party saturday.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\Parent Info sheet1.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\overnight.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\old w2.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\number verzion.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\note for halo.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\no.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\nissan.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\nicole.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\new parent sheet.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\new jersey turnpike.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\NAVAL BASES.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\more research.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\mold.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\magonia.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\list.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\kriasat.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\kes.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\ir.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\info on baby.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\hsbc bank.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\hsbc bank dispute.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\HOW TO FILTER HALO.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\housing.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\house list.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\home.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\girls ssa.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\get.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\for kris.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\food list.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\fax number.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\dispute.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\diane'.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\denver housing.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\daycare1223.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\daycare.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\datcare.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\D1234370957.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\customer service.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\craigist babysit2.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\craigist babysit.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cox.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cox order number.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\Contract for Infants1.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\consumer adjustmentdispute.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\consumer adjustment.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\come in get on waitingg list camp.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\church.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\chudney pay w2.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\chris blackberry email.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\childcare6.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cheat codes.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certficsaat.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certfc.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certf.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cerf.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\care.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\camp.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb W2.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb state.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb 2008TaxReturn.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\blogg.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bin.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bedding for girls.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bed 4 girlss.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\auctions.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\altima.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\aleb.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\ALBLUMS.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afbank.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afbank dispute3 13 2009.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afb.txt:Roxio EMC Stream
    @Alternate Data Stream - 452 bytes -> C:\ProgramData\TEMP:6283A8D3
    @Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:4BBAA745
    @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:FC5A6A39
    @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:05E0618E
    @Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:82591FF7
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DA3FF453
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:904251FD
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:1CF2F47C
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:21192FCF
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:B4DCBA8B
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:9B285B76

    < End of report >

  10. #10
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    Uninstall old Adobe Reader versions and get the latest one (9.3) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

    Uninstall your current Adobe shockwave player and get the fresh one here if needed.

    Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 17.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.




    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


    Post back its report.
    Microsoft Windows Insider MVP 2016-2019
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •