PDA

View Full Version : Internet Explorer Being HIJACKED (virumonde?)....



chudneymiles
2010-01-07, 01:12
Only in internet explorer (not firefox) if I go to a website like yahoo.com and click a click it take me to some strange website. I can't click any link.
Please Help! School has started and I despairing need it fix.

Thank you in advance. Here are the Logs for from Hi-jack this and Spybot log as well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:39 PM, on 1/6/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\SysWOW64\OSDFORM.exe
C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~2\ACROSO~1\CUTEPD~1\cpwsave.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [HP KEYBOARD] "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
O4 - HKLM\..\Run: [Buttons & OSDs control application gen2] "C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [FPCCSMiddleware] "C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\Windows\system32\notepad.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPSmartCenterBoot] _C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
O4 - HKCU\..\Run: [notepad] rundll32.exe C:\Users\ARTIST~1\ntload.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} (CPlayFirstDiaperDashControl Object) - http://www.shockwave.com/content/diaperdash/sis/DiaperDashWeb.1.0.0.4.cab
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} (TeamOn Import Object) - https://bis.na.blackberry.com/html/web/client_tools/TOImport.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Touch Screen Enhance - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14628 bytes

Blade81
2010-01-12, 18:52
Hi,


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

chudneymiles
2010-01-13, 04:27
OTL logfile created on: 1/12/2010 9:02:55 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\chudneymiles\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.79 Gb Total Space | 34.78 Gb Free Space | 12.13% Space Free | Partition Type: NTFS
Drive D: | 11.30 Gb Total Space | 1.52 Gb Free Space | 13.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEMILES
Current User Name: chudneymiles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\chudneymiles\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
PRC - C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
PRC - C:\Windows\SysWOW64\OSDForm.exe ()
PRC - C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\chudneymiles\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\wininet.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\notepad.dll (Microsoft)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\lz32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (iPod Service) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HP Touch Screen Enhance) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
SRV - (HP Health Check Service) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 00,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys ()
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys ()
DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\DRIVERS\rcmirror.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys ()
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys ()
DRV:64bit: - (ACPIService) -- C:\Windows\SysNative\DRIVERS\OSDACPI.SYS ()
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys ()
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys ()
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys ()
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys ()
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys ()
DRV:64bit: - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\DRIVERS\bthpan.sys ()
DRV:64bit: - (winusb) -- C:\Windows\SysNative\DRIVERS\winusb.sys ()
DRV:64bit: - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys ()
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys ()
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
DRV - (winusb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\Firefox [2009/12/01 16:40:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/12/01 16:40:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/06 11:31:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/06 11:31:35 | 00,000,000 | ---D | M]

[2009/03/05 23:55:09 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Extensions
[2009/03/05 23:55:09 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/12 19:11:13 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions
[2009/07/28 21:01:31 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/31 11:34:46 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/01/04 02:44:15 | 00,002,186 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\searchplugins\bing.xml
[2010/01/12 19:11:13 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Buttons & OSDs control application gen2] C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FPCCSMiddleware] C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP KEYBOARD] C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [notepad] C:\Windows\SysWow64\notepad.DLL (Microsoft)
O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [HPSmartCenterBoot] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe (Hewlett-Packard)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [notepad] C:\Users\chudneymiles\ntload.dll ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} http://www.shockwave.com/content/diaperdash/sis/DiaperDashWeb.1.0.0.4.cab (CPlayFirstDiaperDashControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.na.blackberry.com/html/web/client_tools/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\chp.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\chp.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{191203ef-79a1-11de-ba2d-0021867c1f84}\Shell - "" = AutoRun
O33 - MountPoints2\{191203ef-79a1-11de-ba2d-0021867c1f84}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1a66da45-6205-11de-abac-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{1a66da45-6205-11de-abac-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{91d4cfa4-c090-11de-9797-0021867c1f84}\Shell - "" = AutoRun
O33 - MountPoints2\{91d4cfa4-c090-11de-9797-0021867c1f84}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
O33 - MountPoints2\{b160490a-4b14-11de-b049-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{b160490a-4b14-11de-b049-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{caa6ed2f-3742-11de-923c-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{caa6ed2f-3742-11de-923c-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/11 18:55:01 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\kBilling Company File Backup
[2010/01/11 17:15:12 | 00,581,632 | ---- | C] (Christian Werner Software & Consulting) -- C:\Windows\SysWow64\sqlite3odbc.dll
[2010/01/11 17:15:07 | 00,000,000 | ---D | C] -- C:\ProgramData\kBilling
[2010/01/10 03:22:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2010/01/10 03:01:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/01/08 14:39:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\kBilling
[2010/01/08 14:36:44 | 00,000,000 | ---D | C] -- C:\1d46e260dcf7a5394c623ba6e768
[2010/01/06 17:39:55 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/06 17:39:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/01/06 17:27:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/01/06 16:33:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/06 16:33:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/01/05 10:13:28 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\carmiles
[2010/01/05 10:13:16 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\New Folder (2)
[2010/01/05 10:02:54 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\SmartDraw
[2010/01/05 10:02:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SmartDraw 2010
[2010/01/04 22:04:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/01/04 21:23:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/01/04 17:46:10 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\Malwarebytes
[2010/01/04 17:46:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/04 17:46:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/01/04 17:46:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/04 13:36:02 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/01/04 13:22:16 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/01/04 13:22:16 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/01/04 13:22:16 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/01/04 13:22:15 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/01/04 13:22:15 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/01/04 13:22:14 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/01/04 13:22:14 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/01/04 13:22:14 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/01/04 13:22:13 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/01/04 13:22:13 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/01/04 13:22:12 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/01/04 13:22:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/01/04 13:22:11 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/01/04 13:22:06 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/01/04 13:22:06 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/01/04 13:20:25 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2010/01/04 13:20:25 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2010/01/04 13:20:24 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2010/01/04 13:20:24 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2010/01/04 13:20:24 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll
[2010/01/04 13:20:23 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2010/01/04 13:20:21 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/01/04 13:20:21 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2010/01/04 13:20:21 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2010/01/04 13:20:21 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2010/01/04 13:20:19 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/01/04 13:20:19 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2010/01/04 13:20:19 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2010/01/04 13:20:19 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2010/01/04 13:20:18 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/01/04 13:20:18 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2010/01/04 13:20:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2010/01/04 13:20:18 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2010/01/04 13:20:18 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/01/04 13:20:18 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/01/04 13:20:17 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/01/04 13:20:17 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe
[2010/01/04 13:20:16 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2010/01/04 13:20:16 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2010/01/04 13:20:15 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/01/04 13:20:15 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2010/01/04 13:20:14 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010/01/04 13:20:14 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe
[2010/01/04 13:20:14 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2010/01/04 13:20:14 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2010/01/04 13:20:14 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
[2010/01/04 01:22:48 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\TurboTax
[2010/01/04 01:19:54 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\Intuit
[2010/01/04 01:19:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2010/01/04 01:14:08 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Local\IsolatedStorage
[2010/01/04 01:14:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2010/01/04 01:14:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2010/01/04 01:12:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
[2010/01/03 21:38:15 | 00,000,000 | ---D | C] -- C:\Windows\Hotel Dash Suite Success
[2010/01/03 21:38:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hotel Dash Suite Success
[2010/01/02 23:22:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo! Games
[2009/12/17 05:10:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2009/12/17 04:27:33 | 13,218,1104 | ---- | C] (Research In Motion Ltd. ) -- C:\Users\chudneymiles\Desktop\9530AMEA_PBr5_1_.0.0_rel508_PL4.2.0.128_A5.0.0.328.exe
[2009/12/17 04:13:17 | 00,000,000 | ---D | C] -- C:\Program Files\JL_Cmder
[2009/12/17 04:04:01 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1
[2009/12/17 04:03:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\JL_Cmder
[2009/11/20 17:56:27 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.sys
[1 C:\Users\chudneymiles\Documents\*.tmp files -> C:\Users\chudneymiles\Documents\*.tmp -> ]
[1 C:\Users\chudneymiles\Desktop\*.tmp files -> C:\Users\chudneymiles\Desktop\*.tmp -> ]

chudneymiles
2010-01-13, 04:28
========== Files - Modified Within 30 Days ==========

