Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

At work, ESET Smart Security causes BSOD during startup on my PC only.


  • This topic is locked This topic is locked
26 replies to this topic

#1 suitzetter

suitzetter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 09 March 2011 - 12:35 PM

Here at work, our organizations has switched from Symantec to Eset Smart Security. For some reason, on my PC only, after installing and restarting, I get a BSOD right after the "Applying Personal Settings" dialog goes away. The BSOD occurs in e1e5132.sys which has something to do with the network driver. Installing Eset Anti-Virus (not Smart Security) works. The difference between "Smart Security" and "Anti-Virus" seems to be network protection.

Normally, I wouldn't immediately think malware, but, since only my PC was affect, I tried scanning with GMER and I got a BSODduring the scan. So then tried Sophos Anti-Rootkit and *that* gave a BSOD too.

Here's my stuff (as I said GMER gave BSOD, so that log is not attached, obviously)

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by SUitzetter at 11:53:53.17 on Wed 03/09/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3324.2285 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\sigmatel\c-major audio\wdm\STacSV.exe
D:\Projects\Vicon33\trunk\ViComp\DotNet\ViconSQLSetup\ViconSQLService\bin\x86\Debug\ViconSQLService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ClipX\clipx.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\FreeWheel\FreeWheel.exe
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe
C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SUitzetter\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = server:8002
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Agent Ransack Keyboard Hook: {b23edae2-2a36-4c87-aefd-b6801b6c6584} - c:\program files\mythicsoft\agent ransack\ShellExt.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Thunderbird] "c:\program files\mozilla thunderbird\thunderbird" -turbo
uRun: [Google Update] "c:\documents and settings\suitzetter\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [ClipX] c:\program files\clipx\clipx.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
StartupFolder: c:\docume~1\suitze~1\startm~1\programs\startup\freewh~1.lnk - c:\program files\freewheel\FreeWheel.exe
StartupFolder: c:\docume~1\suitze~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
mPolicies-system: disablecad = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251921152523
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252066276336
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {6DE5898C-4437-4045-9E9C-D995170C46C3} = 192.168.200.5
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks enterprise solutions 10.0\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PCANotify - PCANotify.dll
AppInit_DLLs: HookDLL.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\suitze~1\applic~1\mozilla\firefox\profiles\vqii5u3y.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=374563&p=
FF - plugin: c:\documents and settings\suitzetter\application data\mozilla\firefox\profiles\vqii5u3y.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\suitzetter\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
.
============= SERVICES / DRIVERS ===============
.
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-4-21 10901]
R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2008-2-1 191616]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2009-9-3 8576]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-3-7 109728]
R2 MSSQL$VICONSQL;SQL Server (VICONSQL);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 ViconSQLService;ViconSQLService;d:\projects\vicon33\trunk\vicomp\dotnet\viconsqlsetup\viconsqlservice\bin\x86\debug\ViconSQLService.exe [2011-1-6 11264]
R3 esihdrv;esihdrv;\??\c:\docume~1\suitze~1\locals~1\temp\esihdrv.sys --> c:\docume~1\suitze~1\locals~1\temp\esihdrv.sys [?]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2009-9-3 40448]
R3 rockusb;ROCKUSB;c:\windows\system32\drivers\RockUsb.sys [2010-10-15 23384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2006-11-9 30032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2003-5-29 106496]
S3 B-Service;B-Service;c:\documents and settings\sherman uitzetter.meadville\application data\mikogo\b-service.exe --> c:\documents and settings\sherman uitzetter.meadville\application data\mikogo\B-Service.exe [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 COGMQU;COGMQU;c:\docume~1\suitze~1\locals~1\temp\cogmqu.exe --> c:\docume~1\suitze~1\locals~1\temp\COGMQU.exe [?]
S3 GWBVEWGSLMQRA;GWBVEWGSLMQRA;c:\docume~1\suitze~1\locals~1\temp\gwbvewgslmqra.exe --> c:\docume~1\suitze~1\locals~1\temp\GWBVEWGSLMQRA.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\14.tmp --> c:\windows\system32\14.tmp [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-1-18 109328]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\vboxusb.sys --> c:\windows\system32\drivers\VBoxUSB.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336]
S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-5-5 24365]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1.0\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1.0\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
.
=============== Created Last 30 ================
.
2011-03-09 16:04:40 -------- d-----w- C:\ESET_LOGS
2011-03-09 13:12:29 296448 ----a-w- C:\kikkp66p.exe
2011-03-09 10:42:13 270848 -c----w- c:\windows\system32\dllcache\sbe.dll
2011-03-09 10:42:13 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
2011-03-08 21:17:39 -------- d-----w- c:\docume~1\suitze~1\applic~1\FixIt
2011-03-08 20:25:52 -------- d-----w- c:\program files\Sophos
2011-03-08 18:29:53 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2011-03-08 18:29:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-08 16:39:38 57856 ----a-w- c:\windows\system32\CRVIEWER.oca
2011-03-08 15:33:51 -------- d-----w- C:\ESET_LOGS older
2011-03-07 19:27:05 -------- d-----w- c:\docume~1\suitze~1\applic~1\ESET
2011-03-07 17:54:04 109728 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-03-07 15:59:04 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\ESET
2011-03-07 15:09:44 -------- d-----w- c:\program files\ESET
2011-03-01 13:51:59 -------- d-----w- c:\documents and settings\all users.windows\Microsoft
2011-03-01 13:42:58 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-02-25 20:13:07 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\Microsoft Help
2011-02-25 12:58:07 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\Adobe
2011-02-24 14:59:10 -------- d-----w- c:\docume~1\suitze~1\applic~1\Key Metric Software
2011-02-24 14:45:59 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Caphyon
2011-02-24 14:45:57 -------- d-----w- c:\program files\Key Metric Software
2011-02-24 14:45:57 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Key Metric Software
2011-02-24 14:15:54 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\Temp
2011-02-24 14:15:16 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\Deployment
2011-02-21 16:55:37 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\IsolatedStorage
2011-02-21 14:54:15 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\assembly
2011-02-21 14:51:09 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\Plasma_Automation_Inc
2011-02-21 13:30:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-21 13:24:14 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\Mozilla
2011-02-21 13:01:34 281600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp093.DLL
2011-02-21 13:01:34 161280 ----a-w- c:\windows\system32\hpcpn093.dll
2011-02-21 13:01:33 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2011-02-21 13:00:36 -------- d-----w- c:\program files\HP
2011-02-21 13:00:33 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-02-21 13:00:33 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-02-21 12:58:41 331776 ----a-w- c:\windows\system32\hppcpr13.dll
2011-02-16 15:00:56 -------- d-----w- c:\windows\system32\winrm
2011-02-16 15:00:51 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-02-16 04:40:17 179712 -c----w- c:\windows\system32\dllcache\mrxdav.sys
2011-02-16 04:40:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2011-02-15 18:14:50 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\Thunderbird
2011-02-15 18:14:45 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\Apple Computer
2011-02-15 18:14:37 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\Google
2011-02-15 18:14:25 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\Symantec
2011-02-15 18:14:08 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\TSVNCache
2011-02-15 18:14:00 -------- d-----w- c:\docume~1\suitze~1\locals~1\applic~1\Microsoft
2011-02-15 15:36:12 3584 ----a-r- c:\docume~1\suitze~1\applic~1\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2011-02-15 15:36:11 8192 ----a-r- c:\docume~1\suitze~1\applic~1\microsoft\installer\{e4b0e70b-0cb3-4e25-939a-3f0e3ad4a28f}\Icon828E6FA2.exe
2011-02-15 15:36:11 65536 ----a-r- c:\docume~1\suitze~1\applic~1\microsoft\installer\{f428d0fb-765d-40eb-bdd8-a1e7f5c597fa}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2011-02-15 15:36:11 299008 ----a-r- c:\docume~1\suitze~1\applic~1\microsoft\installer\{e4b0e70b-0cb3-4e25-939a-3f0e3ad4a28f}\Icon828E6FA23.exe
2011-02-15 15:36:00 162680 ---ha-w- c:\docume~1\suitze~1\applic~1\microsoft\virtual pc\VPCKeyboard.dll
2011-02-15 15:01:35 1683456 ----a-w- c:\documents and settings\suitzetter\FahCore_82.exe
2011-02-07 19:53:48 43008 ----a-w- c:\windows\system32\MSMAPI32.oca
.
==================== Find3M ====================
.
2011-03-08 16:39:39 266752 ----a-w- c:\windows\system32\MSCOMCTL.oca
2011-02-21 13:30:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-12 03:04:20 183296 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-01-12 02:56:10 659576 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-01-12 02:56:02 514168 ----a-w- c:\windows\system32\accesor.dll
2011-01-12 02:25:06 135288 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-01-12 02:01:24 1930360 ----a-w- c:\windows\system32\ncscolib.dll
2011-01-11 18:51:54 266440 ----a-w- c:\windows\system32\Prounstl.exe
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-22 11:20:27 36864 ------w- c:\windows\system32\tsgqec.dll
2010-12-22 11:20:27 2690560 ----a-w- c:\windows\system32\mstscax.dll
2010-12-22 11:20:27 130560 ------w- c:\windows\system32\aaclient.dll
2010-12-21 11:26:10 1034240 ----a-w- c:\windows\system32\mstsc.exe
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 11:55:16.25 ===============

BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:48 PM

Posted 14 March 2011 - 09:57 AM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#3 suitzetter

suitzetter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 14 March 2011 - 01:15 PM

Awesome, thanks in advance for helping me out.

I downloaded OTL.exe from the mirror link. It downloaded into my "Downloads" folder. I moved it to the desktop.

When I double-click it, I get this error message: "C:\[...]\Desktop\OTL.exe is not a valid Win32 application"

I tried downloading OTL.exe again (from the same link) and now I get redirected (by our SonicWall router) to a page that says:

"Gateway Anti-Virus Alert

This request is blocked by the SonicWALL Gateway Anti-Virus Service. Name: Emold.U (Worm)"

Not sure what's going on, but this seems really odd.

#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:48 PM

Posted 14 March 2011 - 01:22 PM

Hi-

Have you talked with your IT support folks about asking for help on the outside? Most IT organizations will not allow it.
Shannon

#5 suitzetter

suitzetter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 14 March 2011 - 01:42 PM

This is a very small company. The IT staff consists of another guy and me (and sometimes a contractor when something major needs to be done). We're not full-time IT, we're actually programmers. We're called upon to handle the IT tasks when necessary. The affected computer is my development machine.

#6 suitzetter

suitzetter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 14 March 2011 - 02:05 PM

If I right-click on the OTL download link and choose "Save As..." I don't get the SonicWall error and the downloaded exe at least launches.

