[460jetboat]

cd \windows\Logs\cbs
The system cannot find file path sprcified

copy cbs.log cbs.old
The system cannot find file path sprcified

del cbs.log
Could not find C:\CBS.log

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt
Findstr: Cannot open
Findstr: Cannot open Findstr/Ken
Findstr: Cannot open Foster\Desktop\sfcdetails.txt


Ok, finally, there is no chkdsk log. Gupdate, security, DTSRV, Winlogon, security.
Do I need to run Chkdsk again??

Ken

[Advertisements]

Hi Ken,

When you ran the chkdsk program did you get any message about what disk errors(if any)were found in the command window when the program finished?


I want to physically check for a cbs.log file:

Click th Start button and put the mouse cursor over All Programs, the All Programs menu will come up.
Put the mouse cursor over Accessories, the Accessories menu will come up.
Click Windows Explorer, the Windows Explorer window will come up.

Navigate to C:\Windows\Logs\CBS and look for a file named cbs.log. If it is there:

Open a command window like you did before. At the blinking cursor type:

notepad c:\windows\logs\cbs\cbs.log and press the Enter key. A notepad window will open with the contents of cbs.log inside.

On the notepad window, in the Menu Bar at the top click File > SaveAs.... In the file save window name the file scfdetails and save it as a .txt file to the desktop.
Click the - button at the top right of the window. This will put the file on the task bar.

Back in the command window, at the blinking cursor, type exit and press the Enter key.

Click on the sfcdetails.txt file on the task bar, this will open the notepad file.

Copy and paste the contents of the sfcdetails.txt file in you next reply.

If there wasn't a [b]cbs.log[b] file in the C:\windows\logs\cbs folder let me know.

[godawgs]

Hi Ken,

When you ran the chkdsk program did you get any message about what disk errors(if any)were found in the command window when the program finished?


I want to physically check for a cbs.log file:

Click th Start button and put the mouse cursor over All Programs, the All Programs menu will come up.
Put the mouse cursor over Accessories, the Accessories menu will come up.
Click Windows Explorer, the Windows Explorer window will come up.

Navigate to C:\Windows\Logs\CBS and look for a file named cbs.log. If it is there:

Open a command window like you did before. At the blinking cursor type:

notepad c:\windows\logs\cbs\cbs.log and press the Enter key. A notepad window will open with the contents of cbs.log inside.

On the notepad window, in the Menu Bar at the top click File > SaveAs.... In the file save window name the file scfdetails and save it as a .txt file to the desktop.
Click the - button at the top right of the window. This will put the file on the task bar.

Back in the command window, at the blinking cursor, type exit and press the Enter key.

Click on the sfcdetails.txt file on the task bar, this will open the notepad file.

Copy and paste the contents of the sfcdetails.txt file in you next reply.

If there wasn't a [b]cbs.log[b] file in the C:\windows\logs\cbs folder let me know.

[460jetboat]

Godawgs;
There is absoutly nothing in C:\Windows\Logs -empty window.

From c:\windows\logs\cbs\cbs.log -file not found
From c:\windows\logs\cbs\cbs.log -specified path not found

Boy I'm a pain eh? lol;

[godawgs]

Boy I'm a pain eh? lol;

Not at all.


Step-1.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)

• 
• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Step-2.

Things For Your Next Post:
1. The FSS.txt log
2. Answer my question about any messages you got in the command window when you ran chkdsk.

[460jetboat]

Please find belowthe FSS log. In all honesty I didn't pay that much attention to the log when I ran Chkdsk, as it it sort of like reading hyroglyphics to me, and I guess I depending on you to determine what was wrong. Nothing jumped out at me as a glaring fault that I recall. I could run it again if it would help. I was unable to copy the log to post it, but I could write it all down and then type it into a post if that would help.
Ken


Farbar Service Scanner Version: 09-06-2012
Ran by Ken Foster (administrator) on 12-06-2012 at 15:50:45
Running from "C:\Documents and Settings\Ken Foster\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

[godawgs]

Hi Ken,

Please post the OTL log you ran on the 11th.

[godawgs]

Double post, sorry! See the post above.

Edited by godawgs, 12 June 2012 - 11:07 PM.