[2010/01/12 21:00:37 | 05,505,024 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat
[2010/01/12 20:55:55 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/12 20:55:55 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/12 19:24:48 | 00,645,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/12 19:24:47 | 00,760,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/12 19:24:47 | 00,119,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/12 19:03:11 | 00,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2010/01/12 19:00:51 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{083DAF79-A533-47B8-8521-868AF2AE6BD5}.job
[2010/01/12 18:59:39 | 00,000,478 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/01/12 18:55:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/12 18:55:52 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/12 18:04:46 | 00,004,775 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/12 18:02:22 | 00,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/12 10:04:26 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/12 10:04:26 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TM.blf
[2010/01/12 10:02:38 | 03,241,330 | -H-- | M] () -- C:\Users\chudneymiles\AppData\Local\IconCache.db
[2010/01/11 22:48:07 | 00,081,920 | ---- | M] () -- C:\Users\chudneymiles\Documents\C&C HOME & CLEANING SOLUTIONS.kpd
[2010/01/11 22:02:39 | 00,010,517 | ---- | M] () -- C:\Users\chudneymiles\Documents\Letrisha I1002.pdf
[2010/01/11 21:37:59 | 00,019,299 | ---- | M] () -- C:\Users\chudneymiles\Documents\psychology chapter 2.docx
[2010/01/11 20:06:27 | 00,086,016 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/11 19:33:51 | 00,000,248 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/01/11 19:31:14 | 00,008,253 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1456.pdf
[2010/01/11 19:28:33 | 00,008,737 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1001.pdf
[2010/01/11 19:17:10 | 00,008,377 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Michael Lee & Bridgett Lee I1001.pdf
[2010/01/11 17:15:12 | 00,000,191 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2010/01/11 17:15:11 | 00,001,622 | ---- | M] () -- C:\Users\Public\Desktop\kBilling.lnk
[2010/01/10 19:23:57 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ychology chapter 2.docx
[2010/01/10 03:22:33 | 00,001,666 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/01/10 03:19:08 | 00,001,600 | ---- | M] () -- C:\Users\chudneymiles\Desktop\MagicISO.lnk
[2010/01/10 02:17:58 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/01/10 02:14:16 | 00,000,744 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/01/09 00:41:22 | 00,833,002 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8345.JPG
[2010/01/09 00:41:08 | 00,847,598 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8350.JPG
[2010/01/09 00:40:57 | 00,717,037 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8344.JPG
[2010/01/09 00:40:38 | 00,820,746 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8348.JPG
[2010/01/09 00:40:19 | 00,687,458 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8340.JPG
[2010/01/08 22:59:29 | 00,001,831 | ---- | M] () -- C:\Users\chudneymiles\Desktop\kBilling.lnk
[2010/01/08 21:37:59 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 19:18:26 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 19:18:26 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TM.blf
[2010/01/08 19:18:17 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 18:51:32 | 00,098,748 | ---- | M] () -- C:\Users\chudneymiles\Documents\f psychology test.docx
[2010/01/08 18:51:32 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$psychology test.docx
[2010/01/08 15:40:04 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 15:40:04 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TM.blf
[2010/01/08 15:26:32 | 00,068,608 | ---- | M] () -- C:\Users\chudneymiles\Documents\C & C Cleaning Solution.kpd
[2010/01/08 14:39:35 | 00,005,024 | ---- | M] () -- C:\ProgramData\dbvvomjc.bpt
[2010/01/07 22:16:05 | 00,001,041 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\vso_ts_preview.xml
[2010/01/07 01:09:56 | 00,000,768 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\wklnhst.dat
[2010/01/06 17:39:39 | 00,000,725 | ---- | M] () -- C:\Users\chudneymiles\Desktop\NTREGOPT.lnk
[2010/01/06 17:39:39 | 00,000,706 | ---- | M] () -- C:\Users\chudneymiles\Desktop\ERUNT.lnk
[2010/01/06 17:27:07 | 00,001,890 | ---- | M] () -- C:\Users\chudneymiles\Desktop\HijackThis.lnk
[2010/01/05 12:25:46 | 03,293,062 | ---- | M] () -- C:\Users\chudneymiles\Documents\Doc1.docx
[2010/01/05 12:25:46 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$Doc1.docx
[2010/01/05 10:02:51 | 00,000,855 | ---- | M] () -- C:\Users\chudneymiles\Desktop\SmartDraw 2010.lnk
[2010/01/04 22:45:11 | 02,279,985 | ---- | M] () -- C:\Users\chudneymiles\Documents\chapter 7 Patricia.pdf
[2010/01/04 22:44:48 | 02,348,725 | ---- | M] () -- C:\Users\chudneymiles\Documents\ch7volpp.pdf
[2010/01/04 22:13:29 | 00,125,048 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/04 22:11:21 | 00,455,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/04 22:02:37 | 00,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2010/01/04 20:46:06 | 00,046,080 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLMC Resume.doc
[2010/01/04 20:13:35 | 00,047,104 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLM Resume.doc
[2010/01/04 17:46:07 | 00,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/04 13:39:09 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$udney ssi app.docx
[2010/01/04 13:13:31 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ads.docx
[2010/01/04 01:16:48 | 00,001,914 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/01/03 21:38:23 | 00,001,851 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Hotel Dash Suite Success.lnk
[2010/01/03 17:12:43 | 00,012,111 | ---- | M] () -- C:\Users\chudneymiles\Documents\move in.docx
[2010/01/03 17:12:25 | 00,020,314 | ---- | M] () -- C:\Users\chudneymiles\Documents\ads.docx
[2010/01/03 17:03:19 | 00,013,028 | ---- | M] () -- C:\Users\chudneymiles\Desktop\[isoHunt] TurboTax_Home_and_Business_2009_REPACKED__AAOO_.5241162.TPB.torrent
[2010/01/03 15:16:54 | 00,010,655 | ---- | M] () -- C:\Users\chudneymiles\Documents\email list.docx
[2010/01/02 23:22:10 | 00,001,340 | ---- | M] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
[2009/12/31 20:17:36 | 00,043,504 | ---- | M] () -- C:\Users\chudneymiles\Desktop\[isoHunt] The Boondocks-(Uncut)-Season 1 and 2 Season 2 (Extras)-MILLIONDOLLAMAN1.torrent
[2009/12/31 20:15:27 | 00,000,744 | ---- | M] () -- C:\Users\chudneymiles\Desktop\µTorrent.lnk
[2009/12/30 20:28:24 | 00,021,723 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLEANING SOLUTIONS.docx
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/30 14:55:06 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/29 08:08:28 | 00,006,080 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\d3d9caps.dat
[2009/12/28 11:27:20 | 00,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/28 08:50:16 | 00,000,000 | ---- | M] () -- C:\Users\chudneymiles\Documents\Nuance Image Printer Writer Port
[2009/12/25 22:34:02 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 20:27:57 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 20:27:57 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TM.blf
[2009/12/19 15:35:41 | 00,015,433 | ---- | M] () -- C:\Users\chudneymiles\Documents\desmond.docx
[2009/12/17 06:34:33 | 00,049,152 | ---- | M] () -- C:\Users\chudneymiles\Desktop\CHOICE.EXE
[2009/12/17 05:54:23 | 00,001,879 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
[2009/12/17 05:54:23 | 00,001,861 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2009/12/17 05:08:47 | 13,218,1104 | ---- | M] (Research In Motion Ltd. ) -- C:\Users\chudneymiles\Desktop\9530AMEA_PBr5_1_.0.0_rel508_PL4.2.0.128_A5.0.0.328.exe
[2009/12/17 04:02:53 | 00,109,819 | ---- | M] () -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1.zip
[2009/12/16 08:32:03 | 00,024,576 | ---- | M] () -- C:\Users\chudneymiles\Documents\chudney ssi app.docx
[2009/12/16 08:31:33 | 00,016,266 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Adult Disability and Work H...pdf
[2009/12/16 08:18:01 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$M Resume.doc
[2009/12/16 06:42:19 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ far as my Manic depression.docx
[2009/12/15 10:32:42 | 00,012,096 | ---- | M] () -- C:\Users\chudneymiles\Documents\As far as my Manic depression.docx
[1 C:\Users\chudneymiles\Documents\*.tmp files -> C:\Users\chudneymiles\Documents\*.tmp -> ]
[1 C:\Users\chudneymiles\Desktop\*.tmp files -> C:\Users\chudneymiles\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/11 21:52:09 | 00,010,517 | ---- | C] () -- C:\Users\chudneymiles\Documents\Letrisha I1002.pdf
[2010/01/11 19:30:20 | 00,008,253 | ---- | C] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1456.pdf
[2010/01/11 19:24:10 | 00,008,737 | ---- | C] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1001.pdf
[2010/01/11 19:17:09 | 00,008,377 | ---- | C] () -- C:\Users\chudneymiles\Desktop\Michael Lee & Bridgett Lee I1001.pdf
[2010/01/11 17:55:30 | 00,081,920 | ---- | C] () -- C:\Users\chudneymiles\Documents\C&C HOME & CLEANING SOLUTIONS.kpd
[2010/01/11 17:15:11 | 00,001,622 | ---- | C] () -- C:\Users\Public\Desktop\kBilling.lnk
[2010/01/10 19:23:57 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$ychology chapter 2.docx
[2010/01/10 19:23:56 | 00,019,299 | ---- | C] () -- C:\Users\chudneymiles\Documents\psychology chapter 2.docx
[2010/01/10 03:22:33 | 00,001,666 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/01/10 03:19:08 | 00,001,600 | ---- | C] () -- C:\Users\chudneymiles\Desktop\MagicISO.lnk
[2010/01/10 02:17:57 | 00,871,408 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/01/10 02:14:16 | 00,000,744 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/01/09 00:40:56 | 00,833,002 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8345.JPG
[2010/01/09 00:40:40 | 00,847,598 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8350.JPG
[2010/01/09 00:40:31 | 00,717,037 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8344.JPG
[2010/01/09 00:40:20 | 00,820,746 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8348.JPG
[2010/01/09 00:40:04 | 00,687,458 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8340.JPG
[2010/01/08 19:26:33 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 19:26:33 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 19:26:32 | 00,065,536 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TM.blf
[2010/01/08 18:51:32 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$psychology test.docx
[2010/01/08 18:51:29 | 00,098,748 | ---- | C] () -- C:\Users\chudneymiles\Documents\f psychology test.docx
[2010/01/08 16:30:14 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 16:30:14 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 16:30:14 | 00,065,536 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TM.blf
[2010/01/08 14:46:56 | 00,068,608 | ---- | C] () -- C:\Users\chudneymiles\Documents\C & C Cleaning Solution.kpd
[2010/01/08 14:39:35 | 00,005,024 | ---- | C] () -- C:\ProgramData\dbvvomjc.bpt
[2010/01/08 13:38:37 | 00,000,248 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/08 13:26:47 | 00,001,831 | ---- | C] () -- C:\Users\chudneymiles\Desktop\kBilling.lnk
[2010/01/06 17:39:39 | 00,000,725 | ---- | C] () -- C:\Users\chudneymiles\Desktop\NTREGOPT.lnk
[2010/01/06 17:39:39 | 00,000,706 | ---- | C] () -- C:\Users\chudneymiles\Desktop\ERUNT.lnk
[2010/01/06 17:27:07 | 00,001,890 | ---- | C] () -- C:\Users\chudneymiles\Desktop\HijackThis.lnk
[2010/01/05 12:25:46 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$Doc1.docx
[2010/01/05 12:25:45 | 03,293,062 | ---- | C] () -- C:\Users\chudneymiles\Documents\Doc1.docx
[2010/01/05 10:02:51 | 00,000,855 | ---- | C] () -- C:\Users\chudneymiles\Desktop\SmartDraw 2010.lnk
[2010/01/05 10:02:51 | 00,000,478 | ---- | C] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/01/04 22:45:09 | 02,279,985 | ---- | C] () -- C:\Users\chudneymiles\Documents\chapter 7 Patricia.pdf
[2010/01/04 22:16:23 | 02,348,725 | ---- | C] () -- C:\Users\chudneymiles\Documents\ch7volpp.pdf
[2010/01/04 22:03:28 | 00,051,032 | R--- | C] () -- C:\Windows\SysNative\AdobePDF.dll
[2010/01/04 22:03:28 | 00,024,416 | R--- | C] () -- C:\Windows\SysNative\AdobePDFUI.dll
[2010/01/04 22:02:37 | 00,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2010/01/04 20:13:55 | 00,046,080 | ---- | C] () -- C:\Users\chudneymiles\Documents\CLMC Resume.doc
[2010/01/04 17:46:07 | 00,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/04 17:46:03 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/04 13:39:09 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$udney ssi app.docx
[2010/01/04 13:36:02 | 00,818,176 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/01/04 13:22:17 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/01/04 13:22:16 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/01/04 13:22:16 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/01/04 13:22:16 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/01/04 13:22:16 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/01/04 13:22:15 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/01/04 13:22:14 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/01/04 13:22:14 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/01/04 13:22:14 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/01/04 13:22:14 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/01/04 13:22:14 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/01/04 13:22:14 | 00,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/01/04 13:22:14 | 00,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/01/04 13:22:14 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/01/04 13:22:13 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/01/04 13:22:13 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/01/04 13:22:12 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/01/04 13:22:11 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/01/04 13:22:08 | 12,462,080 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/01/04 13:22:06 | 09,237,504 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/01/04 13:22:06 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/01/04 13:22:06 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/01/04 13:20:25 | 00,161,792 | ---- | C] () -- C:\Windows\SysNative\advpack.dll
[2010/01/04 13:20:25 | 00,088,064 | ---- | C] () -- C:\Windows\SysNative\admparse.dll
[2010/01/04 13:20:25 | 00,085,504 | ---- | C] () -- C:\Windows\SysNative\icardie.dll
[2010/01/04 13:20:25 | 00,022,528 | ---- | C] () -- C:\Windows\SysNative\corpol.dll
[2010/01/04 13:20:24 | 00,223,232 | ---- | C] () -- C:\Windows\SysNative\msls31.dll
[2010/01/04 13:20:24 | 00,157,696 | ---- | C] () -- C:\Windows\SysNative\ieakeng.dll
[2010/01/04 13:20:23 | 00,077,824 | ---- | C] () -- C:\Windows\SysNative\tdc.ocx
[2010/01/04 13:20:22 | 00,125,952 | ---- | C] () -- C:\Windows\SysNative\inseng.dll
[2010/01/04 13:20:22 | 00,055,808 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2010/01/04 13:20:22 | 00,052,736 | ---- | C] () -- C:\Windows\SysNative\imgutil.dll
[2010/01/04 13:20:21 | 00,481,280 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/01/04 13:20:21 | 00,076,288 | ---- | C] () -- C:\Windows\SysNative\wextract.exe
[2010/01/04 13:20:21 | 00,063,488 | ---- | C] () -- C:\Windows\SysNative\pngfilt.dll
[2010/01/04 13:20:19 | 01,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/01/04 13:20:19 | 00,508,416 | ---- | C] () -- C:\Windows\SysNative\dxtmsft.dll
[2010/01/04 13:20:19 | 00,318,464 | ---- | C] () -- C:\Windows\SysNative\dxtrans.dll
[2010/01/04 13:20:19 | 00,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/01/04 13:20:18 | 00,304,640 | ---- | C] () -- C:\Windows\SysNative\webcheck.dll
[2010/01/04 13:20:18 | 00,271,872 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/01/04 13:20:18 | 00,241,664 | ---- | C] () -- C:\Windows\SysNative\msrating.dll
[2010/01/04 13:20:18 | 00,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll
[2010/01/04 13:20:17 | 00,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/01/04 13:20:17 | 00,278,528 | ---- | C] () -- C:\Windows\SysNative\WinFXDocObj.exe
[2010/01/04 13:20:17 | 00,131,584 | ---- | C] () -- C:\Windows\SysNative\PDMSetup.exe
[2010/01/04 13:20:17 | 00,129,024 | ---- | C] () -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2010/01/04 13:20:17 | 00,128,512 | ---- | C] () -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2010/01/04 13:20:17 | 00,125,440 | ---- | C] () -- C:\Windows\SysNative\SetDepNx.exe
[2010/01/04 13:20:17 | 00,041,984 | ---- | C] () -- C:\Windows\SysNative\mshta.exe
[2010/01/04 13:20:16 | 00,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll
[2010/01/04 13:20:16 | 00,048,128 | ---- | C] () -- C:\Windows\SysNative\mshtmler.dll
[2010/01/04 13:20:15 | 00,479,744 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/01/04 13:20:14 | 03,698,584 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
[2010/01/04 13:20:14 | 00,193,536 | ---- | C] () -- C:\Windows\SysNative\iexpress.exe
[2010/01/04 13:13:31 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$ads.docx
[2010/01/04 01:16:48 | 00,001,914 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/01/03 21:38:23 | 00,001,851 | ---- | C] () -- C:\Users\chudneymiles\Desktop\Hotel Dash Suite Success.lnk
[2010/01/03 17:12:42 | 00,012,111 | ---- | C] () -- C:\Users\chudneymiles\Documents\move in.docx
[2010/01/03 17:03:11 | 00,013,028 | ---- | C] () -- C:\Users\chudneymiles\Desktop\[isoHunt] TurboTax_Home_and_Business_2009_REPACKED__AAOO_.5241162.TPB.torrent
[2010/01/02 23:22:10 | 00,001,340 | ---- | C] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
[2010/01/02 22:17:54 | 00,010,655 | ---- | C] () -- C:\Users\chudneymiles\Documents\email list.docx
[2009/12/31 20:15:27 | 00,000,744 | ---- | C] () -- C:\Users\chudneymiles\Desktop\µTorrent.lnk
[2009/12/31 20:14:15 | 00,043,504 | ---- | C] () -- C:\Users\chudneymiles\Desktop\[isoHunt] The Boondocks-(Uncut)-Season 1 and 2 Season 2 (Extras)-MILLIONDOLLAMAN1.torrent
[2009/12/30 20:28:23 | 00,021,723 | ---- | C] () -- C:\Users\chudneymiles\Documents\CLEANING SOLUTIONS.docx
[2009/12/30 18:18:02 | 00,020,314 | ---- | C] () -- C:\Users\chudneymiles\Documents\ads.docx
[2009/12/28 10:20:42 | 00,001,740 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/24 09:30:26 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2009/12/24 09:30:26 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2009/12/24 09:30:26 | 00,065,536 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TM.blf
[2009/12/19 15:35:39 | 00,015,433 | ---- | C] () -- C:\Users\chudneymiles\Documents\desmond.docx
[2009/12/17 06:34:30 | 00,049,152 | ---- | C] () -- C:\Users\chudneymiles\Desktop\CHOICE.EXE
[2009/12/17 06:05:43 | 00,002,554 | ---- | C] () -- C:\Users\chudneymiles\Desktop\JL_Cmder.lnk
[2009/12/17 05:54:23 | 00,001,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
[2009/12/17 05:54:22 | 00,001,861 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2009/12/17 04:02:47 | 00,109,819 | ---- | C] () -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1.zip
[2009/12/16 08:31:33 | 00,016,266 | ---- | C] () -- C:\Users\chudneymiles\Desktop\Adult Disability and Work H...pdf
[2009/12/16 08:18:01 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$M Resume.doc
[2009/12/16 06:42:19 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$ far as my Manic depression.docx
[2009/12/15 10:32:41 | 00,012,096 | ---- | C] () -- C:\Users\chudneymiles\Documents\As far as my Manic depression.docx
[2009/12/15 08:53:14 | 00,024,576 | ---- | C] () -- C:\Users\chudneymiles\Documents\chudney ssi app.docx
[2009/12/01 19:00:07 | 00,000,000 | ---- | C] () -- C:\Windows\ResortingToDanger.INI
[2009/11/28 02:44:21 | 00,004,096 | -H-- | C] () -- C:\Users\chudneymiles\AppData\Local\keyfile3.drm
[2009/11/20 17:58:47 | 00,001,041 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\vso_ts_preview.xml
[2009/11/20 17:58:14 | 00,000,034 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.log
[2009/11/20 17:56:27 | 00,099,384 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\inst.exe
[2009/11/20 17:56:27 | 00,007,859 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.cat
[2009/11/20 17:56:27 | 00,001,167 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.inf
[2009/07/20 22:02:12 | 00,712,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/16 12:22:40 | 00,000,768 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\wklnhst.dat
[2009/07/11 04:57:47 | 00,000,000 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\bcrypt.html
[2009/04/12 02:53:04 | 00,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/04/03 21:57:37 | 00,000,068 | ---- | C] () -- C:\Windows\eyeQ Screen Saver.ini
[2009/02/20 02:39:20 | 00,000,858 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/02/20 02:39:20 | 00,000,168 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/02/20 02:38:58 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/02/20 02:38:58 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/02/20 02:37:22 | 00,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2009/02/20 02:33:59 | 00,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/01/13 23:37:10 | 00,006,080 | ---- | C] () -- C:\Users\chudneymiles\AppData\Local\d3d9caps.dat
[2009/01/10 22:15:25 | 00,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/01/10 22:15:25 | 00,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/02 04:30:20 | 00,323,584 | ---- | C] () -- C:\Windows\SysWow64\FoxImager.dll
[2009/01/01 22:44:53 | 00,086,016 | ---- | C] () -- C:\Users\chudneymiles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/12 11:06:30 | 00,058,672 | ---- | C] () -- C:\Windows\SysWow64\ASUSACPIDLL.dll
[2008/07/16 04:41:55 | 00,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/07/16 04:41:55 | 00,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/14 17:47:06 | 00,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 02:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/06/06 06:56:50 | 00,382,488 | ---- | M] (Intel Corporation) MD5=170CE3F0190702EA9EFDD2DD77130EF8 -- C:\hp\drivers\Intel_RAID\iastor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:0A051701
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\wii.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west test on halo.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west test on 2 halo.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west pass.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\welcome letter.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\verizon.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\verizon order number.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\usbank.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\usaa.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\taxcut caleb.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\sstatefarm.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\silver certificate.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shops.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shopping list.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shopper cert.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\santos.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\reciepes.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\professional[1].doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\prices.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\party saturday.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\Parent Info sheet1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\overnight.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\old w2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\number verzion.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\note for halo.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\no.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\nissan.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\nicole.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\new parent sheet.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\new jersey turnpike.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\NAVAL BASES.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\more research.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\mold.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\magonia.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\list.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\kriasat.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\kes.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\ir.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\info on baby.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\hsbc bank.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\hsbc bank dispute.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\HOW TO FILTER HALO.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\housing.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\house list.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\home.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\girls ssa.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\get.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\for kris.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\food list.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\fax number.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\dispute.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\diane'.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\denver housing.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\daycare1223.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\daycare.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\datcare.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\D1234370957.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\customer service.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\craigist babysit2.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\craigist babysit.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cox.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cox order number.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\Contract for Infants1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\consumer adjustmentdispute.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\consumer adjustment.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\come in get on waitingg list camp.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\church.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\chudney pay w2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\chris blackberry email.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\childcare6.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cheat codes.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certficsaat.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certfc.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certf.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cerf.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\care.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\camp.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb W2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb state.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb 2008TaxReturn.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\blogg.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bin.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bedding for girls.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bed 4 girlss.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\auctions.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\altima.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\aleb.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\ALBLUMS.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afbank.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afbank dispute3 13 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afb.txt:Roxio EMC Stream
@Alternate Data Stream - 452 bytes -> C:\ProgramData\TEMP:6283A8D3
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:4BBAA745
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:FC5A6A39
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:05E0618E
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:82591FF7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DA3FF453
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:904251FD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:1CF2F47C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:21192FCF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:B4DCBA8B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:9B285B76
< End of report >