Unfortunately, all it does is show a blank console window and an error dialog pops-up. The error dialog is entitled "16 bit MS-DOS Subsystem" and the error says:

C:\DOCUME~1\...\Desktop\OTL.exe
The NTVDM CPU has encountered an illegal instruction
CS:0eca IP:015c OP:63 68 65 22 3e Choose 'Close' to terminate the application.


There's two buttons on the dialog "Close" and "Ignore". "Close" exits the application. "Ignore" just brings the same error back with different CS, IP, and OP numbers. I've tried hitting "Ignore" a bunch of times, but all I get is error after error.

#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:48 PM

Posted 14 March 2011 - 02:24 PM

Hi-

Try OTL in safe mode. This can be done by tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Shannon

#8 suitzetter

suitzetter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 14 March 2011 - 03:12 PM

Rebooted into safe mode.

Logged-in as Administrator (my usual domain account wouldn't work without networking).

Launched OTL and got the same "16 bit MS-DOS Subsystem" error.

#9 suitzetter

suitzetter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 15 March 2011 - 06:56 AM

Well, this is interesting... on the chance that whatever has infected my computer was corrupting the OTL executable, I downloaded it at home, renamed it, zipped it up and sent it to myself here at work. That copy I received from myself, started-up no problem.

Here are the two logs generated by OTL.exe:


OTL logfile created on: 3/15/2011 7:48:57 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\SUitzetter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 8192 16384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 67.78 Gb Free Space | 45.47% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 158.92 Gb Free Space | 34.12% Space Free | Partition Type: NTFS

Computer Name: PROGRAMMING-3B | User Name: SUitzetter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/11 02:50:03 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/03/07 08:51:51 | 012,587,696 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/03/06 14:01:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SUitzetter\Desktop\blah2.exe
PRC - [2011/03/03 19:40:30 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/02/25 10:03:29 | 000,011,264 | ---- | M] (Plasma Automation Inc.) -- D:\Projects\Vicon33\trunk\ViComp\DotNet\ViconSQLSetup\ViconSQLService\bin\x86\Debug\ViconSQLService.exe
PRC - [2011/01/12 17:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 17:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/12/06 13:00:06 | 000,109,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2010/09/14 10:27:26 | 001,275,624 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2010/04/03 14:05:46 | 000,380,928 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) -- c:\Program Files\SigmaTel\C-Major Audio\wdm\stacsv.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/11/30 17:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
PRC - [1999/10/28 01:09:14 | 000,229,376 | ---- | M] (Midnight Oil) -- C:\Program Files\FreeWheel\FreeWheel.exe


========== Modules (SafeList) ==========

MOD - [2011/03/14 16:04:01 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Local Settings\Temp\frw2.tmp
MOD - [2011/03/06 14:01:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SUitzetter\Desktop\blah2.exe
MOD - [2010/09/15 14:29:52 | 000,047,864 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\Hooks\DisplayFusionHookx86_ed573952-37e9-49d8-97a2-4ea6955c051e.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/11/21 04:34:40 | 000,007,744 | ---- | M] (Altiris) -- C:\WINDOWS\system32\HookDll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (GWBVEWGSLMQRA)
SRV - File not found [On_Demand | Stopped] -- -- (COGMQU)
SRV - File not found [On_Demand | Stopped] -- -- (B-Service)
SRV - [2011/02/25 10:03:29 | 000,011,264 | ---- | M] (Plasma Automation Inc.) [Auto | Running] -- D:\Projects\Vicon33\trunk\ViComp\DotNet\ViconSQLSetup\ViconSQLService\bin\x86\Debug\ViconSQLService.exe -- (ViconSQLService)
SRV - [2011/01/12 17:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 17:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/12/06 13:00:06 | 000,109,728 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®
SRV - [2008/07/29 13:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\SigmaTel\C-Major Audio\wdm\stacsv.exe -- (STacSV)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - [2011/01/18 18:43:26 | 000,109,328 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/12/21 16:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/12/21 16:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 14:47:38 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/12/08 07:34:30 | 000,030,368 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2010/09/08 15:42:16 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2010/05/27 13:37:06 | 004,830,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/03 12:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/12/08 21:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2008/05/20 19:53:36 | 000,093,696 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/02/05 01:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008/02/01 15:50:24 | 000,191,616 | ---- | M] (Altiris, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2007/03/23 02:00:14 | 000,030,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\XPVCOM.sys -- (xpvcom)
DRV - [2005/12/02 20:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/11/29 03:07:58 | 000,040,448 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IAMTXP.sys -- (IAMTXP) Driver for Intel®
DRV - [2002/08/20 20:35:30 | 000,023,384 | ---- | M] (FeiTian New Tech Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RockUsb.sys -- (rockusb)
DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)
DRV - [2001/12/10 05:00:00 | 000,018,223 | ---- | M] (FeiTian Tech Co.,Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Rockeynt.sys -- (ROCKEYNT)
DRV - [2001/06/18 18:44:20 | 000,006,592 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Ds1410d.sys -- (DS1410D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-1202660629-854245398-1172\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-1004336348-1202660629-854245398-1172\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1004336348-1202660629-854245398-1172\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1004336348-1202660629-854245398-1172\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1004336348-1202660629-854245398-1172\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1004336348-1202660629-854245398-1172\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = server:8002
IE - HKU\S-1-5-21-1004336348-1202660629-854245398-1172\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = server

IE - HKU\S-1-5-21-3840939107-1243498262-4025802620-1631\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-3840939107-1243498262-4025802620-1631\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3840939107-1243498262-4025802620-1631\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3840939107-1243498262-4025802620-1631\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3840939107-1243498262-4025802620-1631\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3840939107-1243498262-4025802620-1631\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = server:8002
IE - HKU\S-1-5-21-3840939107-1243498262-4025802620-1631\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = server

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=374563&p="
FF - prefs.js..network.proxy.http: "SERVER"
FF - prefs.js..network.proxy.http_port: 8002

FF - HKLM\software\mozilla\Firefox\Extensions\\{F1D25516-5760-4E18-A212-2EF5C7B768D5}: C:\Documents and Settings\Sherman Uitzetter.MEADVILLE\Local Settings\Application Data\{F1D25516-5760-4E18-A212-2EF5C7B768D5}
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/03 08:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/03 08:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/07 08:51:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/03/11 14:32:45 | 000,000,000 | ---D | M]