[460jetboat]

No I can't. I didn't get that far on the 11th...due to the fact that I was unable to find The chkdsk.log, and was having trouble with The sfcdetails.txt log, due to the graphics problem.
I stopped at that point as I didn't know if things should be done in order or not, and waited for your answer.

Here is the OTL.Txt log I ran this morning, however no Extras.text file was created (I even did a search for it):

OTL logfile created on: 6/13/2012 7:36:51 AM - Run 8
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Ken Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 172.14 Mb Available Physical Memory | 34.20% Memory free
1.20 Gb Paging File | 0.77 Gb Available in Paging File | 64.65% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 124.26 Gb Free Space | 66.70% Space Free | Partition Type: NTFS

Computer Name: CLONE | User Name: Ken Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/31 22:15:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/23 12:33:14 | 000,224,888 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/02/18 19:26:06 | 000,300,760 | ---- | M] (Abine Inc.) -- C:\Program Files\DoNotTrackPlus\PropertySync.exe
PRC - [2011/09/23 14:04:00 | 000,098,208 | ---- | M] (Craftsman Book Company) -- C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/07/15 16:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/06 13:41:06 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/05/04 16:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 03:10:39 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0fa194be95e88e0dfc21db37078a60d4\System.Windows.Forms.ni.dll
MOD - [2012/05/17 18:26:14 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/17 18:24:29 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
MOD - [2012/05/17 18:17:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/17 18:16:56 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/04/12 03:12:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_87cec736\system.windows.forms.dll
MOD - [2012/03/24 09:27:11 | 000,222,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CbcCorLib\1.5.0.285__dc62ab6ce5358df9\CbcCorLib.dll
MOD - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/02/18 19:26:02 | 000,893,144 | ---- | M] () -- C:\Program Files\DoNotTrackPlus\ContentFilter.dll
MOD - [2012/02/18 19:26:00 | 000,250,072 | ---- | M] () -- C:\Program Files\DoNotTrackPlus\ButtonSite.dll
MOD - [2012/01/07 09:38:01 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df767a39\mscorlib.dll
MOD - [2012/01/07 09:37:38 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4fd16e16\system.xml.dll
MOD - [2012/01/07 09:37:14 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_643da891\system.dll
MOD - [2012/01/07 09:36:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/07 09:36:48 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/03/04 04:02:41 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/03/04 04:02:36 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2010/03/03 12:53:12 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqusg\3.0.0.0__a53cf5803f4c3827\interop.hpqusg.dll
MOD - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2009/02/27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/11 17:24:28 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\hppatusg01.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/05/23 08:02:00 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/04/08 17:09:26 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\WINDOWS\system32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/07/15 16:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2008/07/29 22:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 19:12:04 | 000,059,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/13 19:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 19:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [File_System | On_Demand | Stopped] -- System32\DRIVERS\srv.sys -- (Srv)
DRV - File not found [Kernel | System | Stopped] -- -- (Sfloppy)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Normandy)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KENFOS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/06/13 01:39:24 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A65ED54F-22DB-41B3-A6F1-4E715E17271A}\MpKsl72efaf8e.sys -- (MpKsl72efaf8e)
DRV - [2010/11/13 22:22:36 | 000,019,507 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sonypvl3.sys -- (sonypvl3)
DRV - [2009/07/15 16:43:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 10:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/12 14:27:00 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007/04/24 09:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007/02/09 15:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 15:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2004/12/06 15:26:16 | 000,423,454 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvt3.sys -- (sonypvt3)
DRV - [2004/11/15 14:55:14 | 000,619,390 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvf3.sys -- (sonypvf3)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003/03/31 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2003/03/31 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/17 07:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 07:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 07:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.inklineglobal.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.inklineglobal.com
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.inklineglobal.com
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.inklineglobal.com
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.inklineglobal.com
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes,DefaultScope = {088AD4F2-2332-4A4A-BA83-B904BF0BE395}
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes\{088AD4F2-2332-4A4A-BA83-B904BF0BE395}: "URL" = https://startpage.co...anguage=english
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes\{09035B5D-896E-4E0F-AA58-B594AFB20D04}: "URL" = http://websearch.ask...06-23C1020D4831
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes\{B68193F6-AB45-431C-BB9A-3FA4853E6940}: "URL" = http://wiki.ross-tec...h={searchTerms}
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes\{F5F655E8-6661-4769-9952-6AE6EBFABC45}: "URL" = http://search.yahoo....0104,6901,0,8,0
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes\{F813F595-1DA6-4476-915D-E3C2FDF0B758}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js - File not found
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/05/20 05:34:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/11 14:20:12 | 000,000,000 | ---D | M]

