Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Files corrupted: .crypt [Solved]


  • This topic is locked This topic is locked

#46
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
No problem GD...
I was hoping you had finally taken some personal time! lol
Thanks for getting back to me though...

Ken
  • 0

Advertisements


#47
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ken,

The Iexplore.exe files that are showing up in Task Manager are the executable files for Internet Explorer. Multiple instances of this file could mean the you have several IE windows open, or you have opened IE numerous times, or it could be that the iexplore.exe process didn't get stopped and deleted properly after previous openings.
This file is not the same as the Explore.exe.exe (notice there's no I at the beginning) file that shows on the desktop.

1. Can you see this file on the desktop and do you know how it got there?

The file looks like a download error...maybe from trying to save Sysinternals. If you don't know what it is run the following OTL fix and kill it.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:FILES
C:\Documents and Settings\Administrator.CLONE\Desktop\Explore.exe.exe

:COMMANDS
[REBOOT]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).



According to the list of installed Programs in the OTL scan you have MS Office Standard Edition 2003. If that is correct, Microsoft has a KB article here that explains the procedures to detect and repair problems with installed Microsoft Office programs.

Scroll down to the section entitled How to Repair or Reinstall Office Programs and follow the steps under either Method 1 or Method 2 to repair the Office program.


Step-2.

Things For Your Next Post:
1. The OTL fixes log, or let me know what the Explorer.exe.exe file is
2. Let me know how the repair of the MS Office program went.
  • 0

#48
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Godawgs,
No, I do not have the Explore.exe.exe file on the desktop, but ran the OTL fix as it does show up in Task Mgr. After running the fix it shows up as Explore.exe

I had wondered about re-installing MSOffice, so will do that in the morning. It seems that reinstalling the Ntl.construction estimator would solve that problem too, but will wait for your opinion....

Proscessor was using 50-100% before running OTL fix, now seems good.

Manyana~

Ken
  • 0

#49
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Almost forgot;

========== FILES ==========
C:\Documents and Settings\Administrator.CLONE\Desktop\Explore.exe.exe moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.45.0 log created on 06152012_225839

Edited by 460jetboat, 15 June 2012 - 10:12 PM.

  • 0

#50
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Well, had a bear of a time, but finally got Office re-installed and that end of the problem has gone away.

Ken
  • 0

#51
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ken,

Well, had a bear of a time, but finally got Office re-installed and that end of the problem has gone away.

Great Job.

I want to do the same thing with The National Construction Estimator program and see if we can eliminate that problem. I know it's going slowly right now but we need to concentrate on these issues one at a time.


Step-1.

Uninstall and Re-install National Construction Estimator

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

2012 National Construction Estimator

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Re-install the National Construction Estimator program and see if the issue is resolved.


Step-2.

Things For Your Next Post:
1. Let me know whether or not the issue with the Construction Estimator program is resolved.
  • 0

#52
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Godawgs, yes this has resolved it. I uninstalled wipe and NCEst. Rebooted, reinstalled, and now all is fine.

Ken
  • 0

#53
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Proposed Fix

Hi Ken,

Godawgs, yes this has resolved it. I uninstalled wipe and NCEst. Rebooted, reinstalled, and now all is fine.

That's good news too! The last system problem I can see is that the Windows Event logs aren't being created. So we're gonna check that out.


Step-1.

Check the EventLog service

  • Click Start, Right click Computer and click Manage. The Computer Management screen will open.
  • Click the + beside Services and Applications
  • Click Services. The window to the right will show the list of srevices on the system. Scroll down the Name column until you see Windows Event Log
  • Right click on Windows Event Log and click Properties. A Properties window will open up simmilar to the one in the image below
    Posted Image
  • Make sure the Start Up Type box is set to Automatic. If it doesn't show Automatic, click the down arrow and click Automatic
  • In the Service Status section:
    If the word Started is beside Service Status, go straight to Step 2.

    If it says Stopped, click the Start button, then click the Apply button.
    If the service won't start you will get an error message. If you get an error message STOP, write the message down, close the Properties window and the Computer Management window and post that message in your next reply.
  • If you don't get an error message, the service should have started.
  • Close the Properties page and the Computer Management page and reboot the computer.
  • Re-open OTL and click the Quick Scan button. Post the OTL.txt file in your next reply. Do Not do Step 2.


Step-2.

Clear Event Logs

If the Event Log service showed to be Started, click the + beside Event Viewer in the left column.

  • Right click on Application and click Clear Log
    If you get an error message here, STOP, write the message down. Close the Computer Management window and post the error message in your next reply.
  • Right click on System and click Clear Log
  • Close the Computer Management window and reboot the computer.
  • Re-open OTL and click the Quick Scan button. Post the OTL.txt file in your next reply.


Step-3.