chudneymiles
2010-01-13, 04:30
OTL Extras logfile created on: 1/12/2010 9:02:55 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\chudneymiles\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.79 Gb Total Space | 34.78 Gb Free Space | 12.13% Space Free | Partition Type: NTFS
Drive D: | 11.30 Gb Total Space | 1.52 Gb Free Space | 13.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEMILES
Current User Name: chudneymiles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B63C0D-987C-4057-B860-E5AF3BC1E2BB}" = rport=138 | protocol=17 | dir=out | app=system |
"{128A5D24-2853-4BF2-BEFE-5C7A6C8705DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{17457B93-55CC-41D6-9EB2-54F44C4B4B47}" = rport=137 | protocol=17 | dir=out | app=system |
"{2812F710-BDB9-4335-9602-9EF6D2BAB883}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3A4FCADF-050C-4876-9025-411979ECBE84}" = lport=2869 | protocol=6 | dir=in | app=system |
"{514AA414-BC12-4763-A811-4A409E810BDF}" = lport=137 | protocol=17 | dir=in | app=system |
"{53097EE3-62FC-4D78-8481-AB926B354BA2}" = lport=445 | protocol=6 | dir=in | app=system |
"{773C562A-8AD7-49B3-9A51-C47D566240F9}" = rport=139 | protocol=6 | dir=out | app=system |
"{AA401507-D36B-4ED7-98F8-A951963D3982}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{AB25E0D9-46CE-4FA5-9BA1-A97A3E2663D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B5CA378D-ADD6-4C1F-AB40-B740B887194F}" = lport=138 | protocol=17 | dir=in | app=system |
"{B9533262-1D88-431F-8BFE-5CE6052AD748}" = lport=139 | protocol=6 | dir=in | app=system |
"{D07CAB81-83BF-4852-942A-BBDB2FC82902}" = rport=445 | protocol=6 | dir=out | app=system |
"{E6BAA054-FB61-4202-A473-55DEB5958426}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D5E93E-91E3-4D8E-8F48-D8B3A1023F9D}" = protocol=6 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{0DDFE973-AE11-43D0-812C-96C04B847E30}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{12F87AB9-907E-4796-B3E2-850DA734E29B}" = protocol=17 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{2934923D-D9F9-40B5-B13F-A9E2AE1AAD20}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{2A1C50B9-44DF-4A40-A66D-CAF435F01CAB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{3AA5B14F-722B-4C17-B038-AA3D76F3CFC4}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08b\faxrx.exe |
"{3E3DD8B7-4680-48E0-A5A3-78187E5E118D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4140CFD1-7469-41C6-B23D-E6FC4A7821B4}" = protocol=17 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{4353FD67-E1A5-4033-A23F-26313FA52E9F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{464CE930-2056-4522-8F06-D4FB25C17967}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4CA4F0C3-8384-4593-A298-07782D175ABC}" = protocol=6 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4F42C5BF-0D65-4A00-A2A3-D1D5E1CD6857}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{50C5F0CE-41FB-40C3-91CE-17155D5E42E9}" = protocol=6 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{5A95A9C0-906D-4E83-875B-77A93E7E9DEE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{602F4A6F-F3FB-47A6-8D8B-30899F4DE55A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{66F908E1-8A4A-4822-B217-CA49F845E5BB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{6814CB9B-8DBC-4CA9-9EB6-77D9B720935A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{69FC9FEF-F56A-4365-A26C-6D52FB8E92B1}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{6D7BEBA7-E0E2-4BC9-9019-092F01EB76C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6EB93A48-3F58-4B20-BB9E-E842B07063D0}" = protocol=6 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{713F639E-06EF-4241-91BC-BBCA49D6B638}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{74213F19-F142-4DAA-8EB6-09499D9D41BE}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{7EE0D742-E1AA-43A4-9552-AC7A6F8BBFB8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7FBCC0C2-60FF-4ABA-B01D-E0BEDCB04F3A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A7261E29-E2E0-4681-A05F-4B0C77660D2D}" = protocol=17 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A881025D-9D1D-4F78-A5DB-F8DF82883B3C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{A92A220C-8F4D-4049-AF9D-AD9254F97C77}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{B13E3063-961F-4B51-911E-2B744BF4A9ED}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{B2B3634C-CCBC-43A2-B5FC-901714A7104F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{B8E7CCAC-4025-4909-B8FC-3CAEA35A1159}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{BFF5E783-3D4D-4A86-823F-D53105ABF0BE}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08b\faxrx.exe |
"{D3C54041-6B28-4079-AC57-9B86261D682C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D7389840-7E42-4888-92A8-F96400421BFB}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DF7DA845-4679-4DC2-94DE-A1E0B82456CF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E1966132-8A4A-47CE-8CCC-0160E6CEAB90}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F1E402AC-7391-417B-926C-D9BE8DC80C15}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F69E0F58-DBAE-41A3-8ECE-344612DA570E}" = protocol=17 | dir=in | app=c:\users\chudneymiles\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{FA9B41B7-2552-41CF-AABF-5C1D18003718}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{FD191748-721D-4D87-BB75-C9B9BD623AF5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"TCP Query User{4AF72490-5453-478D-B4FD-1F7A0D020390}C:\users\chudneymiles\appdata\roaming\vusbsp\vonagetalkusb.exe" = protocol=6 | dir=in | app=c:\users\chudneymiles\appdata\roaming\vusbsp\vonagetalkusb.exe |
"TCP Query User{4E2D07DD-E1ED-4871-8219-6A33DA5421E5}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{7CF697EA-64C0-4D91-A6F4-442C87FA6850}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{D48C7933-2F51-421F-95F9-891BCB321BA8}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{11C5AAEA-6160-43EF-A940-CA139C379D74}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{2BE5DCA4-33FF-4CE5-9C16-09E9198F5AFF}C:\users\chudneymiles\appdata\roaming\vusbsp\vonagetalkusb.exe" = protocol=17 | dir=in | app=c:\users\chudneymiles\appdata\roaming\vusbsp\vonagetalkusb.exe |
"UDP Query User{B6786095-4187-4823-A104-183C9CC79098}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Bluetooth by hp 6.1.0.2200
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{243579CC-CCE4-42F2-B48B-C90D15687A26}" = HP Touch Screen Configuration
"{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"CutePDF Writer Installation" = CutePDF Writer 2.7
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{13086F8B-2AA9-4488-BC9C-BB6B912A5524}" = muvee autoProducer 6.1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{28226DF6-3F3B-4BCC-9E97-FD11A461FEB4}" = Rapid Rote
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B4508B3-7403-44FF-8FBC-5CCD032E3635}" = MSN Toolbar Platform
"{2C0CD17D-0B06-4700-83FA-7344B868B0A2}" = Opera 9.63
"{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v5.0 ActiveX Control
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}" = Buttons & OSDs control application gen2
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3735D0-2119-40D5-971C-4FFC1E2C7695}" = HP TouchSmart Calendar
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A98AFBC7-D5A7-46A1-8795-EABE2F55A7D6}" = Microsoft Office Live Meeting 2007
"{ABDC7CFA-FEB4-4743-A18A-D549571F0B2A}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Media
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B33CD700-6738-11D4-87FE-0080C6F974A2}" = eyeQ
"{B38A9B1A-DAEF-4ECC-AC7D-FDB12EAE5663}_is1" = kBilling Invoicing Software
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{D7BA6898-F0D0-4F23-898B-928530DAF061}" = HP Touch Screen Enhance Service
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.5.315
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E72728C3-E9D6-4965-AFC1-73B064697F9D}" = HP TouchSmart
"{E7A9B8E3-060D-4D02-8ED7-D629BD6404EC}" = Fisher-Price SpongeBob's Classroom
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
"{EE031CEC-748D-429A-9A5C-8C53CD193335}" = BlackBerry Device Software Updater
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{F41E9A47-0119-4DB7-849C-6BE6DA948B74}" = HP TouchSmart Notes
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"BlackBerry_{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Dream Day Wedding - Viva Las Vegas 1.00" = Dream Day Wedding - Viva Las Vegas 1.00
"dvdSanta 3.45 - Create Your Own DVD Movies!_is1" = dvdSanta 3.45
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"Hotel Dash - Suite Success" = Hotel Dash - Suite Success (remove only)
"Hotel Dash Suite Success1.0" = Hotel Dash Suite Success
"HP KEYBOARD V1.5.2_is1" = HP KEYBOARD V1.5.2
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Media
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E7A9B8E3-060D-4D02-8ED7-D629BD6404EC}" = Fisher-Price SpongeBob's Classroom
"kBilling" = kBilling
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaProducts Offline Explorer" = MetaProducts Offline Explorer
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Nancy Drew Dossier-Resorting To Danger ." = Nancy Drew Dossier-Resorting To Danger .
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PROR" = Microsoft Office Professional 2007 Trial
"Rapid Rote" = Rapid Rote
"ResumeMaker Professional" = ResumeMaker Professional
"sp40348" = sp40348
"sp41098" = sp41098
"sp41119" = sp41119
"sp43205" = sp43205
"STANDARDR" = Microsoft Office Standard 2007 Trial
"TurboTax 2009" = TurboTax 2009
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SmartDraw 2010" = SmartDraw 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2010 2:52:42 PM | Computer Name = TheMiles | Source = Application Hang | ID = 1002
Description = The program EXCEL.EXE version 12.0.6514.5000 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1bd0 Start Time: 01ca915c73f94b14 Termination Time: 0

Error - 1/9/2010 7:24:29 PM | Computer Name = TheMiles | Source = WinMgmt | ID = 10
Description =

Error - 1/10/2010 3:17:23 AM | Computer Name = TheMiles | Source = VSS | ID = 8194
Description =

Error - 1/10/2010 4:13:43 AM | Computer Name = TheMiles | Source = WinMgmt | ID = 10
Description =

Error - 1/10/2010 12:35:07 PM | Computer Name = TheMiles | Source = WinMgmt | ID = 10
Description =

Error - 1/11/2010 11:38:16 AM | Computer Name = TheMiles | Source = WinMgmt | ID = 10
Description =

Error - 1/11/2010 7:51:12 PM | Computer Name = TheMiles | Source = Application Error | ID = 1000
Description = Faulting application kbilling.exe, version 0.0.0.0, time stamp 0x43614f7f,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a783, exception
code 0xc0000005, fault offset 0x00060267, process id 0x1404, application start time
0x01ca9318f1e474d3.