[2010/10/08 07:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SUitzetter\Application Data\Mozilla\Extensions
[2010/10/08 07:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SUitzetter\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/14 16:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SUitzetter\Application Data\Mozilla\Firefox\Profiles\vqii5u3y.default\extensions
[2010/04/27 12:44:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SUitzetter\Application Data\Mozilla\Firefox\Profiles\vqii5u3y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/28 09:13:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\SUitzetter\Application Data\Mozilla\Firefox\Profiles\vqii5u3y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/24 10:15:51 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\SUitzetter\Application Data\Mozilla\Firefox\Profiles\vqii5u3y.default\extensions\LogMeInClient@logmein.com
[2011/03/10 14:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/21 09:30:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/10 14:14:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/08 08:54:47 | 000,430,616 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14825 more lines...
O2 - BHO: (Agent Ransack Keyboard Hook) - {B23EDAE2-2A36-4c87-AEFD-B6801B6C6584} - C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll (Mythicsoft Ltd)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ClipX] C:\Program Files\ClipX\clipx.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\S-1-5-21-1004336348-1202660629-854245398-1172..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-1004336348-1202660629-854245398-1172..\Run: [Google Update] File not found
O4 - HKU\S-1-5-21-1004336348-1202660629-854245398-1172..\Run: [Thunderbird] C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O4 - HKU\S-1-5-21-3840939107-1243498262-4025802620-1631..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-3840939107-1243498262-4025802620-1631..\Run: [Thunderbird] C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Firewall Client Management.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk = File not found
O4 - Startup: C:\Documents and Settings\SUitzetter\Start Menu\Programs\Startup\FreeWheel.lnk = C:\Program Files\FreeWheel\FreeWheel.exe (Midnight Oil)
O4 - Startup: C:\Documents and Settings\SUitzetter\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-1202660629-854245398-1172\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004336348-1202660629-854245398-1172\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-1202660629-854245398-1172\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = EF FF FF 01 [binary data]
O7 - HKU\S-1-5-21-1004336348-1202660629-854245398-1172\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3840939107-1243498262-4025802620-1631\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3840939107-1243498262-4025802620-1631\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3840939107-1243498262-4025802620-1631\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = EF FF FF 01 [binary data]
O7 - HKU\S-1-5-21-3840939107-1243498262-4025802620-1631\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251921152523 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252066276336 (MUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Plasma.Local
O20 - AppInit_DLLs: (HookDLL.DLL) - C:\WINDOWS\System32\HookDll.dll (Altiris)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/13 12:48:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/15 07:46:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SUitzetter\Desktop\blah2.exe
[2011/03/15 07:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\blah
[2011/03/14 08:42:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/03/14 08:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Downloaded Installations
[2011/03/11 14:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET
[2011/03/11 14:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
[2011/03/10 14:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/10 14:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
[2011/03/10 09:20:29 | 000,000,000 | ---D | C] -- C:\symbols
[2011/03/10 09:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Debugging Tools for Windows (x86)
[2011/03/10 09:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2011/03/10 09:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Windows SDK v7.1
[2011/03/09 16:57:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/09 15:50:23 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2011/03/09 15:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\ESET
[2011/03/09 15:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/09 15:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\SystemRequirementsLab
[2011/03/09 12:04:40 | 000,000,000 | ---D | C] -- C:\ESET_LOGS
[2011/03/08 17:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\FixIt
[2011/03/08 16:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/03/08 14:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2011/03/08 14:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
[2011/03/08 14:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/08 11:33:51 | 000,000,000 | ---D | C] -- C:\ESET_LOGS older
[2011/03/08 11:26:28 | 002,676,504 | ---- | C] (ESET) -- C:\Documents and Settings\SUitzetter\Desktop\SysInspector.exe
[2011/03/07 16:07:17 | 027,791,832 | ---- | C] (Intel ) -- C:\Documents and Settings\SUitzetter\Desktop\PROWin32.exe
[2011/03/07 13:54:04 | 000,109,728 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\IPROSetMonitor.exe
[2011/03/07 11:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\ESET
[2011/03/01 09:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Microsoft
[2011/03/01 09:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/02/25 16:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Microsoft Help
[2011/02/25 08:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Adobe
[2011/02/24 10:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Key Metric Software
[2011/02/24 10:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Caphyon
[2011/02/24 10:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Key Metric Software
[2011/02/24 10:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Key Metric Software
[2011/02/24 10:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\FolderSizes 5
[2011/02/24 10:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Temp
[2011/02/24 10:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Deployment
[2011/02/21 12:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\IsolatedStorage
[2011/02/21 10:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\assembly
[2011/02/21 10:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Plasma_Automation_Inc
[2011/02/21 09:30:22 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/21 09:30:22 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/21 09:30:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/21 09:30:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/21 09:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Sun
[2011/02/21 09:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Mozilla
[2011/02/21 09:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hewlett-Packard
[2011/02/21 09:01:34 | 000,161,280 | ---- | C] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\hpcpn093.dll
[2011/02/21 09:01:33 | 000,059,928 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\fxcompchannel.dll
[2011/02/21 09:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/02/21 09:00:33 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2011/02/21 08:58:41 | 000,331,776 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppcpr13.dll
[2011/02/16 11:00:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/02/16 11:00:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/02/16 00:40:17 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxdav.sys
[2011/02/16 00:40:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2011/02/15 14:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Thunderbird
[2011/02/15 14:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Apple Computer
[2011/02/15 14:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Google
[2011/02/15 14:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Symantec
[2011/02/15 14:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\TSVNCache
[2011/02/15 14:14:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SUitzetter\Local Settings
[2011/02/15 14:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Local Settings\Application Data\Microsoft
[2011/02/15 11:32:25 | 001,323,808 | ---- | C] (Az-Tech Software, Inc.) -- C:\Documents and Settings\SUitzetter\Desktop\AzRockey.AAA
[2011/02/15 11:32:23 | 001,451,856 | ---- | C] (Az-Tech Software ) -- C:\Documents and Settings\SUitzetter\Desktop\azsetup.exe
[2011/02/15 11:32:23 | 001,323,808 | ---- | C] (Az-Tech Software, Inc.) -- C:\Documents and Settings\SUitzetter\Desktop\AzRockey.exe
[2011/02/15 11:32:15 | 000,030,720 | ---- | C] (NirSoft) -- C:\Documents and Settings\SUitzetter\Desktop\DriverView.exe
[2011/02/15 11:32:14 | 004,326,456 | ---- | C] (Microsoft Exchange ) -- C:\Documents and Settings\SUitzetter\Desktop\ExchangeSDKTools.exe
[2011/02/15 11:25:44 | 000,007,168 | ---- | C] ( ) -- C:\Documents and Settings\SUitzetter\Desktop\Interop.Vicon_Backend33.dll
[2011/02/15 11:25:33 | 001,885,072 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\SUitzetter\Desktop\mbam-setup.exe
[2011/02/15 11:24:23 | 000,016,384 | ---- | C] (Plasma Automation) -- C:\Documents and Settings\SUitzetter\Desktop\Project1.exe
[2011/02/15 11:24:22 | 007,584,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\SUitzetter\Desktop\rdbgsetup.exe
[2011/02/15 11:24:13 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\SUitzetter\Desktop\SPYHK55.DLL
[2011/02/15 11:24:12 | 000,503,811 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\SUitzetter\Desktop\SPYXX.EXE
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Launchy
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\KeePass
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Kana Solution
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\IsolatedStorage
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\InstallShield
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Identities
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\IcoFX
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Help
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\gtk-2.0
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\GlarySoft
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\GetRightToGo
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\FileZilla
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Dropbox
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Download Manager
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\DisplayFusion
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Corel
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Bump Technologies, Inc
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Bitsoft
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\ATI
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Apprise
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Apple Computer
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Alchemy Mindworks
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Ahead
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\AdobeUM
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Adobe
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\.VirtualBox
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\.thumbnails
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\.purple
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\.jnlp-applet
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\.gimp-2.6
[2011/02/15 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\.AnywherePEViewer
[2011/02/15 10:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Malwarebytes
[2011/02/15 10:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Macromedia
[2011/02/15 10:58:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Webs
[2011/02/15 10:58:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Web Sites
[2011/02/15 10:58:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Shapes
[2011/02/15 10:58:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Data Sources
[2011/02/15 10:58:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\SUitzetter\Application Data\Microsoft
[2011/02/15 10:58:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SUitzetter\SendTo
[2011/02/15 10:58:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SUitzetter\Recent
[2011/02/15 10:58:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SUitzetter\Application Data
[2011/02/15 10:58:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Startup
[2011/02/15 10:58:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUitzetter\Start Menu
[2011/02/15 10:58:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Widgets
[2011/02/15 10:58:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Wallpapers
[2011/02/15 10:58:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Videos
[2011/02/15 10:58:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Pictures
[2011/02/15 10:58:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Music
[2011/02/15 10:58:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Dropbox
[2011/02/15 10:58:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUitzetter\My Documents
[2011/02/15 10:58:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUitzetter\Favorites
[2011/02/15 10:58:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Administrative Tools
[2011/02/15 10:58:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Accessories
[2011/02/15 10:58:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SUitzetter\UserData
[2011/02/15 10:58:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SUitzetter\PrivacIE
[2011/02/15 10:58:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SUitzetter\IETldCache
[2011/02/15 10:58:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SUitzetter\IECompatCache
[2011/02/15 10:58:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SUitzetter\Cookies
[2011/02/15 10:58:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SUitzetter\Templates
[2011/02/15 10:58:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SUitzetter\PrintHood
[2011/02/15 10:58:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SUitzetter\NetHood
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\zip32 and unzip32
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\work
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Wise Installer
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\WinHugs
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Windows Search
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\WINDOWS
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\ViTrack walkthru
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\Visual Studio 2010
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\Visual Studio 2008
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\Visual Studio 2005
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\VirtualBox VMs
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\ViCost walkthru
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Vicon 3.2
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\ViComp doc
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\ViComp
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\ViCall walkthru
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\vicall jobs
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\ViBar Tracking movie
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\VBox Host
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\Unused Desktop Shortcuts
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Unity
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\U3
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\transition
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\TortoiseSVN
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\TortoiseHg
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\Time Study Sheet
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\Time Sheets
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Thunderbird
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\SUPERAntiSpyware.com
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Subversion
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\SSEUtil
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\SQL Server Management Studio Express
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\SQL Server Management Studio
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\SQL Express 2008
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\SQL Express 2005
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\Socket CABs NEW
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\Socket CABs
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\Small Business Accounting
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\show
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\screenshots
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\scottd