[2012/05/17 21:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ken Foster\Application Data\Mozilla\Extensions
[2012/05/24 21:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ken Foster\Application Data\Mozilla\Firefox\Profiles\obepgujh.default\extensions
[2012/05/17 21:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/13 08:06:38 | 000,004,733 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KEN FOSTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OBEPGUJH.DEFAULT\EXTENSIONS\[email protected]
[2012/05/20 05:34:34 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAM FILES\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/03 09:39:26 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/04/11 13:14:48 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.0\

O1 HOSTS File: ([2012/03/19 16:56:11 | 000,000,761 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ken Foster\Start Menu\Programs\Startup\Craftsman Software Update.lnk = C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Do Not Track Plus © Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O15 - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.suppor...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1267413876265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1267511655031 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C69CF277-F133-496D-BE88-96A6C23FC59D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/07 15:56:27 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 06:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\PCHealth
[2012/06/13 05:22:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/06/12 18:15:52 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/08 21:36:55 | 000,407,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ken Foster\Desktop\RectorDecryptor.exe
[2012/06/08 21:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor
[2012/06/07 17:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\My Documents\Tyre
[2012/06/05 18:15:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/03 21:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32
[2012/06/03 04:00:56 | 000,685,736 | ---- | C] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\RK_Quarantine
[2012/06/01 14:12:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 19:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/05/26 17:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\5-25 Dog Show
[2012/05/24 21:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/24 21:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\AVG Secure Search
[2012/05/24 21:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/20 08:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\vlc
[2012/05/20 08:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/05/20 08:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/05/20 05:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/05/20 05:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2012/05/20 05:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/05/20 05:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2012/05/17 21:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/05/17 21:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2012/05/17 21:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/05/17 18:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Secunia PSI
[2012/05/17 18:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/05/17 08:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Start Menu\Programs\Smart Fortress 2012
[2012/05/17 08:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\PropertySyncObj
[2012/05/17 08:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F4D5618A014E2B7F00006387D151FC4E
[2012/05/17 08:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PropertySyncObj
[2012/05/17 07:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

========== Files - Modified Within 30 Days ==========

[2012/06/13 07:35:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/13 07:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/13 06:23:37 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/13 06:23:27 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/13 06:23:07 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/13 06:23:02 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/13 06:23:01 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/13 06:23:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/13 03:38:39 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/13 03:28:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/13 03:28:28 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 03:10:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/13 03:07:23 | 000,514,662 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 03:07:23 | 000,093,186 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 02:11:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\PCRepairClinic_fullScan.job
[2012/06/12 15:48:54 | 000,338,127 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 12:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/06/12 06:05:57 | 000,000,000 | ---- | M] () -- C:\Documents
[2012/06/11 18:00:26 | 023,970,870 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:53:35 | 000,561,840 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/10 21:08:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/10 12:57:57 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/09 18:59:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/08 21:34:31 | 000,345,653 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/08 07:06:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/07 19:54:22 | 000,198,144 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\BBG2.ptm
[2012/06/07 17:50:59 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tyre.lnk
[2012/06/05 08:16:41 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wipe 2012.lnk
[2012/06/03 21:05:25 | 000,247,579 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/03 04:00:56 | 000,685,736 | ---- | M] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:18:13 | 001,506,304 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/01 18:20:11 | 136,754,960 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/06/01 14:12:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 21:54:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/31 14:45:07 | 000,002,200 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:06 | 000,237,734 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:04 | 000,702,847 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,107,479 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | M] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,155,936 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:15 | 020,521,787 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:15:03 | 021,412,620 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | M] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | M] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/31 08:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/26 17:26:25 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/20 08:58:27 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/05/20 05:59:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/18 07:28:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/16 10:08:26 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2012/05/15 08:20:33 | 001,863,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/05/15 08:20:33 | 001,863,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