Error - 1/12/2010 11:35:37 AM | Computer Name = TheMiles | Source = WinMgmt | ID = 10
Description =

Error - 1/12/2010 7:56:06 PM | Computer Name = TheMiles | Source = WinMgmt | ID = 10
Description =

Error - 1/12/2010 10:01:18 PM | Computer Name = TheMiles | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.1.24.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: bd4 Start Time: 01ca93f3753ec218 Termination Time: 15

[ Media Center Events ]
Error - 10/11/2009 11:16:17 PM | Computer Name = TheMiles | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 10/7/2009 6:38:28 PM | Computer Name = TheMiles | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2644 seconds with 1320 seconds of active time. This session ended with a
crash.

Error - 11/15/2009 1:42:55 PM | Computer Name = TheMiles | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10943
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 11/15/2009 1:49:40 PM | Computer Name = TheMiles | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 397
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/12/2010 7:35:34 AM | Computer Name = TheMiles | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.10 for the Network Card with network
address 002215F4E132 has been denied by the DHCP server 68.87.68.13 (The DHCP Server
sent a DHCPNACK message).

Error - 1/12/2010 11:03:25 AM | Computer Name = TheMiles | Source = DCOM | ID = 10010
Description =

Error - 1/12/2010 11:03:59 AM | Computer Name = TheMiles | Source = Service Control Manager | ID = 7034
Description =

Error - 1/12/2010 11:04:39 AM | Computer Name = TheMiles | Source = DCOM | ID = 10010
Description =

Error - 1/12/2010 11:35:27 AM | Computer Name = TheMiles | Source = HTTP | ID = 15016
Description =

Error - 1/12/2010 11:35:38 AM | Computer Name = TheMiles | Source = Service Control Manager | ID = 7024
Description =

Error - 1/12/2010 4:25:48 PM | Computer Name = TheMiles | Source = Dhcp | ID = 1002
Description = The IP address lease 24.126.234.199 for the Network Card with network
address 002215F4E132 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 1/12/2010 4:26:15 PM | Computer Name = TheMiles | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.10 for the Network Card with network
address 002215F4E132 has been denied by the DHCP server 68.87.68.13 (The DHCP Server
sent a DHCPNACK message).

Error - 1/12/2010 7:55:57 PM | Computer Name = TheMiles | Source = HTTP | ID = 15016
Description =

Error - 1/12/2010 7:56:06 PM | Computer Name = TheMiles | Source = Service Control Manager | ID = 7024
Description =


< End of report >

Blade81
2010-01-13, 16:14
Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).



After that:

Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Please post contents of that file & fresh OTL.txt log in your next reply.

chudneymiles
2010-01-14, 05:37
Malwarebytes' Anti-Malware 1.44
Database version: 3557
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

1/13/2010 10:35:41 PM
mbam-log-2010-01-13 (22-35-41).txt

Scan type: Quick Scan
Objects scanned: 112516
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\chudneymiles\AppData\Local\Temp\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.

chudneymiles
2010-01-14, 05:54
OTL logfile created on: 1/13/2010 10:39:57 PM - Run 2
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\chudneymiles\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.79 Gb Total Space | 33.70 Gb Free Space | 11.75% Space Free | Partition Type: NTFS
Drive D: | 11.30 Gb Total Space | 1.52 Gb Free Space | 13.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEMILES
Current User Name: chudneymiles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\chudneymiles\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
PRC - C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
PRC - C:\Windows\SysWOW64\OSDForm.exe ()
PRC - C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\chudneymiles\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (iPod Service) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HP Touch Screen Enhance) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
SRV - (HP Health Check Service) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 00,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys ()
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys ()
DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\DRIVERS\rcmirror.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys ()
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys ()
DRV:64bit: - (ACPIService) -- C:\Windows\SysNative\DRIVERS\OSDACPI.SYS ()
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys ()
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys ()
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys ()
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys ()
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys ()
DRV:64bit: - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\DRIVERS\bthpan.sys ()
DRV:64bit: - (winusb) -- C:\Windows\SysNative\DRIVERS\winusb.sys ()
DRV:64bit: - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys ()
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys ()
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
DRV - (winusb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\Firefox [2009/12/01 16:40:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/12/01 16:40:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/06 11:31:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/06 11:31:35 | 00,000,000 | ---D | M]

[2009/03/05 23:55:09 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Extensions
[2009/03/05 23:55:09 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/13 21:16:06 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions
[2009/07/28 21:01:31 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/31 11:34:46 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/01/04 02:44:15 | 00,002,186 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\searchplugins\bing.xml
[2010/01/13 21:16:06 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Buttons & OSDs control application gen2] C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FPCCSMiddleware] C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP KEYBOARD] C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [HPSmartCenterBoot] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe (Hewlett-Packard)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} http://www.shockwave.com/content/diaperdash/sis/DiaperDashWeb.1.0.0.4.cab (CPlayFirstDiaperDashControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.na.blackberry.com/html/web/client_tools/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\chp.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\chp.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{191203ef-79a1-11de-ba2d-0021867c1f84}\Shell - "" = AutoRun
O33 - MountPoints2\{191203ef-79a1-11de-ba2d-0021867c1f84}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1a66da45-6205-11de-abac-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{1a66da45-6205-11de-abac-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{91d4cfa4-c090-11de-9797-0021867c1f84}\Shell - "" = AutoRun
O33 - MountPoints2\{91d4cfa4-c090-11de-9797-0021867c1f84}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
O33 - MountPoints2\{b160490a-4b14-11de-b049-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{b160490a-4b14-11de-b049-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{caa6ed2f-3742-11de-923c-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{caa6ed2f-3742-11de-923c-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/13 01:11:41 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/01/13 01:11:41 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/01/11 18:55:01 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\kBilling Company File Backup
[2010/01/11 17:15:12 | 00,581,632 | ---- | C] (Christian Werner Software & Consulting) -- C:\Windows\SysWow64\sqlite3odbc.dll
[2010/01/11 17:15:07 | 00,000,000 | ---D | C] -- C:\ProgramData\kBilling
[2010/01/10 03:22:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2010/01/10 03:01:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/01/08 14:39:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\kBilling
[2010/01/08 14:36:44 | 00,000,000 | ---D | C] -- C:\1d46e260dcf7a5394c623ba6e768
[2010/01/06 17:39:55 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/06 17:39:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/01/06 17:27:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/01/06 16:33:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/06 16:33:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/01/05 10:13:28 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\carmiles
[2010/01/05 10:13:16 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\New Folder (2)
[2010/01/05 10:02:54 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\SmartDraw
[2010/01/05 10:02:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SmartDraw 2010
[2010/01/04 22:04:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/01/04 21:23:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/01/04 17:46:10 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\Malwarebytes
[2010/01/04 17:46:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/04 17:46:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/01/04 17:46:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/04 13:36:02 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/01/04 13:22:16 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/01/04 13:22:16 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/01/04 13:22:16 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/01/04 13:22:15 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/01/04 13:22:15 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/01/04 13:22:14 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/01/04 13:22:14 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/01/04 13:22:14 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/01/04 13:22:13 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/01/04 13:22:13 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/01/04 13:22:12 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/01/04 13:22:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/01/04 13:22:11 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/01/04 13:22:06 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/01/04 13:22:06 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/01/04 13:20:25 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2010/01/04 13:20:25 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2010/01/04 13:20:24 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2010/01/04 13:20:24 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2010/01/04 13:20:24 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll
[2010/01/04 13:20:23 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2010/01/04 13:20:21 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/01/04 13:20:21 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2010/01/04 13:20:21 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2010/01/04 13:20:21 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2010/01/04 13:20:19 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/01/04 13:20:19 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2010/01/04 13:20:19 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2010/01/04 13:20:19 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2010/01/04 13:20:18 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/01/04 13:20:18 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2010/01/04 13:20:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2010/01/04 13:20:18 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2010/01/04 13:20:18 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/01/04 13:20:18 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/01/04 13:20:17 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/01/04 13:20:17 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe
[2010/01/04 13:20:16 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2010/01/04 13:20:16 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2010/01/04 13:20:15 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/01/04 13:20:15 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2010/01/04 13:20:14 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010/01/04 13:20:14 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe
[2010/01/04 13:20:14 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2010/01/04 13:20:14 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2010/01/04 13:20:14 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
[2010/01/04 01:22:48 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\TurboTax
[2010/01/04 01:19:54 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\Intuit
[2010/01/04 01:19:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2010/01/04 01:14:08 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Local\IsolatedStorage
[2010/01/04 01:14:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2010/01/04 01:14:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2010/01/04 01:12:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
[2010/01/03 21:38:15 | 00,000,000 | ---D | C] -- C:\Windows\Hotel Dash Suite Success
[2010/01/03 21:38:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hotel Dash Suite Success
[2010/01/02 23:22:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo! Games
[2009/12/17 05:10:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2009/12/17 04:27:33 | 13,218,1104 | ---- | C] (Research In Motion Ltd. ) -- C:\Users\chudneymiles\Desktop\9530AMEA_PBr5_1_.0.0_rel508_PL4.2.0.128_A5.0.0.328.exe
[2009/12/17 04:13:17 | 00,000,000 | ---D | C] -- C:\Program Files\JL_Cmder
[2009/12/17 04:04:01 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1
[2009/12/17 04:03:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\JL_Cmder
[2009/11/20 17:56:27 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.sys
[1 C:\Users\chudneymiles\Documents\*.tmp files -> C:\Users\chudneymiles\Documents\*.tmp -> ]
[1 C:\Users\chudneymiles\Desktop\*.tmp files -> C:\Users\chudneymiles\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/13 22:39:47 | 05,505,024 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat
[2010/01/13 22:36:22 | 00,760,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/13 22:36:22 | 00,645,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/13 22:36:22 | 00,119,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/13 22:25:58 | 00,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2010/01/13 22:25:54 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/13 22:25:54 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/13 21:30:44 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{083DAF79-A533-47B8-8521-868AF2AE6BD5}.job
[2010/01/13 21:27:47 | 00,000,478 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/01/13 21:24:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/13 21:24:35 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/13 21:23:32 | 00,004,775 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/13 21:23:31 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/13 21:23:31 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TM.blf
[2010/01/13 21:23:30 | 03,240,832 | -H-- | M] () -- C:\Users\chudneymiles\AppData\Local\IconCache.db
[2010/01/13 02:41:32 | 00,010,532 | ---- | M] () -- C:\Users\chudneymiles\Documents\My goals are not as complex as most.docx
[2010/01/12 22:11:31 | 00,081,920 | ---- | M] () -- C:\Users\chudneymiles\Documents\C&C HOME & CLEANING SOLUTIONS.kpd
[2010/01/12 22:05:20 | 00,008,485 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1456.pdf
[2010/01/12 21:49:01 | 00,000,248 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/01/12 18:02:22 | 00,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/11 22:02:39 | 00,010,517 | ---- | M] () -- C:\Users\chudneymiles\Documents\Letrisha I1002.pdf
[2010/01/11 21:37:59 | 00,019,299 | ---- | M] () -- C:\Users\chudneymiles\Documents\psychology chapter 2.docx
[2010/01/11 20:06:27 | 00,086,016 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/11 19:28:33 | 00,008,737 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1001.pdf
[2010/01/11 19:17:10 | 00,008,377 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Michael Lee & Bridgett Lee I1001.pdf
[2010/01/11 17:15:12 | 00,000,191 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2010/01/11 17:15:11 | 00,001,622 | ---- | M] () -- C:\Users\Public\Desktop\kBilling.lnk
[2010/01/10 19:23:57 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ychology chapter 2.docx
[2010/01/10 03:22:33 | 00,001,666 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/01/10 03:19:08 | 00,001,600 | ---- | M] () -- C:\Users\chudneymiles\Desktop\MagicISO.lnk
[2010/01/10 02:17:58 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/01/10 02:14:16 | 00,000,744 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/01/09 00:41:22 | 00,833,002 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8345.JPG
[2010/01/09 00:41:08 | 00,847,598 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8350.JPG
[2010/01/09 00:40:57 | 00,717,037 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8344.JPG
[2010/01/09 00:40:38 | 00,820,746 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8348.JPG
[2010/01/09 00:40:19 | 00,687,458 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8340.JPG
[2010/01/08 22:59:29 | 00,001,831 | ---- | M] () -- C:\Users\chudneymiles\Desktop\kBilling.lnk
[2010/01/08 21:37:59 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 19:18:26 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 19:18:26 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TM.blf
[2010/01/08 19:18:17 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 18:51:32 | 00,098,748 | ---- | M] () -- C:\Users\chudneymiles\Documents\f psychology test.docx
[2010/01/08 18:51:32 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$psychology test.docx
[2010/01/08 15:40:04 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 15:40:04 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TM.blf
[2010/01/08 15:26:32 | 00,068,608 | ---- | M] () -- C:\Users\chudneymiles\Documents\C & C Cleaning Solution.kpd
[2010/01/08 14:39:35 | 00,005,024 | ---- | M] () -- C:\ProgramData\dbvvomjc.bpt
[2010/01/07 22:16:05 | 00,001,041 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\vso_ts_preview.xml
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/07 16:07:06 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/07 01:09:56 | 00,000,768 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\wklnhst.dat
[2010/01/06 17:39:39 | 00,000,725 | ---- | M] () -- C:\Users\chudneymiles\Desktop\NTREGOPT.lnk
[2010/01/06 17:39:39 | 00,000,706 | ---- | M] () -- C:\Users\chudneymiles\Desktop\ERUNT.lnk
[2010/01/06 17:27:07 | 00,001,890 | ---- | M] () -- C:\Users\chudneymiles\Desktop\HijackThis.lnk
[2010/01/05 12:25:46 | 03,293,062 | ---- | M] () -- C:\Users\chudneymiles\Documents\Doc1.docx
[2010/01/05 12:25:46 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$Doc1.docx
[2010/01/05 10:02:51 | 00,000,855 | ---- | M] () -- C:\Users\chudneymiles\Desktop\SmartDraw 2010.lnk
[2010/01/04 22:45:11 | 02,279,985 | ---- | M] () -- C:\Users\chudneymiles\Documents\chapter 7 Patricia.pdf
[2010/01/04 22:44:48 | 02,348,725 | ---- | M] () -- C:\Users\chudneymiles\Documents\ch7volpp.pdf
[2010/01/04 22:13:29 | 00,125,048 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/04 22:11:21 | 00,455,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/04 22:02:37 | 00,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2010/01/04 20:46:06 | 00,046,080 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLMC Resume.doc
[2010/01/04 20:13:35 | 00,047,104 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLM Resume.doc
[2010/01/04 17:46:07 | 00,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/04 13:39:09 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$udney ssi app.docx
[2010/01/04 13:13:31 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ads.docx
[2010/01/04 01:16:48 | 00,001,914 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/01/03 21:38:23 | 00,001,851 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Hotel Dash Suite Success.lnk
[2010/01/03 17:12:43 | 00,012,111 | ---- | M] () -- C:\Users\chudneymiles\Documents\move in.docx
[2010/01/03 17:12:25 | 00,020,314 | ---- | M] () -- C:\Users\chudneymiles\Documents\ads.docx
[2010/01/03 17:03:19 | 00,013,028 | ---- | M] () -- C:\Users\chudneymiles\Desktop\[isoHunt] TurboTax_Home_and_Business_2009_REPACKED__AAOO_.5241162.TPB.torrent
[2010/01/03 15:16:54 | 00,010,655 | ---- | M] () -- C:\Users\chudneymiles\Documents\email list.docx
[2010/01/02 23:22:10 | 00,001,340 | ---- | M] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
[2009/12/31 20:17:36 | 00,043,504 | ---- | M] () -- C:\Users\chudneymiles\Desktop\[isoHunt] The Boondocks-(Uncut)-Season 1 and 2 Season 2 (Extras)-MILLIONDOLLAMAN1.torrent
[2009/12/31 20:15:27 | 00,000,744 | ---- | M] () -- C:\Users\chudneymiles\Desktop\µTorrent.lnk
[2009/12/30 20:28:24 | 00,021,723 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLEANING SOLUTIONS.docx
[2009/12/29 08:08:28 | 00,006,080 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\d3d9caps.dat
[2009/12/28 11:27:20 | 00,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/28 08:50:16 | 00,000,000 | ---- | M] () -- C:\Users\chudneymiles\Documents\Nuance Image Printer Writer Port
[2009/12/25 22:34:02 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 20:27:57 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 20:27:57 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TM.blf
[2009/12/19 15:35:41 | 00,015,433 | ---- | M] () -- C:\Users\chudneymiles\Documents\desmond.docx
[2009/12/17 06:34:33 | 00,049,152 | ---- | M] () -- C:\Users\chudneymiles\Desktop\CHOICE.EXE
[2009/12/17 05:54:23 | 00,001,879 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
[2009/12/17 05:54:23 | 00,001,861 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2009/12/17 05:08:47 | 13,218,1104 | ---- | M] (Research In Motion Ltd. ) -- C:\Users\chudneymiles\Desktop\9530AMEA_PBr5_1_.0.0_rel508_PL4.2.0.128_A5.0.0.328.exe
[2009/12/17 04:02:53 | 00,109,819 | ---- | M] () -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1.zip
[2009/12/16 08:32:03 | 00,024,576 | ---- | M] () -- C:\Users\chudneymiles\Documents\chudney ssi app.docx
[2009/12/16 08:31:33 | 00,016,266 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Adult Disability and Work H...pdf
[2009/12/16 08:18:01 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$M Resume.doc
[2009/12/16 06:42:19 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ far as my Manic depression.docx
[2009/12/15 10:32:42 | 00,012,096 | ---- | M] () -- C:\Users\chudneymiles\Documents\As far as my Manic depression.docx
[1 C:\Users\chudneymiles\Documents\*.tmp files -> C:\Users\chudneymiles\Documents\*.tmp -> ]
[1 C:\Users\chudneymiles\Desktop\*.tmp files -> C:\Users\chudneymiles\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