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\SciTech
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\router
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\revert save
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\report
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\regctrls
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\RealWorld
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Realtime Soft
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\Quickies
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Plasma_Automation_Inc
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Plasma_Automation
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Paint Shop Pro 5
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Notepad++
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Notepad++
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\New Folder
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Virtual Machines
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Received Files
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Google Gadgets
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\My GIF Animations
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\My eBooks
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Device Emulators
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\My Autodesk Content Browser Library
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Mozilla
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\moving fonts
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\MontiVision
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Mikogo
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\Mikogo
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Mikogo
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Microsoft Web Publishing
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Microsoft FxCop
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Application Data\Microsoft Corporation
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Launchy
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\Launchpad
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\Kim's scanner
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\John Smith
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\J and L sheet metal- Nesting stuff
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\IT3800 scanner
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\intelicad website
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\Integration Services Script Task
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\Integration Services Script Component
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\ICADPressureConvertor
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\ICAD importing
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\ICAD
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\HTML Help Workshop
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\Howard Stern Dbs
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\History
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\Gryphon M100 scanner
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Google Chrome
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\gegl-0.0
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\galil windows 7 driver installers
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\FROM HOWARD
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\FAH2
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\FAH1
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\ex hood
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\drawtech screenies
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\drawing1
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\Downloads
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\DotNetFX35SP1
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\DBManager
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\DB stuff
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\Corel User Files
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\Corel
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Contacts
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\collcheck
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\ClipX
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\CCleaner
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\Call Reports_files
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\bobby
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Altiris
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\My Documents\AIMLogger
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\admin
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\4400 BOA- 36 E 14 St, NY, NY
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\4317 Eastbay 1
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\1234 Demo Job
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Desktop\1004 ATT - Montague
[2011/02/15 10:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\.NET Memory Profiler 3.0
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/15 07:46:00 | 000,575,324 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Desktop\blah.zip
[2011/03/15 07:20:01 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3840939107-1243498262-4025802620-1631UA.job
[2011/03/14 20:14:25 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Image C Drive.job
[2011/03/14 18:45:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Delete C Image.job
[2011/03/14 16:10:09 | 000,575,388 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Desktop\OTL.scr
[2011/03/14 16:08:14 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Desktop\OTL.exe.htm
[2011/03/14 16:02:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/14 16:01:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/14 11:22:40 | 000,000,080 | ---- | M] () -- C:\WINDOWS\cqw.ini
[2011/03/14 09:57:01 | 000,622,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/14 09:57:00 | 000,132,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/14 09:53:09 | 000,358,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/14 09:20:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3840939107-1243498262-4025802620-1631Core.job
[2011/03/14 08:53:55 | 000,022,016 | ---- | M] () -- C:\WINDOWS\System32\MSWINSCK.oca
[2011/03/14 08:51:55 | 000,048,640 | ---- | M] () -- C:\WINDOWS\System32\MSMASK32.oca
[2011/03/14 08:51:38 | 000,101,888 | ---- | M] () -- C:\WINDOWS\System32\THREED32.oca
[2011/03/14 08:50:32 | 000,064,000 | ---- | M] () -- C:\WINDOWS\System32\RICHTX32.oca
[2011/03/14 08:50:32 | 000,052,224 | ---- | M] () -- C:\WINDOWS\System32\comct232.oca
[2011/03/14 08:49:42 | 000,135,168 | ---- | M] () -- C:\WINDOWS\System32\MSCOMCT2.oca
[2011/03/14 08:48:56 | 000,033,280 | ---- | M] () -- C:\WINDOWS\System32\DMCPOLL.oca
[2011/03/14 08:48:56 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\DMCIO.oca
[2011/03/14 08:48:47 | 000,090,624 | ---- | M] () -- C:\WINDOWS\System32\MSHFLXGD.oca
[2011/03/14 08:48:47 | 000,025,600 | ---- | M] () -- C:\WINDOWS\System32\MSCOMM32.oca
[2011/03/14 08:48:44 | 000,240,128 | ---- | M] () -- C:\WINDOWS\System32\COMCTL32.oca
[2011/03/14 08:48:44 | 000,076,288 | ---- | M] () -- C:\WINDOWS\System32\MSFLXGRD.oca
[2011/03/14 08:48:03 | 000,029,696 | ---- | M] () -- C:\WINDOWS\System32\CScomb32.oca
[2011/03/14 08:48:03 | 000,029,184 | ---- | M] () -- C:\WINDOWS\System32\ccrpudn6.oca
[2011/03/14 08:47:48 | 000,035,840 | ---- | M] () -- C:\WINDOWS\System32\COMDLG32.oca
[2011/03/14 08:47:47 | 000,266,752 | ---- | M] () -- C:\WINDOWS\System32\MSCOMCTL.oca
[2011/03/11 18:22:45 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Desktop\Google Chrome.lnk
[2011/03/11 18:22:45 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/11 14:48:27 | 000,000,111 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/03/10 14:26:52 | 000,000,283 | -HS- | M] () -- C:\boot.ini
[2011/03/09 17:09:16 | 275,101,091 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Desktop\MEMORY DUMP.zip
[2011/03/09 16:57:32 | 2147,082,240 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Desktop\MEMORY.DMP
[2011/03/09 12:52:18 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Desktop\dds.scr
[2011/03/09 12:51:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\SUitzetter\defogger_reenable
[2011/03/09 12:39:25 | 004,284,225 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Desktop\blah.exe
[2011/03/09 09:12:32 | 000,296,448 | ---- | M] () -- C:\kikkp66p.exe
[2011/03/09 08:49:22 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/08 17:03:58 | 048,762,368 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Desktop\essbe_nt32_enu.msi
[2011/03/08 14:29:49 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/08 14:16:17 | 000,002,126 | -H-- | M] () -- C:\Documents and Settings\SUitzetter\My Documents\Default.rdp
[2011/03/08 12:39:38 | 000,057,856 | ---- | M] () -- C:\WINDOWS\System32\CRVIEWER.oca
[2011/03/08 11:46:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\LMDBJJJHFZXPM
[2011/03/08 09:00:43 | 002,676,504 | ---- | M] (ESET) -- C:\Documents and Settings\SUitzetter\Desktop\SysInspector.exe
[2011/03/08 08:54:47 | 000,430,616 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/07 15:02:39 | 044,133,888 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Desktop\eav_nt32_enu.msi
[2011/03/07 13:42:03 | 027,791,832 | ---- | M] (Intel ) -- C:\Documents and Settings\SUitzetter\Desktop\PROWin32.exe
[2011/03/06 14:01:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SUitzetter\Desktop\blah2.exe
[2011/03/04 23:26:10 | 000,430,616 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110308-075447.backup
[2011/03/03 23:29:28 | 000,430,616 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-222610.backup
[2011/03/02 14:39:16 | 000,008,858 | RHS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\ntuser.pol
[2011/03/02 09:56:57 | 000,430,092 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110303-222928.backup
[2011/03/01 23:01:18 | 000,430,092 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110302-085657.backup
[2011/03/01 10:00:44 | 000,430,092 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110301-220118.backup
[2011/02/28 23:29:37 | 000,430,092 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110301-090044.backup
[2011/02/28 09:09:40 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2011/02/25 23:24:54 | 000,430,092 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110228-222936.backup
[2011/02/25 17:27:28 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\SUitzetter\.recently-used.xbel
[2011/02/25 10:28:58 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Application Data\Microsoft\Internet Explorer\Quick Launch\PlasmaSQL.exe.lnk
[2011/02/25 10:10:03 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\SUitzetter\Desktop\PlasmaSQL.exe.lnk
[2011/02/25 08:57:22 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[2011/02/24 23:26:36 | 000,430,092 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110225-222454.backup
[2011/02/24 10:45:58 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\FolderSizes 5.lnk
[2011/02/24 09:52:29 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110224-222636.backup
[2011/02/23 23:29:52 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110224-085229.backup
[2011/02/22 11:00:45 | 000,429,858 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110223-222952.backup
[2011/02/21 09:03:02 | 000,172,982 | ---- | M] () -- C:\WINDOWS\hppins13.dat
[2011/02/21 09:01:26 | 000,000,687 | ---- | M] () -- C:\WINDOWS\hpntwksetup.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/15 07:45:59 | 000,575,324 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\blah.zip
[2011/03/14 16:08:58 | 000,575,388 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\OTL.scr
[2011/03/14 16:08:14 | 000,000,931 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\OTL.exe.htm
[2011/03/14 11:22:40 | 000,000,080 | ---- | C] () -- C:\WINDOWS\cqw.ini
[2011/03/09 17:03:39 | 275,101,091 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\MEMORY DUMP.zip
[2011/03/09 16:40:47 | 2147,082,240 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\MEMORY.DMP
[2011/03/09 12:52:17 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\dds.scr
[2011/03/09 12:51:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SUitzetter\defogger_reenable
[2011/03/09 12:39:30 | 004,284,225 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\blah.exe
[2011/03/09 09:12:29 | 000,296,448 | ---- | C] () -- C:\kikkp66p.exe
[2011/03/09 06:42:13 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/03/09 06:42:13 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/03/08 16:38:24 | 044,133,888 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\eav_nt32_enu.msi
[2011/03/08 14:29:49 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/08 14:28:13 | 000,263,168 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\STOPS Malware from Running rkill.com
[2011/03/08 12:39:38 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\CRVIEWER.oca
[2011/03/08 11:46:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\LMDBJJJHFZXPM
[2011/03/08 11:26:28 | 000,003,797 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ESET_LOG_GENERATOR.bat
[2011/03/07 16:40:48 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\gmer.exe
[2011/03/07 15:25:57 | 048,762,368 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\essbe_nt32_enu.msi
[2011/03/07 13:53:47 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2011/02/25 17:27:28 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\SUitzetter\.recently-used.xbel
[2011/02/25 10:28:58 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Application Data\Microsoft\Internet Explorer\Quick Launch\PlasmaSQL.exe.lnk
[2011/02/25 10:09:49 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\PlasmaSQL.exe.lnk
[2011/02/25 08:57:22 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[2011/02/25 08:57:21 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/24 10:45:58 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\FolderSizes 5.lnk
[2011/02/24 10:17:34 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Google Chrome.lnk
[2011/02/24 10:17:34 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/24 10:15:53 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3840939107-1243498262-4025802620-1631UA.job
[2011/02/24 10:15:53 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3840939107-1243498262-4025802620-1631Core.job
[2011/02/22 09:44:35 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Image C Drive.job
[2011/02/22 09:41:36 | 000,000,248 | ---- | C] () -- C:\WINDOWS\tasks\Delete C Image.job
[2011/02/21 09:01:09 | 000,000,687 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/02/21 08:58:51 | 000,172,982 | ---- | C] () -- C:\WINDOWS\hppins13.dat
[2011/02/21 08:58:51 | 000,006,760 | ---- | C] () -- C:\WINDOWS\hppmdl13.dat
[2011/02/21 08:58:38 | 000,000,619 | ---- | C] () -- C:\WINDOWS\System32\hppapr13.dat
[2011/02/15 11:38:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SUitzetter\.gtkrc-2.0
[2011/02/15 11:38:55 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Application Data\$_hpcst$.hpc
[2011/02/15 11:36:10 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Virtual PC.lnk
[2011/02/15 11:36:10 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Application Data\Microsoft\Internet Explorer\Quick Launch\Psp.exe.lnk
[2011/02/15 11:36:10 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Application Data\Microsoft\Internet Explorer\Quick Launch\notepad++.exe.lnk
[2011/02/15 11:36:10 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/02/15 11:32:33 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\SUitzetter\client.cfg
[2011/02/15 11:32:29 | 000,018,677 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\1.job
[2011/02/15 11:32:29 | 000,000,181 | ---- | C] () -- C:\Documents and Settings\SUitzetter\default.pls
[2011/02/15 11:32:28 | 000,017,987 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\2.job
[2011/02/15 11:32:27 | 000,017,715 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\3998 COND INTAKE 8-3-10.job
[2011/02/15 11:32:27 | 000,003,223 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\3.job
[2011/02/15 11:32:26 | 001,119,580 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\9496.pdf
[2011/02/15 11:32:26 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\777d.job
[2011/02/15 11:32:22 | 000,108,057 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\BOBS EAST RIVER OFFICE.job
[2011/02/15 11:32:22 | 000,093,710 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\blah.xps
[2011/02/15 11:32:22 | 000,022,787 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\blah.sqlplan
[2011/02/15 11:32:22 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\busy.avi
[2011/02/15 11:32:21 | 002,996,470 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Cordless Scanning System Manual.pdf
[2011/02/15 11:32:21 | 000,111,525 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\document.pdf
[2011/02/15 11:32:21 | 000,006,340 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\categories.csv
[2011/02/15 11:32:20 | 000,034,815 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Document1.pdf