========== Files Created - No Company Name ==========

[2012/06/12 15:48:46 | 000,338,127 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 06:05:57 | 000,000,000 | ---- | C] () -- C:\Documents
[2012/06/11 17:58:59 | 023,970,870 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:51:01 | 000,561,840 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/08 21:34:31 | 000,345,653 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/07 17:49:58 | 000,000,608 | ---- | C] () -- C:\clickmarker.gif
[2012/06/07 17:49:58 | 000,000,582 | ---- | C] () -- C:\waypoint_last.png
[2012/06/07 17:49:58 | 000,000,562 | ---- | C] () -- C:\waypoint.png
[2012/06/07 17:49:58 | 000,000,501 | ---- | C] () -- C:\waypoint_first.png
[2012/06/07 17:49:58 | 000,000,488 | ---- | C] () -- C:\waypoint_new.png
[2012/06/07 17:49:58 | 000,000,463 | ---- | C] () -- C:\waypoint_blue.png
[2012/06/03 21:05:25 | 000,247,579 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/02 19:18:09 | 001,506,304 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/01 18:20:11 | 136,754,960 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/05/31 14:45:06 | 000,002,200 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:05 | 000,237,734 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:03 | 000,702,847 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,107,479 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | C] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:38 | 000,155,936 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:08 | 020,521,787 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:14:59 | 021,412,620 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/24 20:56:28 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/24 12:54:38 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/05/21 12:15:49 | 000,016,992 | ---- | C] () -- C:\WINDOWS\GRPCONV.EX_
[2012/05/20 08:58:27 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/05/20 07:45:55 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/05/20 07:45:53 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/05/20 07:45:15 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/05/20 05:59:44 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Start Menu\Programs\Startup\Craftsman Software Update.lnk
[2012/05/01 10:46:58 | 000,143,398 | ---- | C] () -- C:\WINDOWS\System32\TelenorCom.dll
[2012/05/01 10:46:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TJPEGCodec.dll
[2012/03/24 09:40:47 | 000,000,726 | ---- | C] () -- C:\WINDOWS\TNE32.INI
[2012/02/16 00:35:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 11:01:54 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2_WIPE2012.ini
[2012/01/02 11:01:36 | 000,340,992 | ---- | C] () -- C:\WINDOWS\sqlite36_engine.dll
[2011/09/18 19:24:50 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/08/12 06:14:42 | 000,726,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1343024091-1177238915-682003330-1003-0.dat
[2011/08/11 01:32:52 | 000,182,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/13 23:55:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/27 08:04:51 | 000,340,992 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2011/01/04 16:50:47 | 000,000,308 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2011/01/04 16:48:05 | 000,000,301 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2011/01/04 16:48:05 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2011/01/04 16:47:45 | 000,002,762 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2011/01/04 16:47:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2010/12/20 23:28:57 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe
[2010/12/20 20:48:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/16 23:14:25 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2010/11/14 11:55:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/11/08 21:22:28 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Application Data\ViewerApp.dat
[2010/10/19 16:57:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/19 16:57:56 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/19 16:57:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/19 16:57:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/19 16:57:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 12:40:20 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2.ini