Things For Your Next Post:
1. If everything worked without any error messages post the OTL.txt log
2. If you got an error message, post it and tell me where you got it.
  • 0

#54
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Following your directions, under event viewer, and r.clicking on applications, I do not have the option to clear log.
I have:
Open log file
Save log file
new log view
clear all events

I tried clear all events and it attempts to save a file to destination of my choice.
Is this correct??
  • 0

#55
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ken,

Yep, Clear All Events will work. Some versions say Clear Log. When it asks you if you want to save the log, click No.

Then run the OTL Quick Scan and post the OTL.txt file please.
  • 0

Advertisements


#56
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Godawgs, Sorry- I posted this Monday evening after running it, but since I had not heard from you I went to the forum and checked tonight to see if you had replied and I had not received a notification email. My OTL.txt log was not there! Hmmmmm....Probably explains why you have not replied!
Anyway, here it is

KEn

OTL logfile created on: 6/18/2012 10:52:07 PM - Run 10
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Ken Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 94.82 Mb Available Physical Memory | 18.84% Memory free
1.20 Gb Paging File | 0.74 Gb Available in Paging File | 61.72% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 122.49 Gb Free Space | 65.75% Space Free | Partition Type: NTFS

Computer Name: CLONE | User Name: Ken Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users



Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ken Foster\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\DoNotTrackPlus\PropertySync.exe (Abine Inc.)
PRC - C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_87cec736\system.windows.forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CbcCorLib\1.5.0.285__dc62ab6ce5358df9\CbcCorLib.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Program Files\DoNotTrackPlus\ContentFilter.dll ()
MOD - C:\Program Files\DoNotTrackPlus\ButtonSite.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df767a39\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4fd16e16\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_643da891\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll ()
MOD - c:\windows\assembly\gac\interop.hpqusg\3.0.0.0__a53cf5803f4c3827\interop.hpqusg.dll ()
MOD - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
MOD - C:\WINDOWS\system32\hppatusg01.dll ()


========== Win32 Services (SafeList) ==========

SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE File not found
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (PuranDefrag) -- C:\WINDOWS\system32\PuranDefragS.exe (Puran Software)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (RemoteRegistry) -- C:\WINDOWS\system32\regsvc.dll (Microsoft Corporation)
SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) WAN Miniport (ATW) -- System32\DRIVERS\wanatw4.sys File not found
DRV - (Srv) -- System32\DRIVERS\srv.sys File not found
DRV - (Sfloppy) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (Normandy) -- File not found
DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found
DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\KENFOS~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (sonypvl3) -- C:\WINDOWS\System32\drivers\sonypvl3.sys (Sony Corporation)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys (Microsoft Corporation)
DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Microsoft Corporation)
DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (pdiddcci) -- C:\WINDOWS\system32\drivers\pdiddcci.sys (Portrait Displays, Inc.)
DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\WINDOWS\system32\drivers\s125bus.sys (MCCI Corporation)
DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.)
DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.)
DRV - (sonypvt3) -- C:\WINDOWS\System32\drivers\sonypvt3.sys (Sony Corporation)
DRV - (sonypvf3) -- C:\WINDOWS\System32\drivers\sonypvf3.sys (Sony Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (WS2IFSL) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.inklineglobal.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.inklineglobal.com
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.inklineglobal.com
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.inklineglobal.com
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.inklineglobal.com
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes,DefaultScope = {088AD4F2-2332-4A4A-BA83-B904BF0BE395}
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes\{088AD4F2-2332-4A4A-BA83-B904BF0BE395}: "URL" = https://startpage.co...anguage=english
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes\{09035B5D-896E-4E0F-AA58-B594AFB20D04}: "URL" = http://websearch.ask...06-23C1020D4831
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes\{B68193F6-AB45-431C-BB9A-3FA4853E6940}: "URL" = http://wiki.ross-tec...h={searchTerms}
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes\{F5F655E8-6661-4769-9952-6AE6EBFABC45}: "URL" = http://search.yahoo....0104,6901,0,8,0
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..\SearchScopes\{F813F595-1DA6-4476-915D-E3C2FDF0B758}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/05/20 05:34:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 11:47:54 | 000,000,000 | ---D | M]

[2012/05/17 21:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ken Foster\Application Data\Mozilla\Extensions
[2012/06/16 10:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ken Foster\Application Data\Mozilla\Firefox\Profiles\obepgujh.default\extensions
[2012/06/17 11:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ken Foster\Application Data\Mozilla\Firefox\Profiles\obepgujh.default\extensions\{b57a9eb1-0e57-4850-a701-4d169538e6ed}
[2012/06/16 10:30:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/16 10:30:12 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/04/13 08:06:38 | 000,004,733 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KEN FOSTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OBEPGUJH.DEFAULT\EXTENSIONS\[email protected]
[2012/05/20 05:34:34 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAM FILES\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/03 09:39:26 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/04/11 13:14:48 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.0\