[2011/02/15 11:32:20 | 000,032,967 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\document.pdf.png
[2011/02/15 11:32:16 | 000,116,278 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\drawtech_background.bmp
[2011/02/15 11:32:16 | 000,105,896 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\drawtech_setup.bmp
[2011/02/15 11:32:16 | 000,068,279 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\drawtech_background.png
[2011/02/15 11:32:15 | 000,116,278 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\dt_loading_screen_background.bmp
[2011/02/15 11:32:15 | 000,066,985 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\dt_loading_screen_background.png
[2011/02/15 11:32:15 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\DriverView.cfg
[2011/02/15 11:32:14 | 015,069,816 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\E2k3SDK.exe
[2011/02/15 11:32:14 | 000,461,782 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\EVERKEY.chm
[2011/02/15 11:32:14 | 000,029,807 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ebm standards.ini
[2011/02/15 11:32:14 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\EXPORT-IMPORT.CSV
[2011/02/15 11:27:58 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\getpdascreen.exe
[2011/02/15 11:27:51 | 000,103,052 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\HierarchicalGrid.zip
[2011/02/15 11:26:01 | 000,054,978 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\HS Estimate Analysis.xltx
[2011/02/15 11:26:01 | 000,006,069 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\HSBColor.cs
[2011/02/15 11:26:01 | 000,001,203 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\hsvicall2.lic
[2011/02/15 11:26:01 | 000,000,379 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Howard Stern VNC.vnc
[2011/02/15 11:25:47 | 000,627,007 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\icad 2011 3d.mnr
[2011/02/15 11:25:47 | 000,137,527 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ICADPressureConverter.zip
[2011/02/15 11:25:47 | 000,088,717 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\icad 2011 3d.cuix
[2011/02/15 11:25:45 | 001,392,713 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\intelicadpc.vrs
[2011/02/15 11:25:45 | 000,651,998 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\idk99.exe
[2011/02/15 11:25:45 | 000,131,237 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ICADPressureConvertor.zip
[2011/02/15 11:25:45 | 000,063,091 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\intelicadrc.vrs
[2011/02/15 11:25:45 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\InstallConfig.ini
[2011/02/15 11:25:45 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\InstallConfig (DrawTech).ini
[2011/02/15 11:25:44 | 000,051,342 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\intro background.png
[2011/02/15 11:25:44 | 000,031,387 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Inventory Master.csv
[2011/02/15 11:25:42 | 000,032,439 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\JobCostingError.zip
[2011/02/15 11:25:34 | 000,063,067 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\label test.xps
[2011/02/15 11:25:34 | 000,013,089 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\loadinfo.mng
[2011/02/15 11:25:34 | 000,005,667 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\loadinfo.gif
[2011/02/15 11:25:33 | 001,676,592 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\mikogo-starter.exe
[2011/02/15 11:25:33 | 000,021,895 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\mattcosting.ini
[2011/02/15 11:25:33 | 000,020,778 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\mercedies rtu-1ra.job
[2011/02/15 11:24:33 | 000,004,079 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\new 1
[2011/02/15 11:24:27 | 000,010,668 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\old status
[2011/02/15 11:24:24 | 004,752,970 | R--- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Opera_Mobile_10_WM_beta_3.cab
[2011/02/15 11:24:23 | 006,566,668 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Plasma_HVAC Bro.pdf
[2011/02/15 11:24:23 | 000,077,614 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\PickLabel.pdf
[2011/02/15 11:24:23 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\pre-revprop-change.bat
[2011/02/15 11:24:23 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Program.cs
[2011/02/15 11:24:22 | 000,034,714 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ProjectsReport.pdf
[2011/02/15 11:24:22 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ReceiveLabel.pdf
[2011/02/15 11:24:22 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\query notification info.sql
[2011/02/15 11:24:20 | 000,330,008 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\report.zip
[2011/02/15 11:24:20 | 000,197,520 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\report path not found.zip
[2011/02/15 11:24:19 | 000,124,989 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Request for Peachtree info - Peachtree Forums.pdf
[2011/02/15 11:24:17 | 000,039,566 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ShopStandards.ini
[2011/02/15 11:24:16 | 000,050,653 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\socket barcode test.pdf
[2011/02/15 11:17:25 | 000,257,884 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\StockItemsReport.tif
[2011/02/15 11:17:25 | 000,016,624 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\System Resource Report.pdf
[2011/02/15 11:17:25 | 000,000,429 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\test.CSV
[2011/02/15 11:17:25 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Table of Contents.hhc
[2011/02/15 11:17:25 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\test
[2011/02/15 11:17:24 | 000,224,475 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\test.xps
[2011/02/15 11:17:24 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\test.job
[2011/02/15 11:17:24 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\test.lic
[2011/02/15 11:17:24 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\test2.CSV
[2011/02/15 11:17:23 | 000,162,425 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\testing.job
[2011/02/15 11:17:14 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Time Study Query.sql
[2011/02/15 11:17:14 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Today.lnk
[2011/02/15 11:17:13 | 000,006,626 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ts.csv
[2011/02/15 11:17:13 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Today.zip
[2011/02/15 11:17:06 | 000,003,453 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\usbkey.png
[2011/02/15 11:01:51 | 010,891,740 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ViconHelp.chm
[2011/02/15 11:01:51 | 000,011,699 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ViCost Values that were there.setup
[2011/02/15 11:01:51 | 000,004,349 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Vicon Job 3.job
[2011/02/15 11:01:51 | 000,004,238 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Vicon Job 1.job
[2011/02/15 11:01:51 | 000,002,700 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\Vicon Job 2.job
[2011/02/15 11:01:51 | 000,002,287 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ViComp todo
[2011/02/15 11:01:51 | 000,001,799 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ViCost Values.setup
[2011/02/15 11:01:44 | 003,402,712 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ViCost.chm
[2011/02/15 11:01:44 | 000,027,876 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ViSchedule Approve Hours Tab write-up.pdf
[2011/02/15 11:01:44 | 000,014,239 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\ViCost1.job
[2011/02/15 11:01:35 | 001,683,456 | ---- | C] () -- C:\Documents and Settings\SUitzetter\FahCore_82.exe
[2011/02/15 11:01:35 | 000,030,276 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\085 Round Library.wmf
[2011/02/15 11:01:35 | 000,001,198 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Desktop\[3470334404].job
[2011/02/15 11:01:35 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\SUitzetter\mercurial.ini
[2011/02/15 11:01:34 | 000,728,698 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\blah..mdi
[2011/02/15 11:01:34 | 000,390,063 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\auto2000.chm
[2011/02/15 11:01:34 | 000,229,441 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\20091010-2017.pdf
[2011/02/15 11:01:34 | 000,125,274 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\5kreg.pdf
[2011/02/15 11:01:34 | 000,016,618 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Backup_of_Tee Branch.cdr
[2011/02/15 11:01:34 | 000,015,858 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Backup_of_Oval Tee Branch.cdr
[2011/02/15 11:01:34 | 000,015,060 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Backup_of_grid.cdr
[2011/02/15 11:01:34 | 000,014,816 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Backup_of_grid1.cdr
[2011/02/15 11:01:34 | 000,014,060 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Backup_of_sqflange.cdr
[2011/02/15 11:01:34 | 000,012,937 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\ac tap.job
[2011/02/15 11:01:34 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\arc6.gif
[2011/02/15 11:01:34 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\arc5.gif
[2011/02/15 11:01:34 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\arc4.gif
[2011/02/15 11:01:34 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\arc2.gif
[2011/02/15 11:01:34 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\arc9.gif
[2011/02/15 11:01:34 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\arc3.gif
[2011/02/15 11:01:34 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\arc10.gif
[2011/02/15 11:01:34 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\arc8.gif
[2011/02/15 11:01:34 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\arc7.gif
[2011/02/15 11:01:34 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\arc1.gif
[2011/02/15 11:01:33 | 000,001,426 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\blank_label.gif
[2011/02/15 11:01:33 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\blah.INI
[2011/02/15 11:01:33 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\blah2.INI
[2011/02/15 11:01:33 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\blah3.gif
[2011/02/15 11:01:33 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\blah7.gif
[2011/02/15 11:01:33 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\blah6.gif
[2011/02/15 11:01:33 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\blah4.gif
[2011/02/15 11:01:33 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\blah2.gif
[2011/02/15 11:01:33 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\blah.gif
[2011/02/15 11:01:33 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\blah5.gif
[2011/02/15 11:01:32 | 001,540,096 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Bug (SU specific).mdb
[2011/02/15 11:01:32 | 000,213,883 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20060420_1330.reg
[2011/02/15 11:01:32 | 000,075,426 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20060921_0838.reg
[2011/02/15 11:01:32 | 000,005,801 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20060927_1040.reg
[2011/02/15 11:01:32 | 000,001,966 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\bug.psp
[2011/02/15 11:01:32 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\bug.png
[2011/02/15 11:01:32 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\bug.gif
[2011/02/15 11:01:32 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\blue down arrow.gif
[2011/02/15 11:01:31 | 000,541,954 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20090827_095459.reg
[2011/02/15 11:01:31 | 000,233,958 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20090903_151415.reg
[2011/02/15 11:01:31 | 000,214,622 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20090827_103552.reg
[2011/02/15 11:01:31 | 000,198,166 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20090827_111048.reg
[2011/02/15 11:01:31 | 000,046,201 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20060927_1120.reg
[2011/02/15 11:01:31 | 000,021,744 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20090910_090316.reg
[2011/02/15 11:01:31 | 000,020,240 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20090924_160310.reg
[2011/02/15 11:01:31 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20090924_162655.reg
[2011/02/15 11:01:30 | 000,064,542 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20091001_090116.reg
[2011/02/15 11:01:30 | 000,026,290 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20091204_123839.reg
[2011/02/15 11:01:30 | 000,019,168 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20100118_081436.reg
[2011/02/15 11:01:30 | 000,018,410 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20091027_124400.reg
[2011/02/15 11:01:30 | 000,016,966 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20090925_114600.reg
[2011/02/15 11:01:30 | 000,006,756 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20090925_085256.reg
[2011/02/15 11:01:30 | 000,006,078 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20100310_083700.reg
[2011/02/15 11:01:30 | 000,003,630 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20091215_094636.reg
[2011/02/15 11:01:30 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\cc_20090925_132316.reg
[2011/02/15 11:01:29 | 000,649,163 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\CEConnect!Agent.WM5.ARMV4I.CAB
[2011/02/15 11:01:28 | 001,744,755 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\collcheck.bak
[2011/02/15 11:01:28 | 001,744,738 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\collcheck.dwg
[2011/02/15 11:01:27 | 000,413,696 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\collcheck.TAG
[2011/02/15 11:01:27 | 000,353,604 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\crestock-213752-2560x1600.jpg
[2011/02/15 11:01:27 | 000,003,443 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Commonline.job
[2011/02/15 11:01:26 | 000,633,352 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\DancingFlames.jpg
[2011/02/15 11:01:26 | 000,600,870 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\crestock-70406-2560x1600.jpg
[2011/02/15 11:01:26 | 000,299,008 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Database1.accdb
[2011/02/15 11:01:25 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Database2.accdb
[2011/02/15 11:01:06 | 000,215,293 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\desktop1.jpg
[2011/02/15 11:01:06 | 000,002,126 | -H-- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Default.rdp
[2011/02/15 11:01:05 | 001,529,403 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\desktop11.jpg
[2011/02/15 11:01:05 | 000,439,118 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\desktop12.jpg
[2011/02/15 11:01:05 | 000,404,931 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\desktop10.jpg
[2011/02/15 11:01:04 | 000,351,401 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\desktop13.jpg
[2011/02/15 11:01:03 | 000,277,194 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\desktop3.jpg
[2011/02/15 11:01:03 | 000,213,621 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\desktop2.jpg
[2011/02/15 11:01:02 | 000,679,421 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\desktop4.jpg
[2011/02/15 11:01:01 | 002,495,495 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\desktop6.jpg
[2011/02/15 11:01:01 | 000,404,043 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\desktop7.jpg
[2011/02/15 11:01:01 | 000,317,885 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\desktop5.jpg
[2011/02/15 11:01:00 | 001,177,217 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\desktop9.jpg
[2011/02/15 11:01:00 | 000,176,489 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\desktop8.jpg
[2011/02/15 11:01:00 | 000,004,410 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\document.tif
[2011/02/15 10:59:58 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Drawing1.TAG
[2011/02/15 10:59:58 | 000,141,639 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\DTKBarcode.zip
[2011/02/15 10:59:58 | 000,026,304 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Drawing1.bak
[2011/02/15 10:59:58 | 000,023,628 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Drawing1.dwg
[2011/02/15 10:59:58 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Email template.oft
[2011/02/15 10:59:58 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\eastbay.lic
[2011/02/15 10:59:57 | 000,162,803 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\empty.html
[2011/02/15 10:59:57 | 000,020,698 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Employee Time Card 1.mdi
[2011/02/15 10:59:28 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\file_icon.gif
[2011/02/15 10:59:27 | 000,569,186 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Go-Shoot.pdf
[2011/02/15 10:59:27 | 000,055,712 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\grid color.wmf
[2011/02/15 10:59:27 | 000,053,968 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\GSMC CAFE RETURN.job
[2011/02/15 10:59:27 | 000,035,236 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\grid BW.wmf