chudneymiles
2010-01-14, 05:56
[2010/01/13 02:41:31 | 00,010,532 | ---- | C] () -- C:\Users\chudneymiles\Documents\My goals are not as complex as most.docx
[2010/01/13 01:11:41 | 00,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/01/13 01:11:41 | 00,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/01/11 21:52:09 | 00,010,517 | ---- | C] () -- C:\Users\chudneymiles\Documents\Letrisha I1002.pdf
[2010/01/11 19:30:20 | 00,008,485 | ---- | C] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1456.pdf
[2010/01/11 19:24:10 | 00,008,737 | ---- | C] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1001.pdf
[2010/01/11 19:17:09 | 00,008,377 | ---- | C] () -- C:\Users\chudneymiles\Desktop\Michael Lee & Bridgett Lee I1001.pdf
[2010/01/11 17:55:30 | 00,081,920 | ---- | C] () -- C:\Users\chudneymiles\Documents\C&C HOME & CLEANING SOLUTIONS.kpd
[2010/01/11 17:15:11 | 00,001,622 | ---- | C] () -- C:\Users\Public\Desktop\kBilling.lnk
[2010/01/10 19:23:57 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$ychology chapter 2.docx
[2010/01/10 19:23:56 | 00,019,299 | ---- | C] () -- C:\Users\chudneymiles\Documents\psychology chapter 2.docx
[2010/01/10 03:22:33 | 00,001,666 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/01/10 03:19:08 | 00,001,600 | ---- | C] () -- C:\Users\chudneymiles\Desktop\MagicISO.lnk
[2010/01/10 02:17:57 | 00,871,408 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/01/10 02:14:16 | 00,000,744 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/01/09 00:40:56 | 00,833,002 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8345.JPG
[2010/01/09 00:40:40 | 00,847,598 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8350.JPG
[2010/01/09 00:40:31 | 00,717,037 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8344.JPG
[2010/01/09 00:40:20 | 00,820,746 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8348.JPG
[2010/01/09 00:40:04 | 00,687,458 | ---- | C] () -- C:\Users\chudneymiles\Documents\DSCN8340.JPG
[2010/01/08 19:26:33 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 19:26:33 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 19:26:32 | 00,065,536 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TM.blf
[2010/01/08 18:51:32 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$psychology test.docx
[2010/01/08 18:51:29 | 00,098,748 | ---- | C] () -- C:\Users\chudneymiles\Documents\f psychology test.docx
[2010/01/08 16:30:14 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 16:30:14 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 16:30:14 | 00,065,536 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TM.blf
[2010/01/08 14:46:56 | 00,068,608 | ---- | C] () -- C:\Users\chudneymiles\Documents\C & C Cleaning Solution.kpd
[2010/01/08 14:39:35 | 00,005,024 | ---- | C] () -- C:\ProgramData\dbvvomjc.bpt
[2010/01/08 13:38:37 | 00,000,248 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/08 13:26:47 | 00,001,831 | ---- | C] () -- C:\Users\chudneymiles\Desktop\kBilling.lnk
[2010/01/06 17:39:39 | 00,000,725 | ---- | C] () -- C:\Users\chudneymiles\Desktop\NTREGOPT.lnk
[2010/01/06 17:39:39 | 00,000,706 | ---- | C] () -- C:\Users\chudneymiles\Desktop\ERUNT.lnk
[2010/01/06 17:27:07 | 00,001,890 | ---- | C] () -- C:\Users\chudneymiles\Desktop\HijackThis.lnk
[2010/01/05 12:25:46 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$Doc1.docx
[2010/01/05 12:25:45 | 03,293,062 | ---- | C] () -- C:\Users\chudneymiles\Documents\Doc1.docx
[2010/01/05 10:02:51 | 00,000,855 | ---- | C] () -- C:\Users\chudneymiles\Desktop\SmartDraw 2010.lnk
[2010/01/05 10:02:51 | 00,000,478 | ---- | C] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/01/04 22:45:09 | 02,279,985 | ---- | C] () -- C:\Users\chudneymiles\Documents\chapter 7 Patricia.pdf
[2010/01/04 22:16:23 | 02,348,725 | ---- | C] () -- C:\Users\chudneymiles\Documents\ch7volpp.pdf
[2010/01/04 22:03:28 | 00,051,032 | R--- | C] () -- C:\Windows\SysNative\AdobePDF.dll
[2010/01/04 22:03:28 | 00,024,416 | R--- | C] () -- C:\Windows\SysNative\AdobePDFUI.dll
[2010/01/04 22:02:37 | 00,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2010/01/04 20:13:55 | 00,046,080 | ---- | C] () -- C:\Users\chudneymiles\Documents\CLMC Resume.doc
[2010/01/04 17:46:07 | 00,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/04 17:46:03 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/04 13:39:09 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$udney ssi app.docx
[2010/01/04 13:36:02 | 00,818,176 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/01/04 13:22:17 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/01/04 13:22:16 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/01/04 13:22:16 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/01/04 13:22:16 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/01/04 13:22:16 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/01/04 13:22:15 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/01/04 13:22:14 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/01/04 13:22:14 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/01/04 13:22:14 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/01/04 13:22:14 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/01/04 13:22:14 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/01/04 13:22:14 | 00,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/01/04 13:22:14 | 00,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/01/04 13:22:14 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/01/04 13:22:13 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/01/04 13:22:13 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/01/04 13:22:12 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/01/04 13:22:11 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/01/04 13:22:08 | 12,462,080 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/01/04 13:22:06 | 09,237,504 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/01/04 13:22:06 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/01/04 13:22:06 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/01/04 13:20:25 | 00,161,792 | ---- | C] () -- C:\Windows\SysNative\advpack.dll
[2010/01/04 13:20:25 | 00,088,064 | ---- | C] () -- C:\Windows\SysNative\admparse.dll
[2010/01/04 13:20:25 | 00,085,504 | ---- | C] () -- C:\Windows\SysNative\icardie.dll
[2010/01/04 13:20:25 | 00,022,528 | ---- | C] () -- C:\Windows\SysNative\corpol.dll
[2010/01/04 13:20:24 | 00,223,232 | ---- | C] () -- C:\Windows\SysNative\msls31.dll
[2010/01/04 13:20:24 | 00,157,696 | ---- | C] () -- C:\Windows\SysNative\ieakeng.dll
[2010/01/04 13:20:23 | 00,077,824 | ---- | C] () -- C:\Windows\SysNative\tdc.ocx
[2010/01/04 13:20:22 | 00,125,952 | ---- | C] () -- C:\Windows\SysNative\inseng.dll
[2010/01/04 13:20:22 | 00,055,808 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2010/01/04 13:20:22 | 00,052,736 | ---- | C] () -- C:\Windows\SysNative\imgutil.dll
[2010/01/04 13:20:21 | 00,481,280 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/01/04 13:20:21 | 00,076,288 | ---- | C] () -- C:\Windows\SysNative\wextract.exe
[2010/01/04 13:20:21 | 00,063,488 | ---- | C] () -- C:\Windows\SysNative\pngfilt.dll
[2010/01/04 13:20:19 | 01,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/01/04 13:20:19 | 00,508,416 | ---- | C] () -- C:\Windows\SysNative\dxtmsft.dll
[2010/01/04 13:20:19 | 00,318,464 | ---- | C] () -- C:\Windows\SysNative\dxtrans.dll
[2010/01/04 13:20:19 | 00,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/01/04 13:20:18 | 00,304,640 | ---- | C] () -- C:\Windows\SysNative\webcheck.dll
[2010/01/04 13:20:18 | 00,271,872 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/01/04 13:20:18 | 00,241,664 | ---- | C] () -- C:\Windows\SysNative\msrating.dll
[2010/01/04 13:20:18 | 00,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll
[2010/01/04 13:20:17 | 00,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/01/04 13:20:17 | 00,278,528 | ---- | C] () -- C:\Windows\SysNative\WinFXDocObj.exe
[2010/01/04 13:20:17 | 00,131,584 | ---- | C] () -- C:\Windows\SysNative\PDMSetup.exe
[2010/01/04 13:20:17 | 00,129,024 | ---- | C] () -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2010/01/04 13:20:17 | 00,128,512 | ---- | C] () -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2010/01/04 13:20:17 | 00,125,440 | ---- | C] () -- C:\Windows\SysNative\SetDepNx.exe
[2010/01/04 13:20:17 | 00,041,984 | ---- | C] () -- C:\Windows\SysNative\mshta.exe
[2010/01/04 13:20:16 | 00,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll
[2010/01/04 13:20:16 | 00,048,128 | ---- | C] () -- C:\Windows\SysNative\mshtmler.dll
[2010/01/04 13:20:15 | 00,479,744 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/01/04 13:20:14 | 03,698,584 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
[2010/01/04 13:20:14 | 00,193,536 | ---- | C] () -- C:\Windows\SysNative\iexpress.exe
[2010/01/04 13:13:31 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$ads.docx
[2010/01/04 01:16:48 | 00,001,914 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/01/03 21:38:23 | 00,001,851 | ---- | C] () -- C:\Users\chudneymiles\Desktop\Hotel Dash Suite Success.lnk
[2010/01/03 17:12:42 | 00,012,111 | ---- | C] () -- C:\Users\chudneymiles\Documents\move in.docx
[2010/01/03 17:03:11 | 00,013,028 | ---- | C] () -- C:\Users\chudneymiles\Desktop\[isoHunt] TurboTax_Home_and_Business_2009_REPACKED__AAOO_.5241162.TPB.torrent
[2010/01/02 23:22:10 | 00,001,340 | ---- | C] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
[2010/01/02 22:17:54 | 00,010,655 | ---- | C] () -- C:\Users\chudneymiles\Documents\email list.docx
[2009/12/31 20:15:27 | 00,000,744 | ---- | C] () -- C:\Users\chudneymiles\Desktop\µTorrent.lnk
[2009/12/31 20:14:15 | 00,043,504 | ---- | C] () -- C:\Users\chudneymiles\Desktop\[isoHunt] The Boondocks-(Uncut)-Season 1 and 2 Season 2 (Extras)-MILLIONDOLLAMAN1.torrent
[2009/12/30 20:28:23 | 00,021,723 | ---- | C] () -- C:\Users\chudneymiles\Documents\CLEANING SOLUTIONS.docx
[2009/12/30 18:18:02 | 00,020,314 | ---- | C] () -- C:\Users\chudneymiles\Documents\ads.docx
[2009/12/28 10:20:42 | 00,001,740 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/24 09:30:26 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2009/12/24 09:30:26 | 00,524,288 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2009/12/24 09:30:26 | 00,065,536 | -HS- | C] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TM.blf
[2009/12/19 15:35:39 | 00,015,433 | ---- | C] () -- C:\Users\chudneymiles\Documents\desmond.docx
[2009/12/17 06:34:30 | 00,049,152 | ---- | C] () -- C:\Users\chudneymiles\Desktop\CHOICE.EXE
[2009/12/17 06:05:43 | 00,002,554 | ---- | C] () -- C:\Users\chudneymiles\Desktop\JL_Cmder.lnk
[2009/12/17 05:54:23 | 00,001,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
[2009/12/17 05:54:22 | 00,001,861 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2009/12/17 04:02:47 | 00,109,819 | ---- | C] () -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1.zip
[2009/12/16 08:31:33 | 00,016,266 | ---- | C] () -- C:\Users\chudneymiles\Desktop\Adult Disability and Work H...pdf
[2009/12/16 08:18:01 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$M Resume.doc
[2009/12/16 06:42:19 | 00,000,162 | -H-- | C] () -- C:\Users\chudneymiles\Documents\~$ far as my Manic depression.docx
[2009/12/15 10:32:41 | 00,012,096 | ---- | C] () -- C:\Users\chudneymiles\Documents\As far as my Manic depression.docx
[2009/12/15 08:53:14 | 00,024,576 | ---- | C] () -- C:\Users\chudneymiles\Documents\chudney ssi app.docx
[2009/12/01 19:00:07 | 00,000,000 | ---- | C] () -- C:\Windows\ResortingToDanger.INI
[2009/11/28 02:44:21 | 00,004,096 | -H-- | C] () -- C:\Users\chudneymiles\AppData\Local\keyfile3.drm
[2009/11/20 17:58:47 | 00,001,041 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\vso_ts_preview.xml
[2009/11/20 17:58:14 | 00,000,034 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.log
[2009/11/20 17:56:27 | 00,099,384 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\inst.exe
[2009/11/20 17:56:27 | 00,007,859 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.cat
[2009/11/20 17:56:27 | 00,001,167 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.inf
[2009/07/20 22:02:12 | 00,712,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/16 12:22:40 | 00,000,768 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\wklnhst.dat
[2009/07/11 04:57:47 | 00,000,000 | ---- | C] () -- C:\Users\chudneymiles\AppData\Roaming\bcrypt.html
[2009/04/12 02:53:04 | 00,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/04/03 21:57:37 | 00,000,068 | ---- | C] () -- C:\Windows\eyeQ Screen Saver.ini
[2009/02/20 02:39:20 | 00,000,858 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/02/20 02:39:20 | 00,000,168 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/02/20 02:38:58 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/02/20 02:38:58 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/02/20 02:37:22 | 00,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2009/02/20 02:33:59 | 00,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/01/13 23:37:10 | 00,006,080 | ---- | C] () -- C:\Users\chudneymiles\AppData\Local\d3d9caps.dat
[2009/01/10 22:15:25 | 00,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/01/10 22:15:25 | 00,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/02 04:30:20 | 00,323,584 | ---- | C] () -- C:\Windows\SysWow64\FoxImager.dll
[2009/01/01 22:44:53 | 00,086,016 | ---- | C] () -- C:\Users\chudneymiles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/12 11:06:30 | 00,058,672 | ---- | C] () -- C:\Windows\SysWow64\ASUSACPIDLL.dll
[2008/07/16 04:41:55 | 00,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/07/16 04:41:55 | 00,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/14 17:47:06 | 00,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 02:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/06/06 06:56:50 | 00,382,488 | ---- | M] (Intel Corporation) MD5=170CE3F0190702EA9EFDD2DD77130EF8 -- C:\hp\drivers\Intel_RAID\iastor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:0A051701
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\wii.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west test on halo.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west test on 2 halo.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west pass.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\welcome letter.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\verizon.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\verizon order number.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\usbank.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\usaa.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\taxcut caleb.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\sstatefarm.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\silver certificate.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shops.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shopping list.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shopper cert.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\santos.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\reciepes.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\professional[1].doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\prices.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\party saturday.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\Parent Info sheet1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\overnight.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\old w2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\number verzion.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\note for halo.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\no.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\nissan.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\nicole.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\new parent sheet.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\new jersey turnpike.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\NAVAL BASES.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\more research.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\mold.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\magonia.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\list.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\kriasat.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\kes.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\ir.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\info on baby.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\hsbc bank.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\hsbc bank dispute.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\HOW TO FILTER HALO.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\housing.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\house list.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\home.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\girls ssa.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\get.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\for kris.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\food list.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\fax number.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\dispute.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\diane'.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\denver housing.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\daycare1223.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\daycare.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\datcare.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\D1234370957.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\customer service.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\craigist babysit2.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\craigist babysit.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cox.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cox order number.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\Contract for Infants1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\consumer adjustmentdispute.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\consumer adjustment.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\come in get on waitingg list camp.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\church.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\chudney pay w2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\chris blackberry email.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\childcare6.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cheat codes.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certficsaat.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certfc.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certf.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cerf.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\care.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\camp.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb W2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb state.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb 2008TaxReturn.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\blogg.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bin.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bedding for girls.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bed 4 girlss.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\auctions.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\altima.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\aleb.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\ALBLUMS.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afbank.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afbank dispute3 13 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afb.txt:Roxio EMC Stream
@Alternate Data Stream - 452 bytes -> C:\ProgramData\TEMP:6283A8D3
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:4BBAA745
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:FC5A6A39
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:05E0618E
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:82591FF7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DA3FF453
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:904251FD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:1CF2F47C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:21192FCF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:B4DCBA8B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:9B285B76
< End of report >
[2010/01/13 22:36:22 | 00,760,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/13 22:36:22 | 00,645,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/13 22:36:22 | 00,119,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/13 03:12:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/01/08 19:25:34 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/01/08 19:25:34 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/01/08 19:20:50 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\Microsoft Shared
[2010/01/04 17:35:35 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/12/17 04:13:17 | 00,000,000 | ---D | M] -- C:\Program Files\JL_Cmder