O1 HOSTS File: ([2012/03/19 16:56:11 | 000,000,761 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ken Foster\Start Menu\Programs\Startup\Craftsman Software Update.lnk = C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Do Not Track Plus © Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O15 - HKU\S-1-5-21-1343024091-1177238915-682003330-1003\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.suppor...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1267413876265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1267511655031 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C69CF277-F133-496D-BE88-96A6C23FC59D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/07 15:56:27 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 12:25:14 | 002,592,800 | ---- | C] (Craftsman Book Company ) -- C:\Documents and Settings\Ken Foster\Desktop\2012_CSL_setup.exe
[2012/06/17 12:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\blekkotb_032
[2012/06/16 11:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/06/16 11:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2012/06/16 11:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2012/06/16 11:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/06/16 11:18:59 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/06/16 11:09:54 | 227,190,984 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\OfficeSTD.exe
[2012/06/16 10:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\blekkotb_019
[2012/06/16 10:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/06/16 10:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2012/06/16 09:24:31 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\FixitCenter_Run.exe
[2012/06/13 06:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\PCHealth
[2012/06/12 18:15:52 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/08 21:36:55 | 000,407,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ken Foster\Desktop\RectorDecryptor.exe
[2012/06/08 21:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor
[2012/06/07 17:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\My Documents\Tyre
[2012/06/05 18:15:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/03 21:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32
[2012/06/03 04:00:56 | 000,685,736 | ---- | C] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\RK_Quarantine
[2012/06/01 14:12:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 19:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/05/26 17:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\5-25 Dog Show
[2012/05/24 21:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/24 21:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\AVG Secure Search
[2012/05/24 21:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/20 08:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\vlc
[2012/05/20 08:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/05/20 08:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/05/20 05:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/05/20 05:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2012/05/20 05:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/05/20 05:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks

========== Files - Modified Within 30 Days ==========

[2012/06/18 22:58:39 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/18 22:49:41 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/18 22:49:28 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/18 22:49:05 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/18 22:49:02 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/18 22:49:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/18 22:49:01 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/18 22:48:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/18 22:35:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/18 22:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/18 12:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/06/18 02:11:04 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\PCRepairClinic_fullScan.job
[2012/06/17 21:08:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/17 12:43:39 | 000,215,524 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NCE.ubk
[2012/06/17 12:43:36 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wipe 2012.lnk
[2012/06/17 12:39:29 | 000,215,524 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NCE.SAV
[2012/06/17 12:28:16 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2012/06/17 12:25:14 | 002,592,800 | ---- | M] (Craftsman Book Company ) -- C:\Documents and Settings\Ken Foster\Desktop\2012_CSL_setup.exe
[2012/06/17 12:17:04 | 000,170,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/16 18:59:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/16 11:27:39 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/06/16 11:09:54 | 227,190,984 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\OfficeSTD.exe
[2012/06/16 09:24:33 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\FixitCenter_Run.exe
[2012/06/15 07:06:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/14 03:21:46 | 000,550,068 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 03:21:46 | 000,100,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 03:11:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/12 15:48:54 | 000,338,127 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 06:05:57 | 000,000,000 | ---- | M] () -- C:\Documents
[2012/06/11 18:00:26 | 023,970,870 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:53:35 | 000,561,840 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/10 12:57:57 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/08 21:34:31 | 000,345,653 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/07 19:54:22 | 000,198,144 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\BBG2.ptm
[2012/06/07 17:50:59 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tyre.lnk
[2012/06/03 21:05:25 | 000,247,579 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/03 04:00:56 | 000,685,736 | ---- | M] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:18:13 | 001,506,304 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/01 18:20:11 | 136,754,960 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/06/01 14:12:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 21:54:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/31 14:45:07 | 000,002,200 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:06 | 000,237,734 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:04 | 000,702,847 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,107,479 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | M] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,155,936 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:15 | 020,521,787 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:15:03 | 021,412,620 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | M] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | M] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/31 08:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/26 17:26:25 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/20 08:58:27 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/05/20 05:59:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2012/06/17 12:28:16 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2012/06/12 15:48:46 | 000,338,127 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 06:05:57 | 000,000,000 | ---- | C] () -- C:\Documents
[2012/06/11 17:58:59 | 023,970,870 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:51:01 | 000,561,840 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/08 21:34:31 | 000,345,653 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/07 17:49:58 | 000,000,608 | ---- | C] () -- C:\clickmarker.gif
[2012/06/07 17:49:58 | 000,000,582 | ---- | C] () -- C:\waypoint_last.png
[2012/06/07 17:49:58 | 000,000,562 | ---- | C] () -- C:\waypoint.png
[2012/06/07 17:49:58 | 000,000,501 | ---- | C] () -- C:\waypoint_first.png
[2012/06/07 17:49:58 | 000,000,488 | ---- | C] () -- C:\waypoint_new.png
[2012/06/07 17:49:58 | 000,000,463 | ---- | C] () -- C:\waypoint_blue.png
[2012/06/03 21:05:25 | 000,247,579 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/02 19:18:09 | 001,506,304 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/01 18:20:11 | 136,754,960 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/05/31 14:45:06 | 000,002,200 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:05 | 000,237,734 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:03 | 000,702,847 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,107,479 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | C] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:38 | 000,155,936 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:08 | 020,521,787 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:14:59 | 021,412,620 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/24 20:56:28 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/24 12:54:38 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/05/21 12:15:49 | 000,016,992 | ---- | C] () -- C:\WINDOWS\GRPCONV.EX_
[2012/05/20 08:58:27 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/05/20 07:45:55 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/05/20 07:45:53 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/05/20 07:45:15 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/05/20 05:59:44 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Start Menu\Programs\Startup\Craftsman Software Update.lnk
[2012/05/01 10:46:58 | 000,143,398 | ---- | C] () -- C:\WINDOWS\System32\TelenorCom.dll
[2012/05/01 10:46:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TJPEGCodec.dll
[2012/03/24 09:40:47 | 000,000,726 | ---- | C] () -- C:\WINDOWS\TNE32.INI
[2012/02/16 00:35:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 11:01:54 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2_WIPE2012.ini
[2012/01/02 11:01:36 | 000,340,992 | ---- | C] () -- C:\WINDOWS\sqlite36_engine.dll
[2011/09/18 19:24:50 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/08/12 06:14:42 | 000,726,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1343024091-1177238915-682003330-1003-0.dat
[2011/08/11 01:32:52 | 000,182,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/13 23:55:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/27 08:04:51 | 000,340,992 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2011/01/04 16:50:47 | 000,000,308 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2011/01/04 16:48:05 | 000,000,301 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2011/01/04 16:48:05 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2011/01/04 16:47:45 | 000,002,762 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2011/01/04 16:47:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2010/12/20 23:28:57 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe
[2010/12/20 20:48:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/16 23:14:25 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2010/11/14 11:55:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/11/08 21:22:28 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Application Data\ViewerApp.dat
[2010/10/19 16:57:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/19 16:57:56 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/19 16:57:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/19 16:57:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/19 16:57:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 12:40:20 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Edited by 460jetboat, 20 June 2012 - 06:16 PM.