[2011/02/15 10:59:27 | 000,015,076 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\GranTorino_Script.pdf
[2011/02/15 10:59:27 | 000,015,008 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\grid.cdr
[2011/02/15 10:59:27 | 000,005,859 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\gears.gif
[2011/02/15 10:59:27 | 000,002,647 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\FogBugz WorkingOn.lnk
[2011/02/15 10:59:27 | 000,001,109 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\gfxChars.gif
[2011/02/15 10:59:27 | 000,001,091 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\gfxChars3.gif
[2011/02/15 10:59:27 | 000,001,063 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\gfxChars2.gif
[2011/02/15 10:59:27 | 000,001,061 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\gfxChars4.gif
[2011/02/15 10:59:27 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Graphic1.wmf
[2011/02/15 10:59:13 | 000,241,188 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Image1.jpg
[2011/02/15 10:59:13 | 000,001,302 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Image1.bmp
[2011/02/15 10:59:13 | 000,001,099 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Image2.png
[2011/02/15 10:59:13 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Image1.gif
[2011/02/15 10:59:13 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Image3.gif
[2011/02/15 10:59:13 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Image5.gif
[2011/02/15 10:59:13 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Image2.gif
[2011/02/15 10:59:13 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\icon.gif
[2011/02/15 10:59:13 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Image6.bmp
[2011/02/15 10:59:13 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Image4.gif
[2011/02/15 10:59:12 | 000,004,640 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Image8.psp
[2011/02/15 10:59:12 | 000,001,025 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Image6.gif
[2011/02/15 10:59:04 | 024,677,432 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\keislercalc1.pdf
[2011/02/15 10:59:04 | 000,073,360 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\KESHOW.EXE
[2011/02/15 10:58:45 | 000,001,007 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\lgGridTmpl.gif
[2011/02/15 10:58:44 | 000,233,610 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Microsoft Visual Basic0002.mdi
[2011/02/15 10:58:44 | 000,024,978 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Microsoft Visual Basic0001.mdi
[2011/02/15 10:58:44 | 000,017,770 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Microsoft Visual Basic.mdi
[2011/02/15 10:58:44 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\macro.bas
[2011/02/15 10:58:43 | 000,465,848 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Microsoft Visual Basic0003.mdi
[2011/02/15 10:58:42 | 001,610,596 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Microsoft Visual Basic0004.mdi
[2011/02/15 10:58:42 | 000,051,606 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Microsoft Visual Basic0007.mdi
[2011/02/15 10:58:42 | 000,021,234 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Microsoft Visual Basic0005.mdi
[2011/02/15 10:58:42 | 000,018,704 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Microsoft Visual Basic0006.mdi
[2011/02/15 10:58:41 | 000,231,424 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\MJsDiag.exe
[2011/02/15 10:58:41 | 000,082,600 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\MIKES TEST.dwg
[2011/02/15 10:58:29 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\My Sharing Folders.lnk
[2011/02/15 10:58:19 | 039,400,960 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\NETCFSetupv2.msi
[2011/02/15 10:58:19 | 000,032,956 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Oval Tee Branch Color.wmf
[2011/02/15 10:58:19 | 000,016,525 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\puzzle.gif
[2011/02/15 10:58:19 | 000,015,924 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Oval Tee Branch.cdr
[2011/02/15 10:58:19 | 000,005,674 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\profile.ar
[2011/02/15 10:58:19 | 000,004,462 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\NewDatabase.kdbx
[2011/02/15 10:58:19 | 000,004,074 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Oval Tee Branch BW.wmf
[2011/02/15 10:58:19 | 000,002,854 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\padlock closed.psp
[2011/02/15 10:58:19 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\padlock closed.gif
[2011/02/15 10:58:19 | 000,000,987 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\padlock open.gif
[2011/02/15 10:58:19 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\passwords.zip
[2011/02/15 10:58:19 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\radius left.gif
[2011/02/15 10:58:18 | 000,610,852 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Round Library2.cdr
[2011/02/15 10:58:18 | 000,327,680 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\rdOffsetTest.iif
[2011/02/15 10:58:18 | 000,092,982 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Round Library BW.cdr
[2011/02/15 10:58:18 | 000,081,388 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\report.zip
[2011/02/15 10:58:18 | 000,011,332 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\received.gif
[2011/02/15 10:58:18 | 000,005,648 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Rectangle.wmf
[2011/02/15 10:58:18 | 000,000,968 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\rdOffsetTest.ftg
[2011/02/15 10:58:18 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\rdOffsetTest.INI
[2011/02/15 10:58:18 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\red down arrow.gif
[2011/02/15 10:58:18 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\radius right.gif
[2011/02/15 10:58:18 | 000,000,049 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\right arrow.gif
[2011/02/15 10:58:14 | 007,886,336 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\setup.msi
[2011/02/15 10:58:14 | 000,041,790 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Shapes Library 2.cdr
[2011/02/15 10:58:14 | 000,002,478 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\satchel.gif
[2011/02/15 10:58:14 | 000,000,102 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\S90.gif
[2011/02/15 10:58:14 | 000,000,102 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\S75.gif
[2011/02/15 10:58:13 | 001,954,516 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\SM-6-2A.dwg
[2011/02/15 10:58:13 | 001,116,959 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\SocketScan.WM5.ARMV4I.CAB
[2011/02/15 10:58:13 | 000,442,368 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\SM-6-2A.TAG
[2011/02/15 10:58:13 | 000,051,591 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\ShopStandards.ini
[2011/02/15 10:58:13 | 000,032,944 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Shapes Library BW.cdr
[2011/02/15 10:58:13 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\single line.wmf
[2011/02/15 10:58:12 | 000,330,835 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\StockItemsReport2.pdf
[2011/02/15 10:58:12 | 000,050,358 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Tap 113.wmf
[2011/02/15 10:58:12 | 000,042,264 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\sqflange.wmf
[2011/02/15 10:58:12 | 000,041,152 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\sqflange color.wmf
[2011/02/15 10:58:12 | 000,036,036 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Tee Branch Color.wmf
[2011/02/15 10:58:12 | 000,026,076 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\sqflange BW.wmf
[2011/02/15 10:58:12 | 000,016,756 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Tee Branch.cdr
[2011/02/15 10:58:12 | 000,014,058 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\sqflange.cdr
[2011/02/15 10:58:12 | 000,009,572 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Tee Branch BW.wmf
[2011/02/15 10:58:12 | 000,009,514 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Tap 113BW.wmf
[2011/02/15 10:58:12 | 000,009,065 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\testing.asp
[2011/02/15 10:58:12 | 000,004,509 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\test2.html
[2011/02/15 10:58:12 | 000,001,827 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\test.html
[2011/02/15 10:58:11 | 001,523,598 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\Vi-Cost_Call_Schedule-4.bmp
[2011/02/15 10:58:11 | 000,051,497 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\vb6cli.exe
[2011/02/15 10:58:10 | 000,178,169 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\ViBarNET.zip
[2011/02/15 10:58:06 | 000,008,832 | ---- | C] () -- C:\Documents and Settings\SUitzetter\My Documents\works.asp
[2011/02/15 10:58:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\SUitzetter\queue.dat
[2011/02/15 10:58:06 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Adobe Reader 9.lnk
[2011/02/15 10:58:06 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\SUitzetter\MyFolding.html
[2011/02/15 10:58:05 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/02/15 10:58:05 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Remote Assistance.lnk
[2011/02/15 10:58:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Internet Explorer.lnk
[2011/02/15 10:58:05 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Windows Media Player.lnk
[2011/02/15 10:58:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\ResourcesExtract.lnk
[2011/02/15 10:58:05 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Outlook Express.lnk
[2011/02/15 10:58:05 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Startup\FreeWheel.lnk
[2011/02/15 10:58:05 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Virtual CD ROM.lnk
[2011/02/15 10:58:05 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\SUitzetter\Start Menu\Programs\Startup\Launchy.lnk
[2010/10/15 10:04:31 | 000,011,776 | ---- | C] () -- C:\WINDOWS\UserPort.exe
[2010/10/15 10:04:31 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\RockVdd.dll
[2010/10/15 10:04:31 | 000,006,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\Ds1410d.sys
[2010/10/15 10:04:31 | 000,004,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\UserPort.sys
[2010/10/08 10:59:24 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xqayuru.dat
[2010/10/08 10:59:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Eyugoharusane.bin
[2010/06/28 12:42:15 | 000,233,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/06/28 12:42:14 | 000,233,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/06/28 12:42:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/06/28 12:30:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/06/22 10:53:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/06/22 10:53:36 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/06/22 10:53:36 | 000,203,336 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/06/22 10:53:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/06/22 10:53:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/06/21 13:04:10 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/06/21 13:03:15 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/06/08 16:29:22 | 000,060,812 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/26 09:22:57 | 000,000,111 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/28 10:23:50 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/23 08:40:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/09/25 12:46:38 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AlchemyMindworksUpdateList.INI
[2009/09/25 12:46:21 | 000,212,992 | ---- | C] () -- C:\WINDOWS\ALCHUNIN.EXE
[2009/09/25 09:24:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/15 15:28:49 | 000,000,088 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/09/09 08:00:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/03 13:00:53 | 000,000,177 | ---- | C] () -- C:\WINDOWS\WiseHook.ini
[2009/09/03 09:20:59 | 000,000,643 | ---- | C] () -- C:\WINDOWS\wise.ini
[2009/09/03 09:14:02 | 000,000,063 | ---- | C] () -- C:\WINDOWS\VICON.INI
[2009/09/03 09:13:36 | 000,458,240 | ---- | C] () -- C:\WINDOWS\System32\dxf.dll
[2009/09/03 09:13:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2009/09/03 09:13:35 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\EXPORTMODELLER.DLL
[2009/09/03 09:13:35 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\CRTSLV.DLL
[2009/09/03 09:13:34 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\CRUTL14.DLL
[2009/09/03 09:13:32 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\PG32CONV.DLL
[2009/09/03 09:13:32 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2009/09/03 08:41:37 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/09/03 08:32:50 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/09/03 08:32:36 | 000,000,887 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/02 15:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/09/02 15:21:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/02 15:17:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/02 11:08:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/02 11:07:49 | 000,358,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/17 00:57:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2007/11/13 15:07:19 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/11/13 15:07:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/16 18:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/11/09 03:00:12 | 000,030,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\XPVCOM.sys
[2004/08/03 17:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 17:00:00 | 000,622,024 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/03 17:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 17:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 17:00:00 | 000,132,904 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/03 17:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 17:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 17:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 17:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 17:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/29 10:49:10 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/07/29 10:48:26 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\REGTLIB.EXE
[1998/12/06 16:56:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\verinst.exe
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\My Documents\ShopStandards.ini:DocumentSummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\Desktop\ViCost Values.setup:DocumentSummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\Desktop\ViCost Values that were there.setup:DocumentSummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\Desktop\Vicon Job 3.job:DocumentSummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\Desktop\Vicon Job 2.job:DocumentSummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\Desktop\Vicon Job 1.job:DocumentSummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\Desktop\testing.job:DocumentSummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\Desktop\test.job:DocumentSummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\Desktop\mercedies rtu-1ra.job:DocumentSummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\Desktop\mattcosting.ini:DocumentSummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\Desktop\777d.job:DocumentSummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\Desktop\3.job:DocumentSummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\Desktop\2.job:DocumentSummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\SUitzetter\Desktop\1.job:DocumentSummaryInformation
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\SUitzetter\Desktop\mercedies rtu-1ra.job:SummaryInformation
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\SUitzetter\Desktop\ViCost Values.setup:SummaryInformation
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\SUitzetter\Desktop\ViCost Values that were there.setup:SummaryInformation
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\SUitzetter\Desktop\Vicon Job 1.job:SummaryInformation
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\SUitzetter\Desktop\testing.job:SummaryInformation
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\SUitzetter\Desktop\test.job:SummaryInformation
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\SUitzetter\Desktop\mattcosting.ini:SummaryInformation
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\SUitzetter\Desktop\2.job:SummaryInformation
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\SUitzetter\Desktop\1.job:SummaryInformation
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\SUitzetter\Desktop\Vicon Job 3.job:SummaryInformation
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\SUitzetter\Desktop\Vicon Job 2.job:SummaryInformation
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\SUitzetter\Desktop\777d.job:SummaryInformation
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\SUitzetter\Desktop\3.job:SummaryInformation
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\SUitzetter\My Documents\ShopStandards.ini:SummaryInformation