========== Files - Modified Within 30 Days ==========

[2010/01/13 22:39:47 | 05,505,024 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat
[2010/01/13 22:36:22 | 00,760,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/13 22:36:22 | 00,645,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/13 22:36:22 | 00,119,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/13 22:25:58 | 00,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2010/01/13 22:25:54 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/13 22:25:54 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/13 21:30:44 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{083DAF79-A533-47B8-8521-868AF2AE6BD5}.job
[2010/01/13 21:27:47 | 00,000,478 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/01/13 21:24:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/13 21:24:35 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/13 21:23:32 | 00,004,775 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/13 21:23:31 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/13 21:23:31 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TM.blf
[2010/01/13 21:23:30 | 03,240,832 | -H-- | M] () -- C:\Users\chudneymiles\AppData\Local\IconCache.db
[2010/01/13 02:41:32 | 00,010,532 | ---- | M] () -- C:\Users\chudneymiles\Documents\My goals are not as complex as most.docx
[2010/01/12 22:11:31 | 00,081,920 | ---- | M] () -- C:\Users\chudneymiles\Documents\C&C HOME & CLEANING SOLUTIONS.kpd
[2010/01/12 22:05:20 | 00,008,485 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1456.pdf
[2010/01/12 21:49:01 | 00,000,248 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/01/12 18:02:22 | 00,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/11 22:02:39 | 00,010,517 | ---- | M] () -- C:\Users\chudneymiles\Documents\Letrisha I1002.pdf
[2010/01/11 21:37:59 | 00,019,299 | ---- | M] () -- C:\Users\chudneymiles\Documents\psychology chapter 2.docx
[2010/01/11 20:06:27 | 00,086,016 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/11 19:28:33 | 00,008,737 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1001.pdf
[2010/01/11 19:17:10 | 00,008,377 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Michael Lee & Bridgett Lee I1001.pdf
[2010/01/11 17:15:12 | 00,000,191 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2010/01/11 17:15:11 | 00,001,622 | ---- | M] () -- C:\Users\Public\Desktop\kBilling.lnk
[2010/01/10 19:23:57 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ychology chapter 2.docx
[2010/01/10 03:22:33 | 00,001,666 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/01/10 03:19:08 | 00,001,600 | ---- | M] () -- C:\Users\chudneymiles\Desktop\MagicISO.lnk
[2010/01/10 02:17:58 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/01/10 02:14:16 | 00,000,744 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/01/09 00:41:22 | 00,833,002 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8345.JPG
[2010/01/09 00:41:08 | 00,847,598 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8350.JPG
[2010/01/09 00:40:57 | 00,717,037 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8344.JPG
[2010/01/09 00:40:38 | 00,820,746 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8348.JPG
[2010/01/09 00:40:19 | 00,687,458 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8340.JPG
[2010/01/08 22:59:29 | 00,001,831 | ---- | M] () -- C:\Users\chudneymiles\Desktop\kBilling.lnk
[2010/01/08 21:37:59 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 19:18:26 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 19:18:26 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TM.blf
[2010/01/08 19:18:17 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 18:51:32 | 00,098,748 | ---- | M] () -- C:\Users\chudneymiles\Documents\f psychology test.docx
[2010/01/08 18:51:32 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$psychology test.docx
[2010/01/08 15:40:04 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 15:40:04 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TM.blf
[2010/01/08 15:26:32 | 00,068,608 | ---- | M] () -- C:\Users\chudneymiles\Documents\C & C Cleaning Solution.kpd
[2010/01/08 14:39:35 | 00,005,024 | ---- | M] () -- C:\ProgramData\dbvvomjc.bpt
[2010/01/07 22:16:05 | 00,001,041 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\vso_ts_preview.xml
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/07 16:07:06 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/07 01:09:56 | 00,000,768 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\wklnhst.dat
[2010/01/06 17:39:39 | 00,000,725 | ---- | M] () -- C:\Users\chudneymiles\Desktop\NTREGOPT.lnk
[2010/01/06 17:39:39 | 00,000,706 | ---- | M] () -- C:\Users\chudneymiles\Desktop\ERUNT.lnk
[2010/01/06 17:27:07 | 00,001,890 | ---- | M] () -- C:\Users\chudneymiles\Desktop\HijackThis.lnk
[2010/01/05 12:25:46 | 03,293,062 | ---- | M] () -- C:\Users\chudneymiles\Documents\Doc1.docx
[2010/01/05 12:25:46 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$Doc1.docx
[2010/01/05 10:02:51 | 00,000,855 | ---- | M] () -- C:\Users\chudneymiles\Desktop\SmartDraw 2010.lnk
[2010/01/04 22:45:11 | 02,279,985 | ---- | M] () -- C:\Users\chudneymiles\Documents\chapter 7 Patricia.pdf
[2010/01/04 22:44:48 | 02,348,725 | ---- | M] () -- C:\Users\chudneymiles\Documents\ch7volpp.pdf
[2010/01/04 22:13:29 | 00,125,048 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/04 22:11:21 | 00,455,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/04 22:02:37 | 00,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2010/01/04 20:46:06 | 00,046,080 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLMC Resume.doc
[2010/01/04 20:13:35 | 00,047,104 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLM Resume.doc
[2010/01/04 17:46:07 | 00,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/04 13:39:09 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$udney ssi app.docx
[2010/01/04 13:13:31 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ads.docx
[2010/01/04 01:16:48 | 00,001,914 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/01/03 21:38:23 | 00,001,851 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Hotel Dash Suite Success.lnk
[2010/01/03 17:12:43 | 00,012,111 | ---- | M] () -- C:\Users\chudneymiles\Documents\move in.docx
[2010/01/03 17:12:25 | 00,020,314 | ---- | M] () -- C:\Users\chudneymiles\Documents\ads.docx
[2010/01/03 17:03:19 | 00,013,028 | ---- | M] () -- C:\Users\chudneymiles\Desktop\[isoHunt] TurboTax_Home_and_Business_2009_REPACKED__AAOO_.5241162.TPB.torrent
[2010/01/03 15:16:54 | 00,010,655 | ---- | M] () -- C:\Users\chudneymiles\Documents\email list.docx
[2010/01/02 23:22:10 | 00,001,340 | ---- | M] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
[2009/12/31 20:17:36 | 00,043,504 | ---- | M] () -- C:\Users\chudneymiles\Desktop\[isoHunt] The Boondocks-(Uncut)-Season 1 and 2 Season 2 (Extras)-MILLIONDOLLAMAN1.torrent
[2009/12/31 20:15:27 | 00,000,744 | ---- | M] () -- C:\Users\chudneymiles\Desktop\µTorrent.lnk
[2009/12/30 20:28:24 | 00,021,723 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLEANING SOLUTIONS.docx
[2009/12/29 08:08:28 | 00,006,080 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\d3d9caps.dat
[2009/12/28 11:27:20 | 00,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/28 08:50:16 | 00,000,000 | ---- | M] () -- C:\Users\chudneymiles\Documents\Nuance Image Printer Writer Port
[2009/12/25 22:34:02 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 20:27:57 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 20:27:57 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TM.blf
[2009/12/19 15:35:41 | 00,015,433 | ---- | M] () -- C:\Users\chudneymiles\Documents\desmond.docx
[2009/12/17 06:34:33 | 00,049,152 | ---- | M] () -- C:\Users\chudneymiles\Desktop\CHOICE.EXE
[2009/12/17 05:54:23 | 00,001,879 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
[2009/12/17 05:54:23 | 00,001,861 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2009/12/17 05:08:47 | 13,218,1104 | ---- | M] (Research In Motion Ltd. ) -- C:\Users\chudneymiles\Desktop\9530AMEA_PBr5_1_.0.0_rel508_PL4.2.0.128_A5.0.0.328.exe
[2009/12/17 04:02:53 | 00,109,819 | ---- | M] () -- C:\Users\chudneymiles\Desktop\JL_Cmder v1.9.1.zip
[2009/12/16 08:32:03 | 00,024,576 | ---- | M] () -- C:\Users\chudneymiles\Documents\chudney ssi app.docx
[2009/12/16 08:31:33 | 00,016,266 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Adult Disability and Work H...pdf
[2009/12/16 08:18:01 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$M Resume.doc
[2009/12/16 06:42:19 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ far as my Manic depression.docx
[2009/12/15 10:32:42 | 00,012,096 | ---- | M] () -- C:\Users\chudneymiles\Documents\As far as my Manic depression.docx
[1 C:\Users\chudneymiles\Documents\*.tmp files -> C:\Users\chudneymiles\Documents\*.tmp -> ]
[1 C:\Users\chudneymiles\Desktop\*.tmp files -> C:\Users\chudneymiles\Desktop\*.tmp -> ]