========== LOP Check ==========

[2012/05/31 16:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WIPE
[2012/05/31 21:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.CLONE\Application Data\DriverCure
[2012/01/04 00:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.CLONE\Application Data\iolo
[2012/05/31 21:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.CLONE\Application Data\SpeedyPC Software
[2012/05/31 16:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.CLONE\Application Data\WIPE
[2012/05/17 07:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2012/05/24 21:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/04/30 13:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/04/11 13:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/05/08 08:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/24 09:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Craftsman
[2012/01/07 08:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Doctor Web
[2012/05/17 08:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D5618A014E2B7F00006387D151FC4E
[2012/05/31 19:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/02/19 20:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/04/05 11:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gGh06511jJpPm06511
[2011/11/18 23:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\inKline Global
[2012/05/18 06:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/01/17 06:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2010/12/20 21:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/01/21 09:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Unleashed Online
[2011/03/01 13:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pFfBoGc06511
[2012/05/17 21:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/05/03 17:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2012/05/31 21:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/03/04 23:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/07 17:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tyre
[2010/07/13 14:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wick Building Systems
[2012/01/26 11:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/05/24 21:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\AVG Secure Search
[2010/04/13 09:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/12 15:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\Del Rey
[2010/03/02 00:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\DisplayTune
[2012/05/31 16:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\DriverCure
[2011/08/31 07:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\ElevatedDiagnostics
[2011/03/27 14:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\ErrorExpert
[2012/05/24 12:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\FixCleaner
[2012/05/31 16:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\FreeFLVConverter
[2011/08/10 21:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\GARMIN
[2010/12/20 12:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\GetRightToGo
[2010/03/16 22:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\ieSpell
[2011/10/26 21:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\iolo
[2010/03/03 00:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\OpenOffice.org
[2011/01/17 14:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\Oracle
[2012/01/21 09:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\PC Unleashed Online
[2012/04/11 13:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\RPPrivate
[2012/04/11 13:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\searchquband
[2010/12/22 08:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\SoftMaker
[2012/04/11 13:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\SpeedyPC Software
[2012/06/08 21:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\Tyre
[2010/04/06 15:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\Wick Building Systems
[2012/06/11 06:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\WIPE2012
[2010/12/04 18:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\wsInspector
[2011/09/18 19:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/03/02 03:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\AVGTOOLBAR
[2010/03/02 03:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/02 03:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\Desktop Mechanic
[2010/03/02 03:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\DisplayTune
[2012/05/31 16:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\DriverCure
[2010/03/02 03:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\GARMIN
[2010/03/02 03:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\GlarySoft
[2010/03/02 03:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\HouseCall 6.6
[2012/05/31 16:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\MailWasherPro
[2010/03/02 03:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\SpamPal
[2010/03/02 03:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\Teleca
[2010/03/02 03:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\Uniblue
[2010/03/02 03:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\Wick Building Systems
[2012/01/07 23:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tndavis\Application Data\WIPE
[2012/06/12 12:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\FixCleaner Scan.job
[2012/06/13 02:11:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\PCRepairClinic_fullScan.job

========== Purity Check ==========



========== Custom Scans ==========

< md5/start >
Invalid Switch: start

< setsyslog32.exe >

< wpbt0.dll >

< Explore.exe.exe >

< mmd5/stop >
Invalid Switch: stop

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Edited by 460jetboat, 13 June 2012 - 06:57 AM.

[godawgs]

Thanks for the OTL log Ken, but I screwed up the scan. I swear some times I can do some bone headed things. What I really want to see is the files in the custom scan. So I'm afraid I'm going to need you to run it again. Sorry. The scan parameters have changed for this scan so be sure to read the instructions before running the scan.

1. Also, are you still having the problem with MS Office trying to re-install itself?

2. And does the Construction Estimator program still try to install when you run the Wipe program?


Step-1.

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the box in OTL. To do that:

• Highlight everything inside the code box, right click the mouse and click Copy.

/md5start
setsyslog32.exe
wpbt0.dll
Explore.exe.exe
/md5stop

2. Re-open OTL on the desktop. To do that:

• Double click on the OTL icon to run it. Make sure all other windows are closed.
• You will see a console like the one below:
  
  
  
• Check the box beside None at the top of the console<---Important
• Make sure the Output box at the top is set to Minimal Output.<---Important
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted. The scan won't take long.
• When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-1.

Things For Your Next Post:
1. The new OTL.txt file------There won't be an Extras.txt file
2. Answers to my questions above.

[460jetboat]

I'm not clear on what you mean "check the box beside none" at the top of the console.
Do you mean "run fix" or on the right side of none is "fix"
also there are six bullits which I could checkmark "none"

Yes, MsOffice still trys to install itself, and so does the construction estimating program (National Estimator)

I will await your reply before proceeding.

Ken

[godawgs]

If you look at the top of the console on the image shown in my last post, at the top of the console you will see a blue button titled Run Scan, a pink button titled Quick Scan.

Under those you will see a red button titled Run Fix. Next to that you will find a greyed out button titled None. That's the button I want you to click. It will automatically check the None button in all of the sections.
Then follow the rest of the directions.

[460jetboat]

OTL logfile created on: 6/13/2012 5:32:56 PM - Run 9
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Ken Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 201.28 Mb Available Physical Memory | 39.99% Memory free
1.20 Gb Paging File | 0.81 Gb Available in Paging File | 67.84% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 124.40 Gb Free Space | 66.78% Space Free | Partition Type: NTFS

Computer Name: CLONE | User Name: Ken Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: EXPLORE.EXE.EXE >
[2012/03/04 23:38:36 | 004,777,280 | ---- | M] (Sysinternals - www.sysinternals.com) MD5=8EDDE617D134479EE2AEF392BCEE4723 -- C:\Documents and Settings\Administrator.CLONE\Desktop\Explore.exe.exe

< >

< End of report >

[godawgs]

Hi Ken,

The Explore.exe.exe file looks suspicious. We need to have it scanned. Then I should have a final OTL fix and we can start working on the Office problem.