< End of report >


OTL Extras logfile created on: 3/15/2011 7:48:57 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\SUitzetter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 8192 16384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 67.78 Gb Free Space | 45.47% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 158.92 Gb Free Space | 34.12% Space Free | Partition Type: NTFS

Computer Name: PROGRAMMING-3B | User Name: SUitzetter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3840939107-1243498262-4025802620-1631\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.SUitzetter] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4500:UDP" = 4500:UDP:LocalSubNet:Enabled:IPsec (IKE NAT-T)
"500:UDP" = 500:UDP:LocalSubNet:Enabled:IPsec (IKE)
"135:TCP" = 135:TCP:LocalSubNet:Enabled:RPC Endpoint Mapper and DCOM infrastructure
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE" = C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft ® Visual Studio VSA RPC Event Creator -- (Microsoft Corporation)
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)
"D:\Projects\ViComp trunk\ViServe\ViServe\bin\Debug\ViServeNET.vshost.exe" = D:\Projects\ViComp trunk\ViServe\ViServe\bin\Debug\ViServeNET.vshost.exe:*:Enabled:vshost.exe
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"D:\Projects\Vicon33\trunk\ViComp\.NET\ViServe\ViServe\bin\Debug\ViServeNET.vshost.exe" = D:\Projects\Vicon33\trunk\ViComp\.NET\ViServe\ViServe\bin\Debug\ViServeNET.vshost.exe:*:Enabled:vshost.exe
"C:\Program Files\Symantec\pcAnywhere\Winaw32.exe" = C:\Program Files\Symantec\pcAnywhere\Winaw32.exe:*:Enabled:pcAnywhere Main Executable
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe" = C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" = C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service
"D:\Projects\Vicon33\trunk\ViComp\DotNet\ViServe\ViServe\bin\Debug\ViServeNET.vshost.exe" = D:\Projects\Vicon33\trunk\ViComp\DotNet\ViServe\ViServe\bin\Debug\ViServeNET.vshost.exe:*:Enabled:vshost.exe
"D:\Projects\Vicon33\trunk\ViComp\DotNet\ViServe\ViServe\bin\Release\ViServeNET.exe" = D:\Projects\Vicon33\trunk\ViComp\DotNet\ViServe\ViServe\bin\Release\ViServeNET.exe:*:Enabled:ViServe
"D:\Projects\Vicon33\trunk\ViComp\DotNet\ViServe\ViServe\bin\Release\ViServeNET.vshost.exe" = D:\Projects\Vicon33\trunk\ViComp\DotNet\ViServe\ViServe\bin\Release\ViServeNET.vshost.exe:*:Enabled:vshost.exe
"D:\Projects\Vicon33\trunk\ViComp\DotNet\ViServe\ViServe\bin\Debug\ViServeNET.exe" = D:\Projects\Vicon33\trunk\ViComp\DotNet\ViServe\ViServe\bin\Debug\ViServeNET.exe:*:Enabled:ViServe
"D:\Projects\Vicon33\trunk\ViComp\DotNet\ViServe\ViServe\bin\x86\Release\ViServeNET.vshost.exe" = D:\Projects\Vicon33\trunk\ViComp\DotNet\ViServe\ViServe\bin\x86\Release\ViServeNET.vshost.exe:*:Enabled:vshost32.exe -- (Microsoft Corporation)
"D:\Projects\Vicon33\trunk\ViComp\DotNet\ViServe\ViServe\bin\x86\Debug\ViServeNET.vshost.exe" = D:\Projects\Vicon33\trunk\ViComp\DotNet\ViServe\ViServe\bin\x86\Debug\ViServeNET.vshost.exe:*:Enabled:vshost32.exe -- (Microsoft Corporation)
"D:\Projects\Vicon33\trunk\ViComp\Copy of DotNet\ViServe\ViServe\bin\x86\Debug\ViServeNET.vshost.exe" = D:\Projects\Vicon33\trunk\ViComp\Copy of DotNet\ViServe\ViServe\bin\x86\Debug\ViServeNET.vshost.exe:*:Enabled:vshost32-clr2.exe
"D:\Projects\Vicon33\trunk\Vicon_EXE\ViconMain.exe" = D:\Projects\Vicon33\trunk\Vicon_EXE\ViconMain.exe:*:Enabled:ViconMain -- (Plasma Automation)
"D:\Projects\Vicon33\trunk\Vicon_Backend\ViconBackend33.exe" = D:\Projects\Vicon33\trunk\Vicon_Backend\ViconBackend33.exe:*:Enabled:ViconBackend33 -- (Plasma Automation)
"D:\Projects\Vicon33\trunk\ViComp\Vicon_ViCost\ViCost.exe" = D:\Projects\Vicon33\trunk\ViComp\Vicon_ViCost\ViCost.exe:*:Enabled:ViCost -- (Plasma Automation)
"D:\Projects\Vicon33\trunk\Vicon_AutoTest\ViconAutoTest.exe" = D:\Projects\Vicon33\trunk\Vicon_AutoTest\ViconAutoTest.exe:*:Enabled:ViconAutoTest -- (Plasma Automation)
"D:\Projects\Vicon33\trunk\Vicon_DrawTech\ViconDrawTech.exe" = D:\Projects\Vicon33\trunk\Vicon_DrawTech\ViconDrawTech.exe:*:Enabled:ViconDrawTech -- (Plasma Automation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE" = C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE:*:Enabled:Visual Basic -- (Microsoft Corporation)
"C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe" = C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe:LocalSubNet:Enabled:Microsoft Visual Studio -- (Microsoft Corporation)
"D:\Projects\Vicon33\trunk\ViComp\Vicon_ViSchedule\ViSchedule.exe" = D:\Projects\Vicon33\trunk\ViComp\Vicon_ViSchedule\ViSchedule.exe:*:Enabled:ViSchedule -- (Plasma Automation)
"C:\Documents and Settings\Sherman Uitzetter.MEADVILLE\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Sherman Uitzetter.MEADVILLE\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"D:\Projects\Vicon33\trunk\Vicon_CoilLine\ViconCoilLine.exe" = D:\Projects\Vicon33\trunk\Vicon_CoilLine\ViconCoilLine.exe:*:Enabled:ViconCoilLine -- (Plasma Automation)
"C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint01.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe
"C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint64.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe
"C:\HP_P2055_default_install_v6.1_ww\setup\hppnicifs01.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe
"C:\HP_P2055_default_install_v6.1_ww\setup\hpbtpg.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\hpbtpg.exe:*:Enabled:hpbtpg.exe
"C:\HP_P2055_default_install_v6.1_ww\setup\LaunchApp.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\LaunchApp.exe:*:Enabled:launchapp.exe
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\SUitzetter\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\SUitzetter\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Documents and Settings\SUitzetter\Local Settings\Temp\7zS1F.tmp\SymNRT.exe" = C:\Documents and Settings\SUitzetter\Local Settings\Temp\7zS1F.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\SUitzetter\Local Settings\Temp\7zS43.tmp\SymNRT.exe" = C:\Documents and Settings\SUitzetter\Local Settings\Temp\7zS43.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Projects\ViComp trunk\ViServe\ViServe\bin\Debug\ViServeNET.vshost.exe" = D:\Projects\ViComp trunk\ViServe\ViServe\bin\Debug\ViServeNET.vshost.exe:*:Enabled:vshost.exe
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)
"C:\Program Files\Symantec\pcAnywhere\Winaw32.exe" = C:\Program Files\Symantec\pcAnywhere\Winaw32.exe:*:Enabled:pcAnywhere Main Executable
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe" = C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" = C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service
"D:\Projects\Vicon33\trunk\Vicon_AutoTest\ViconAutoTest.exe" = D:\Projects\Vicon33\trunk\Vicon_AutoTest\ViconAutoTest.exe:*:Enabled:ViconAutoTest -- (Plasma Automation)
"C:\Documents and Settings\SUitzetter\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\SUitzetter\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0006AB1D-9B22-43DF-8D14-6EBD18DED4EE}" = Intel® Network Connections 16.0.19.0
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{039694F1-2108-4B3E-8575-85C245210F94}" = Orca
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{073889C9-EECF-465E-BA61-FE7473C83151}" = Bootstrapper Manifest Generator for VS2008
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0928B2C5-0B16-C2FB-7BAE-A25901414687}" = ATI Catalyst Install Manager
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 Management Studio
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{17E7A3DA-AF11-47E9-9AF5-8EAE05FF72D9}" = Galil Active X Toolkit
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1EB9429A-A874-4BF0-961D-BDAAFB1641A6}" = Microsoft SQL Server 2005 Backward compatibility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{21CCF313-721B-4A43-A2D9-7467FF509239}" = Exchange 2003 SDK
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{27B6D024-FD7E-4A88-BC17-5AFBE33EC072}" = Microsoft F# Runtime for Silverlight 4
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (VICONSQL)
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C3AB990-1F33-3D6B-9F34-8D5189FA04D3}" = Windows Phone 7 Add-in for Visual Studio 2010 - ENU
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2F083216-8203-4E94-8C7C-EDF1C91D037D}" = RealWorld Cursor Editor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E1E0C7-95E7-4177-A375-CC41031F3D2C}" = Windows Mobile 6.5.3 Professional DTK
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{408EA5EB-F374-4CDD-B5D8-4672DCC00D34}" = MonoDroid for Visual Studio 1.0.8086
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{49A3D943-9A41-44D7-9C28-E0EB6C1BB336}" = TortoiseSVN 1.6.13.20954 (32 bit)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51032BDF-67CD-4160-A662-26BAEFA346D6}" = SQL Server 2008 R2 Client Tools
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5542F72D-45E4-371C-BE4B-A7CB70C11E9D}" = Windows Phone Emulator - ENU
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
"{56DB0BD0-E3EB-49B4-A312-97CF88BE12CE}" = Windows Mobile 6 Professional SDK
"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B7A0F02-D89F-436B-A5EB-12D2C616F61B}" = Socket Connect!Agent Software
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{6F801026-6AF0-4520-9153-4C9B4CAAB361}" = HP LaserJet P2050 Series 6.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{756FCCAB-223D-4814-A207-78ED113F4497}" = Windows Mobile 6.5 Professional Developer Tool Kit - USA
"{76CE5B47-F5A4-4E5C-99A0-CEFF6146EA4A}" = System Requirements Lab for Intel
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderP2050
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FFC6175-D2C5-4FA7-91E8-E2A9431A5CDA}" = WCF RIA Services V1.0 for Visual Studio 2010
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9A9C11FA-AE85-3B48-86BE-5FA83D0384B3}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{9ACDACC7-0095-40F1-8033-0DB95C920678}" = SQL Server 2008 R2 Client Tools
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{A79A8EC1-2D17-43D2-AE27-6C1131F61033}" = Nero 7 Essentials
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B86149D3-18A2-41FD-A153-60AF944E47FE}" = Microsoft Windows Phone 7 Developer Resources
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC98294D-DCC5-4BCF-A734-D0C1618DC2D2}" = Windows Mobile 5.0 Pocket PC SDK
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD713555-81FA-408A-AD74-F0327F34A5F0}" = SocketScan Software
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C86F514A-F3BE-4BD7-B75F-372A55558F0D}" = FolderSizes 5
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB91CB0-17D9-44EB-BFB2-5307AB7E7DDC}" = Microsoft Visual Studio 2010 Express for Windows Phone - ENU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D36D5BEA-73E6-46BC-B97F-5FA63B7BFCC0}" = Intel Audio Studio 2.0
"{D428AB95-35B2-4868-B656-5C316E25EC69}" = SQL Server 2008 R2 Database Engine Services
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D80EA815-1621-413F-8951-044FAE5060C3}" = Vicon SQL
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DCBDB075-4628-4D5D-A0D0-F6C72A007D77}" = Az-Tech Device Drivers
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DF781E6F-BF29-4340-BEFB-09F7511B424D}" = SQL Server 2008 R2 Database Engine Services
"{E4B0E70B-0CB3-4E25-939A-3F0E3AD4A28F}" = Wise Installation Studio 7.0 SP1
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F5F5D626-9006-44AC-838E-860BF1790EF0}" = Crescent QuickPak 4.5.4
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agent Ransack_is1" = Agent Ransack 2010
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.2.0
"Blend_4.0.20901.0" = Microsoft Expression Blend 4
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"ClipX" = ClipX
"Comm32_is1" = Comm32
"FileZilla Client" = FileZilla Client 3.3.5.1
"FolderSizes 5" = FolderSizes 5
"GalilTools" = GalilTools
"GIF Movie Gear_is1" = GIF Movie Gear 4.2.3
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HijackThis" = HijackThis 1.98.2
"ie8" = Windows Internet Explorer 8
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.10
"Launchy_21344213_is1" = Launchy 2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Studio 2010 Express for Windows Phone - ENU" = Microsoft Windows Phone Developer Tools - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mikogo" = Mikogo
"Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiMon TaskBar_is1" = MultiMon TaskBar 2.1
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Paint Shop Pro 5.01" = Paint Shop Pro 5.01
"Pidgin" = Pidgin
"PROHYBRIDR" = 2007 Microsoft Office system
"RealVNC_is1" = VNC Free Edition 4.1.3
"RegScrubXP_is1" = RegScrubXP 3.25
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SystemRequirementsLab" = System Requirements Lab
"Toggl Desktop_is1" = Toggl Desktop 2.6.4.1
"Tweak UI 2.10" = Tweak UI
"VISPRO" = Microsoft Office Visio Professional 2007
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1004336348-1202660629-854245398-1172\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3840939107-1243498262-4025802620-1631\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2011 11:54:23 AM | Computer Name = PROGRAMMING-3B | Source = MSSQL$VICONSQL | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]