========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 02:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/06/06 06:56:50 | 00,382,488 | ---- | M] (Intel Corporation) MD5=170CE3F0190702EA9EFDD2DD77130EF8 -- C:\hp\drivers\Intel_RAID\iastor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:0A051701
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\wii.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west test on halo.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west test on 2 halo.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\west pass.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\welcome letter.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\verizon.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\verizon order number.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\usbank.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\usaa.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\taxcut caleb.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\sstatefarm.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\silver certificate.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shops.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shopping list.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\shopper cert.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\santos.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\reciepes.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\professional[1].doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\prices.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\party saturday.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\Parent Info sheet1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\overnight.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\old w2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\number verzion.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\note for halo.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\no.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\nissan.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\nicole.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\new parent sheet.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\new jersey turnpike.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\NAVAL BASES.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\more research.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\mold.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\magonia.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\list.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\kriasat.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\kes.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\ir.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\info on baby.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\hsbc bank.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\hsbc bank dispute.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\HOW TO FILTER HALO.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\housing.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\house list.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\home.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\girls ssa.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\get.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\for kris.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\food list.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\fax number.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\dispute.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\diane'.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\denver housing.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\daycare1223.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\daycare.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\datcare.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\D1234370957.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\customer service.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\craigist babysit2.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\craigist babysit.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cox.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cox order number.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\Contract for Infants1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\consumer adjustmentdispute.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\consumer adjustment.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\come in get on waitingg list camp.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\church.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\chudney pay w2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\chris blackberry email.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\childcare6.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cheat codes.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certficsaat.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certfc.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\certf.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\cerf.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\care.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\camp.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb W2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb state.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\caleb 2008TaxReturn.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\blogg.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bin.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bedding for girls.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\bed 4 girlss.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\auctions.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\altima.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\aleb.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\ALBLUMS.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afbank.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afbank dispute3 13 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\chudneymiles\Documents\afb.txt:Roxio EMC Stream
@Alternate Data Stream - 452 bytes -> C:\ProgramData\TEMP:6283A8D3
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:4BBAA745
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:FC5A6A39
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:05E0618E
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:82591FF7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DA3FF453
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:904251FD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:1CF2F47C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:21192FCF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:B4DCBA8B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:9B285B76

< End of report >

Blade81
2010-01-14, 16:53
Hi,

Uninstall old Adobe Reader versions and get the latest one (9.3) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).

Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.

Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 17 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report.

chudneymiles
2010-01-14, 23:20
Java 6 15 will not remove, a window installer box pops up and it says the feature you are trying to use is on a network resource that is unavailable. Click OK to try again or enter an alternate path to a folder containing installation package "jre1.6.0_11-cl.msi" in the box below... I click Ok and same box comes up. Its still in my add remove programs.

I am currently doing the Kapersky online scan. I will post back with that as soon as it comes back.

Thank you

Blade81
2010-01-15, 16:35
Hi,

Let's try to remove old Java with JavaRa.

JavaRa ...by: Paul McLain and Fred de Vries
Please download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) © RaProducts.org and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Print these instructions...you won't have Internet access during this particular phase!
Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English or the appropriate language...and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.
Copy and paste the contents of the JavaRa log, in your next reply.

chudneymiles
2010-01-15, 21:44
JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Jan 15 14:39:33 2010

Found and removed: C:\Users\chudneymiles\AppData\LocalLow\Sun\Java\jre1.6.0_11

Found and removed: C:\Users\chudneymiles\AppData\LocalLow\Sun\Java\jre1.6.0_12

Found and removed: C:\Users\chudneymiles\AppData\LocalLow\Sun\Java\jre1.6.0_14

Found and removed: C:\Users\chudneymiles\AppData\LocalLow\Sun\Java\jre1.6.0_15

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Jan 15 14:39:44 2010

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Jan 15 14:39:56 2010

------------------------------------

Finished reporting.

chudneymiles
2010-01-15, 21:45
TY! I will now do my kaperspky scan again.

chudneymiles
2010-01-16, 02:27
I have been scanning for 4 hours, is that normal? I am at 86% now..

chudneymiles
2010-01-16, 02:30
Just as I posted the last message Kapersky completed.

Heres what we got.

Friday, January 15, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, January 15, 2010 19:30:18
Records in database: 3317788


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics
Objects scanned 209041
Threats found 5
Infected objects found 7
Suspicious objects found 0
Scan duration 04:24:35

File name Threat Threats count
C:\Users\chudneymiles\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\59af077c-587b6d0e Infected: Trojan-Downloader.Java.OpenConnection.at 1

C:\Users\chudneymiles\Documents\LimeWire\Incomplete\T-5188466-olivia bizounce 320k bitrate quality.snd Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Users\chudneymiles\Downloads\Adobe Acrobat Reader 9 Professional + PRO Patch.rar Infected: Trojan.Win32.Swisyn.tqm 2

C:\Users\chudneymiles\Downloads\comfort_remote(2).exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1

C:\Users\chudneymiles\Downloads\comfort_remote.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1

C:\Users\chudneymiles\Videos\ntload.dll Infected: Trojan-Spy.Win32.Vbot.b 1

Selected area has been scanned.

Blade81
2010-01-16, 13:01
Let's run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following



:Files
C:\Users\Public\Desktop\µTorrent.lnk
C:\ProgramData\dbvvomjc.bpt
C:\Users\chudneymiles\Desktop\[isoHunt] TurboTax_Home_and_Business_2009_REPACKED__AAOO_.5241162.TPB.torrent
C:\Users\chudneymiles\Desktop\[isoHunt] The Boondocks-(Uncut)-Season 1 and 2 Season 2 (Extras)-MILLIONDOLLAMAN1.torrent
C:\Users\chudneymiles\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\59af077c-587b6d0e
C:\Users\chudneymiles\Documents\LimeWire
C:\Users\chudneymiles\Downloads\Adobe Acrobat Reader 9 Professional + PRO Patch.rar
C:\Users\chudneymiles\Videos\ntload.dll
:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results and a new OTL log. Any issues left?

chudneymiles
2010-01-16, 21:03
ll processes killed
========== FILES ==========
File\Folder C:\Users\Public\Desktop\µTorrent.lnk not found.
C:\ProgramData\dbvvomjc.bpt moved successfully.
C:\Users\chudneymiles\Desktop\[isoHunt] TurboTax_Home_and_Business_2009_REPACKED__AAOO_.5241162.TPB.torrent moved successfully.
C:\Users\chudneymiles\Desktop\[isoHunt] The Boondocks-(Uncut)-Season 1 and 2 Season 2 (Extras)-MILLIONDOLLAMAN1.torrent moved successfully.
C:\Users\chudneymiles\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\59af077c-587b6d0e moved successfully.
C:\Users\chudneymiles\Documents\LimeWire\Store Purchased folder moved successfully.
C:\Users\chudneymiles\Documents\LimeWire\Saved\Pop Cap Games folder moved successfully.
C:\Users\chudneymiles\Documents\LimeWire\Saved\Jennifer Hudson - Jennifer Hudson (2008) - R&B - BigGod folder moved successfully.
C:\Users\chudneymiles\Documents\LimeWire\Saved folder moved successfully.
C:\Users\chudneymiles\Documents\LimeWire\Incomplete\BZD2KNGU6YQO2Z6SYEESYLTC5IDDHSI6\Ashanti-The_Vault-(Proper)-2009-VAG folder moved successfully.
C:\Users\chudneymiles\Documents\LimeWire\Incomplete\BZD2KNGU6YQO2Z6SYEESYLTC5IDDHSI6 folder moved successfully.
C:\Users\chudneymiles\Documents\LimeWire\Incomplete folder moved successfully.
C:\Users\chudneymiles\Documents\LimeWire folder moved successfully.
C:\Users\chudneymiles\Downloads\Adobe Acrobat Reader 9 Professional + PRO Patch.rar moved successfully.
C:\Users\chudneymiles\Videos\ntload.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ARTIST DELIGHTS
->Temp folder emptied: 18959030 bytes
->Temporary Internet Files folder emptied: 25517202 bytes
->Java cache emptied: 17132499 bytes
->FireFox cache emptied: 106175944 bytes

User: chudneymiles
->Temp folder emptied: 580259381 bytes
->Temporary Internet Files folder emptied: 71078299 bytes
->Java cache emptied: 148809365 bytes
->FireFox cache emptied: 102934567 bytes
->Apple Safari cache emptied: 90819 bytes
->Opera cache emptied: 67695461 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DZH~1.OLY

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34070 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1486504 bytes

Total Files Cleaned = 1,087.00 mb


OTL by OldTimer - Version 3.1.25.2 log created on 01162010_133709

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUN917JA\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D99IXHUE\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2RFYY25\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VC7YTMV\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

chudneymiles
2010-01-16, 21:06
Internet explorer is working fine... I deleted u torrent. This computer cost way to much for me to ruin it. TY and here is olt.txt Should I delete the u torrent files?

OTL logfile created on: 1/16/2010 1:54:16 PM - Run 3
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\chudneymiles\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.79 Gb Total Space | 24.31 Gb Free Space | 8.48% Space Free | Partition Type: NTFS
Drive D: | 11.30 Gb Total Space | 1.52 Gb Free Space | 13.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEMILES
Current User Name: chudneymiles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\chudneymiles\Downloads\OTL(4).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
PRC - C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
PRC - C:\Windows\SysWOW64\OSDForm.exe ()
PRC - C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\chudneymiles\Downloads\OTL(4).exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll ()
SRV - (iPod Service) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HP Touch Screen Enhance) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
SRV - (HP Health Check Service) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 00,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys ()
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys ()
DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\DRIVERS\rcmirror.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys ()
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys ()
DRV:64bit: - (ACPIService) -- C:\Windows\SysNative\DRIVERS\OSDACPI.SYS ()
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys ()
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys ()
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys ()
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys ()
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys ()
DRV:64bit: - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\DRIVERS\bthpan.sys ()
DRV:64bit: - (winusb) -- C:\Windows\SysNative\DRIVERS\winusb.sys ()
DRV:64bit: - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys ()
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys ()
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
DRV - (winusb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=crossfire&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\Firefox [2009/12/01 16:40:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/12/01 16:40:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/15 14:07:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/14 15:40:03 | 00,000,000 | ---D | M]