Step-1.

File Scanner
There are some files I need you to upload for checking

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  • C:\Documents and Settings\Administrator.CLONE\Desktop\Explore.exe.exe
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Step-2.

Things For Your Next Post:
1. The Virscan results

[460jetboat]

Godawgs, interesting that you say that. Often Internet exploder will almost hang and become unresponsive for a length of time. I've discovered that by going to task manager, there will often be several Iexplore.exe files open. By quitting them from task manager, then all is well and the computer will function normally again.

Ken

VirSCAN.org Scanned Report :
Scanned time : 2012/06/13 21:38:23 (CDT)
Scanner results: Scanners did not find malware!
File Name : Explore.exe.exe
File Size : 4777280 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 8edde617d134479ee2aef392bcee4723
SHA1 : 567875a29fc2884d5a03db61b4fefff8a5071d23
Online report : http://r.virscan.org...6d6ac77c8660a67

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120614090123 2012-06-14 0.48 -
AhnLab V3 ... .. -- 0.17 -
AntiVir 8.2.10.80 7.11.32.106 2012-06-09 0.18 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.17 -
Arcavir 2011 201206041805 2012-06-04 4.90 -
Authentium 5.1.1 201206132018 2012-06-13 1.74 -
AVAST! 4.7.4 120613-1 2012-06-13 1.11 -
AVG 12.0.1782 2433/5068 2012-06-13 0.59 -
BitDefender 7.90123.7285473 7.42588 2012-06-14 3.91 -
ClamAV 0.97.3 15039 2012-06-14 25.18 -
Comodo 5.1 12607 2012-06-13 2.66 -
CP Secure 1.3.0.5 2012.06.14 2012-06-14 0.75 -
Dr.Web 7.0.2.4281 2012.06.13 2012-06-13 14.40 -
F-Prot 4.6.2.117 20120613 2012-06-13 1.01 -
F-Secure 7.02.73807 2012.06.13.08 2012-06-13 0.28 -
Fortinet 4.3.392 15.688 2012-06-13 0.26 -
GData 22.5275 20120614 2012-06-14 5.23 -
ViRobot 20120613 2012.06.13 2012-06-13 0.36 -
Ikarus T3.1.32.20.0 2012.06.13.81479 2012-06-13 6.13 -
JiangMin 13.0.900 2012.06.13 2012-06-13 2.52 -
Kaspersky 5.5.10 2012.06.14 2012-06-14 0.41 -
KingSoft 2009.2.5.15 2012.6.13.9 2012-06-13 0.95 -
McAfee 5400.1158 6741 2012-06-13 9.32 -
Microsoft 1.8403 2012.06.14 2012-06-14 3.62 -
NOD32 3.0.21 7219 2012-06-13 0.27 -
Panda 9.05.01 2012.06.12 2012-06-12 0.69 -
Trend Micro 9.500-1005 9.192.04 2012-06-13 0.24 -
Quick Heal 11.00 2012.06.13 2012-06-13 2.36 -
Rising 20.0 24.14.02.01 2012-06-13 2.96 -
Sophos 3.32.0 4.78 2012-06-14 4.66 -
Sunbelt 3.9.2539.2 12050 2012-06-13 2.73 -
Symantec 1.3.0.24 20120612.002 2012-06-12 0.29 -
nProtect 20120613.02 11453141 2012-06-13 1.63 -
The Hacker 6.8.0.0 v00037 2012-06-13 0.61 -
VBA32 3.12.16.8 20120613.1118 2012-06-13 5.04 -
VirusBuster 5.5.1.3 15.0.54.0/8961303 2012-06-13 0.31 -

[godawgs]

Hi Ken,

I'm sorry it has taken me this long to get back to you but something came up that I had to take care of. I will post the my next steps after my instructor has approved them. Hopefully that will be later this morning, but it shouldn't be later than this afternoon.