Error - 3/8/2011 11:54:24 AM | Computer Name = PROGRAMMING-3B | Source = MSSQL$VICONSQL | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]

Error - 3/8/2011 11:54:24 AM | Computer Name = PROGRAMMING-3B | Source = MSSQL$VICONSQL | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]

Error - 3/8/2011 2:20:44 PM | Computer Name = PROGRAMMING-3B | Source = MSSQL$VICONSQL | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]

Error - 3/8/2011 2:25:44 PM | Computer Name = PROGRAMMING-3B | Source = MSSQL$VICONSQL | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]

Error - 3/8/2011 2:25:44 PM | Computer Name = PROGRAMMING-3B | Source = MSSQL$VICONSQL | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]

Error - 3/8/2011 2:25:44 PM | Computer Name = PROGRAMMING-3B | Source = MSSQL$VICONSQL | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]

Error - 3/8/2011 2:25:44 PM | Computer Name = PROGRAMMING-3B | Source = MSSQL$VICONSQL | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]

Error - 3/8/2011 2:46:54 PM | Computer Name = PROGRAMMING-3B | Source = Application Error | ID = 1000
Description = Faulting application vb6.exe, version 6.0.97.82, faulting module ccrpudn6.ocx,
version 1.2.0.8, fault address 0x000099bf.

Error - 3/8/2011 4:36:03 PM | Computer Name = PROGRAMMING-3B | Source = MSSQL$VICONSQL | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]

[ OSession Events ]
Error - 9/3/2009 3:05:04 PM | Computer Name = PROGRAMMING-3B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/14/2011 2:01:07 PM | Computer Name = PROGRAMMING-3B | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 e5fc5000, parameter2 00000000, parameter3
80640b02, parameter4 00000001.

Error - 3/14/2011 3:59:09 PM | Computer Name = PROGRAMMING-3B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 3/14/2011 3:59:12 PM | Computer Name = PROGRAMMING-3B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/14/2011 4:00:15 PM | Computer Name = PROGRAMMING-3B | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 3/14/2011 4:00:15 PM | Computer Name = PROGRAMMING-3B | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 3/14/2011 4:00:15 PM | Computer Name = PROGRAMMING-3B | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 3/14/2011 4:00:15 PM | Computer Name = PROGRAMMING-3B | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 3/14/2011 4:00:15 PM | Computer Name = PROGRAMMING-3B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD ehdrv epfwtdir Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
vmm

Error - 3/14/2011 4:00:45 PM | Computer Name = PROGRAMMING-3B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 3/14/2011 4:00:48 PM | Computer Name = PROGRAMMING-3B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:48 PM

Posted 15 March 2011 - 07:35 AM

Hi-

That is good news. Let me look at the scan and I will get back with you.
Shannon

#11 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:48 PM

Posted 15 March 2011 - 08:36 AM

Hi-

Need to check on a couple of files.

First, before we start, please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows


Please click this link-->Jotti
When the Jotti page has finished loading, click Jotti's Browse button and navigate to the following files in turn and click the Submit file button within Jotti.

C:\kikkp66p.exe
C:\Documents and Settings\SUitzetter\Local Settings\Temp\frw2.tmp


If Jotti reports that the file has been scanned before and gives you those results, click on the Scan Again button.
To scan the next file, click on the Next File button.
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal

Let me know what Jotti reports on the two uploads. You can just send me the links to the Jotti output reports.
Shannon

#12 suitzetter

suitzetter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 15 March 2011 - 08:57 AM

Both files had been scanned before. I scanned again on each.


kikkp66p.exe: http://virusscan.jotti.org/en/scanresult/bad47d00392cca95f06f94db6a949a21894810b4

frw2.tmp: http://virusscan.jotti.org/en/scanresult/cd7daa4e20cfaf5009c4a2b1324304cf517d4111

#13 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:48 PM

Posted 15 March 2011 - 10:29 AM

Hi-

The OTL didn't show anything that might be causing your problems. Let's try Malwarebytes' Anti-Malware.

Please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Note: If you are unable to get MBAM to run, download one of the following Rkill programs to your desktop, run it, and then try MBAM again. If you are unable run the Rkill you downloaded, download another one, and try it.
Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 or 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your reply, please copy in the MBAM report and let me know how your computer is doing.
Shannon

#14 suitzetter

suitzetter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 16 March 2011 - 06:51 AM

MBAM completed the scan (took 2 and a half hours) and found nothing.

There was no log. I guess it only makes a log file when it finds something?

[edit] That was badly worded.

What I meant was, I was able to run MBAM no problem. It performed the full scan. It found no infections and no log was created.

Edited by suitzetter, 16 March 2011 - 03:27 PM.


#15 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:48 PM

Posted 16 March 2011 - 04:42 PM

Hi-

You should be able to find the Malwarebytes' Anti-Malware logs under the Logs tab on the main MBAM screen. If it was a clean run, I don't need the report.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Please copy the output report into your reply. How is the computer running now?
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users