[2009/03/05 23:55:09 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Extensions
[2009/03/05 23:55:09 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/16 09:32:41 | 00,000,000 | ---D | M] -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions
[2009/07/28 21:01:31 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/14 15:48:46 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/01/04 02:44:15 | 00,002,186 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\Mozilla\Firefox\Profiles\ch2ut94r.default\searchplugins\bing.xml
[2010/01/16 09:32:41 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/14 15:35:34 | 00,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 00,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Buttons & OSDs control application gen2] C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FPCCSMiddleware] C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP KEYBOARD] C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [HPSmartCenterBoot] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe (Hewlett-Packard)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} http://www.shockwave.com/content/diaperdash/sis/DiaperDashWeb.1.0.0.4.cab (CPlayFirstDiaperDashControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.na.blackberry.com/html/web/client_tools/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\chp.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\chp.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{191203ef-79a1-11de-ba2d-0021867c1f84}\Shell - "" = AutoRun
O33 - MountPoints2\{191203ef-79a1-11de-ba2d-0021867c1f84}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1a66da45-6205-11de-abac-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{1a66da45-6205-11de-abac-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{91d4cfa4-c090-11de-9797-0021867c1f84}\Shell - "" = AutoRun
O33 - MountPoints2\{91d4cfa4-c090-11de-9797-0021867c1f84}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
O33 - MountPoints2\{b160490a-4b14-11de-b049-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{b160490a-4b14-11de-b049-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{caa6ed2f-3742-11de-923c-0021867c1f84}\Shell\AutoRun\command - "" = H:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{caa6ed2f-3742-11de-923c-0021867c1f84}\Shell\slacker\command - "" = H:\slacker.synclauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/16 13:37:09 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/14 15:36:01 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\Foxit
[2010/01/14 15:23:10 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2010/01/14 14:30:43 | 16,372,000 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\jre-6u18-windows-x64.exe
[2010/01/14 14:30:11 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\.SunDownloadManager
[2010/01/13 01:11:41 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/01/13 01:11:41 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/01/11 18:55:01 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\kBilling Company File Backup
[2010/01/11 17:15:12 | 00,581,632 | ---- | C] (Christian Werner Software & Consulting) -- C:\Windows\SysWow64\sqlite3odbc.dll
[2010/01/11 17:15:07 | 00,000,000 | ---D | C] -- C:\ProgramData\kBilling
[2010/01/10 03:01:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/01/08 14:39:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\kBilling
[2010/01/08 14:36:44 | 00,000,000 | ---D | C] -- C:\1d46e260dcf7a5394c623ba6e768
[2010/01/06 17:39:55 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/06 17:39:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/01/06 17:27:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/01/06 16:33:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/06 16:33:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/01/05 10:13:28 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\carmiles
[2010/01/05 10:13:16 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\New Folder (2)
[2010/01/05 10:02:54 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\SmartDraw
[2010/01/05 10:02:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SmartDraw 2010
[2010/01/04 21:23:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/01/04 17:46:10 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\Malwarebytes
[2010/01/04 17:46:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/04 17:46:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/01/04 17:46:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/04 13:36:02 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/01/04 13:22:16 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/01/04 13:22:16 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/01/04 13:22:16 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/01/04 13:22:15 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/01/04 13:22:15 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/01/04 13:22:14 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/01/04 13:22:14 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/01/04 13:22:14 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/01/04 13:22:13 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/01/04 13:22:13 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/01/04 13:22:12 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/01/04 13:22:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/01/04 13:22:11 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/01/04 13:22:06 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/01/04 13:22:06 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/01/04 13:20:25 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2010/01/04 13:20:25 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2010/01/04 13:20:24 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2010/01/04 13:20:24 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2010/01/04 13:20:24 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll
[2010/01/04 13:20:23 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2010/01/04 13:20:21 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/01/04 13:20:21 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2010/01/04 13:20:21 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2010/01/04 13:20:21 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2010/01/04 13:20:19 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/01/04 13:20:19 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2010/01/04 13:20:19 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2010/01/04 13:20:19 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2010/01/04 13:20:18 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/01/04 13:20:18 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2010/01/04 13:20:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2010/01/04 13:20:18 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2010/01/04 13:20:18 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/01/04 13:20:18 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/01/04 13:20:17 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/01/04 13:20:17 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe
[2010/01/04 13:20:16 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2010/01/04 13:20:16 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2010/01/04 13:20:15 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/01/04 13:20:15 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2010/01/04 13:20:14 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010/01/04 13:20:14 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe
[2010/01/04 13:20:14 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2010/01/04 13:20:14 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2010/01/04 13:20:14 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
[2010/01/04 01:22:48 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\Documents\TurboTax
[2010/01/04 01:19:54 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Roaming\Intuit
[2010/01/04 01:19:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2010/01/04 01:14:08 | 00,000,000 | ---D | C] -- C:\Users\chudneymiles\AppData\Local\IsolatedStorage
[2010/01/04 01:14:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2010/01/04 01:14:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2010/01/04 01:12:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
[2010/01/03 21:38:15 | 00,000,000 | ---D | C] -- C:\Windows\Hotel Dash Suite Success
[2010/01/03 21:38:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hotel Dash Suite Success
[2010/01/02 23:22:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo! Games
[2009/11/20 17:56:27 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\chudneymiles\AppData\Roaming\pcouffin.sys
[3 C:\Users\chudneymiles\Documents\*.tmp files -> C:\Users\chudneymiles\Documents\*.tmp -> ]
[1 C:\Users\chudneymiles\Desktop\*.tmp files -> C:\Users\chudneymiles\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/16 13:53:30 | 05,505,024 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat
[2010/01/16 13:51:17 | 00,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2010/01/16 13:48:20 | 00,000,478 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/01/16 13:46:51 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/16 13:46:51 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/16 13:46:44 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/16 13:46:39 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/16 13:45:34 | 00,004,775 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/16 13:45:29 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/16 13:45:29 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TM.blf
[2010/01/16 13:45:22 | 03,462,098 | -H-- | M] () -- C:\Users\chudneymiles\AppData\Local\IconCache.db
[2010/01/16 02:17:27 | 00,035,131 | ---- | M] () -- C:\Users\chudneymiles\Documents\psychology chapter 2.docx
[2010/01/16 00:42:28 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{083DAF79-A533-47B8-8521-868AF2AE6BD5}.job
[2010/01/15 19:28:01 | 00,004,148 | ---- | M] () -- C:\Users\chudneymiles\Desktop\kaper scan2.html
[2010/01/15 19:27:51 | 00,004,148 | ---- | M] () -- C:\Users\chudneymiles\Desktop\kaper scan.html
[2010/01/15 17:56:59 | 00,008,873 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Michael Lee & Bridgett Lee I1457.pdf
[2010/01/15 17:56:43 | 00,081,920 | ---- | M] () -- C:\Users\chudneymiles\Documents\C&C HOME & CLEANING SOLUTIONS.kpd
[2010/01/15 17:54:54 | 00,025,606 | ---- | M] () -- C:\Users\chudneymiles\Documents\Gretna Green Drive.docx
[2010/01/15 17:54:39 | 00,068,745 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Gretna Green Dr.pdf
[2010/01/15 17:28:27 | 00,027,141 | ---- | M] () -- C:\Users\chudneymiles\Documents\Details.docx
[2010/01/15 16:57:57 | 00,000,248 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/01/15 12:29:34 | 00,090,526 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Student Detail Schedule.pdf
[2010/01/15 12:03:23 | 00,760,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/15 12:03:23 | 00,645,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/15 12:03:23 | 00,119,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/15 07:49:57 | 00,446,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/15 00:08:23 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$etails.docx
[2010/01/14 21:31:11 | 00,123,040 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/14 15:45:50 | 00,001,848 | ---- | M] () -- C:\Users\chudneymiles\Desktop\NSSstub.lnk
[2010/01/14 15:36:02 | 00,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/01/14 15:23:15 | 00,455,680 | ---- | M] () -- C:\Windows\SysNative\deploytk.dll
[2010/01/14 15:23:15 | 00,181,760 | ---- | M] () -- C:\Windows\SysNative\javaws.exe
[2010/01/14 15:23:15 | 00,165,888 | ---- | M] () -- C:\Windows\SysNative\javaw.exe
[2010/01/14 15:23:15 | 00,165,888 | ---- | M] () -- C:\Windows\SysNative\java.exe
[2010/01/14 14:30:51 | 16,372,000 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\jre-6u18-windows-x64.exe
[2010/01/13 23:28:57 | 00,008,871 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1456.pdf
[2010/01/13 02:41:32 | 00,010,532 | ---- | M] () -- C:\Users\chudneymiles\Documents\My goals are not as complex as most.docx
[2010/01/12 18:02:22 | 00,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/11 22:02:39 | 00,010,517 | ---- | M] () -- C:\Users\chudneymiles\Documents\Letrisha I1002.pdf
[2010/01/11 20:06:27 | 00,086,016 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/11 19:28:33 | 00,008,737 | ---- | M] () -- C:\Users\chudneymiles\Documents\Michael Lee & Bridgett Lee I1001.pdf
[2010/01/11 19:17:10 | 00,008,377 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Michael Lee & Bridgett Lee I1001.pdf
[2010/01/11 17:15:12 | 00,000,191 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2010/01/11 17:15:11 | 00,001,622 | ---- | M] () -- C:\Users\Public\Desktop\kBilling.lnk
[2010/01/10 19:23:57 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ychology chapter 2.docx
[2010/01/10 03:19:08 | 00,001,600 | ---- | M] () -- C:\Users\chudneymiles\Desktop\MagicISO.lnk
[2010/01/10 02:17:58 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/01/09 00:41:22 | 00,833,002 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8345.JPG
[2010/01/09 00:41:08 | 00,847,598 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8350.JPG
[2010/01/09 00:40:57 | 00,717,037 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8344.JPG
[2010/01/09 00:40:38 | 00,820,746 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8348.JPG
[2010/01/09 00:40:19 | 00,687,458 | ---- | M] () -- C:\Users\chudneymiles\Documents\DSCN8340.JPG
[2010/01/08 22:59:29 | 00,001,831 | ---- | M] () -- C:\Users\chudneymiles\Desktop\kBilling.lnk
[2010/01/08 21:37:59 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904585-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 19:18:26 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 19:18:26 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TM.blf
[2010/01/08 19:18:17 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{c7904502-fc9c-11de-80b4-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 18:51:32 | 00,098,748 | ---- | M] () -- C:\Users\chudneymiles\Documents\f psychology test.docx
[2010/01/08 18:51:32 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$psychology test.docx
[2010/01/08 15:40:04 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 15:40:04 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TM.blf
[2010/01/08 15:26:32 | 00,068,608 | ---- | M] () -- C:\Users\chudneymiles\Documents\C & C Cleaning Solution.kpd
[2010/01/07 22:16:05 | 00,001,041 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\vso_ts_preview.xml
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/07 16:07:06 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/07 01:09:56 | 00,000,768 | ---- | M] () -- C:\Users\chudneymiles\AppData\Roaming\wklnhst.dat
[2010/01/06 17:39:39 | 00,000,725 | ---- | M] () -- C:\Users\chudneymiles\Desktop\NTREGOPT.lnk
[2010/01/06 17:39:39 | 00,000,706 | ---- | M] () -- C:\Users\chudneymiles\Desktop\ERUNT.lnk
[2010/01/06 17:27:07 | 00,001,890 | ---- | M] () -- C:\Users\chudneymiles\Desktop\HijackThis.lnk
[2010/01/05 12:25:46 | 03,293,062 | ---- | M] () -- C:\Users\chudneymiles\Documents\Doc1.docx
[2010/01/05 12:25:46 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$Doc1.docx
[2010/01/05 10:02:51 | 00,000,855 | ---- | M] () -- C:\Users\chudneymiles\Desktop\SmartDraw 2010.lnk
[2010/01/04 22:45:11 | 02,279,985 | ---- | M] () -- C:\Users\chudneymiles\Documents\chapter 7 Patricia.pdf
[2010/01/04 22:44:48 | 02,348,725 | ---- | M] () -- C:\Users\chudneymiles\Documents\ch7volpp.pdf
[2010/01/04 20:46:06 | 00,046,080 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLMC Resume.doc
[2010/01/04 20:13:35 | 00,047,104 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLM Resume.doc
[2010/01/04 17:46:07 | 00,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/04 13:39:09 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$udney ssi app.docx
[2010/01/04 13:13:31 | 00,000,162 | -H-- | M] () -- C:\Users\chudneymiles\Documents\~$ads.docx
[2010/01/04 01:16:48 | 00,001,914 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/01/03 21:38:23 | 00,001,851 | ---- | M] () -- C:\Users\chudneymiles\Desktop\Hotel Dash Suite Success.lnk
[2010/01/03 17:12:43 | 00,012,111 | ---- | M] () -- C:\Users\chudneymiles\Documents\move in.docx
[2010/01/03 17:12:25 | 00,020,314 | ---- | M] () -- C:\Users\chudneymiles\Documents\ads.docx
[2010/01/03 15:16:54 | 00,010,655 | ---- | M] () -- C:\Users\chudneymiles\Documents\email list.docx
[2010/01/02 23:22:10 | 00,001,340 | ---- | M] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
[2009/12/30 20:28:24 | 00,021,723 | ---- | M] () -- C:\Users\chudneymiles\Documents\CLEANING SOLUTIONS.docx
[2009/12/29 08:08:28 | 00,006,080 | ---- | M] () -- C:\Users\chudneymiles\AppData\Local\d3d9caps.dat
[2009/12/28 11:27:20 | 00,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/28 08:50:16 | 00,000,000 | ---- | M] () -- C:\Users\chudneymiles\Documents\Nuance Image Printer Writer Port
[2009/12/25 22:34:02 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{cce2102c-f098-11de-b893-0021867c1f84}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 20:27:57 | 00,524,288 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 20:27:57 | 00,065,536 | -HS- | M] () -- C:\Users\chudneymiles\ntuser.dat{344eaabc-b6b5-11de-b61e-0021867c1f84}.TM.blf
[2009/12/19 15:35:41 | 00,015,433 | ---- | M] () -- C:\Users\chudneymiles\Documents\desmond.docx
[3 C:\Users\chudneymiles\Documents\*.tmp files -> C:\Users\chudneymiles\Documents\*.tmp -> ]
[1 C:\Users\chudneymiles\Desktop\*.tmp files -> C:\Users\chudneymiles\Desktop\*.tmp -> ]

Blade81
2010-01-16, 21:23
Yes, delete torrent files.

Let's see the final steps unless there's some issue left :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.




Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.


hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok

Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html)
Good commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

chudneymiles
2010-01-18, 01:15
YEs, Thank you I am install updates now and IE is running great TY TY TY.... :thanks:

Blade81
2010-01-18, 16:11
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.