  • 0

#57
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ken,

...I went to the forum and checked tonight to see if you had replied and I had not received a notification email. My OTL.txt log was not there! Hmmmmm....Probably explains why you have not replied!
Anyway, here it is

The G2G board gremlins got you. They steal posts from time to time. :lol:

The OTL log shows that some of the nasties have returned. So we're gonna kill them again.
But first I want you to look in the Firefox Add-ons for an extension.

If your Firefox has the Firefox tab in the upper left corner of the browser click the down arrow and click Add-ons
If you Firefox has the Menu Bar, click Tools then click Add-ons
On the Add-ons page click Extensions in the left hand column and look for something like this [email protected], or anything strange like that.
If the extension is there click the Remove button to the right.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
2012/04/13 08:06:38 | 000,004,733 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KEN FOSTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OBEPGUJH.DEFAULT\EXTENSIONS\[email protected]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)

:FILES 
ipconfig /flushdns /c

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


I want to see if the Event Logs are being created now.


Step-2.

Posted Image OTL Scan

Please re-open OTL
  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the circle beside Use Safelist.<---Important
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.


Step-3.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step-4.

Things For Your Next Post:
1. The OTL Fixes log
2. The new OTL.txt log
3. The Extras.txt log
4. The Checkup.txt log
  • 0

#58
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Godawgs,

Nothing in Firefox, and I wouldn't object to deleting it. Don't ever use it.
I'm unable to open tool tab in IE8 to delete temp files.
I'd assume that a reload of IE8 would solve this, but will wait for your reply!
Ken

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Ken Foster\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ken Foster\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.CLONE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Emm's documents

User: Ken Foster
->Temp folder emptied: 2406527 bytes
->Temporary Internet Files folder emptied: 127537946 bytes
->FireFox cache emptied: 8518516 bytes
->Flash cache emptied: 470 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 81416 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: tndavis
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2327225 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 48361906 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 181.00 mb


OTL by OldTimer - Version 3.2.45.0 log created on 06212012_213635

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



OTL logfile created on: 6/21/2012 9:45:57 PM - Run 12
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Ken Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 18.35 Mb Available Physical Memory | 3.65% Memory free
1.20 Gb Paging File | 0.66 Gb Available in Paging File | 55.04% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 122.32 Gb Free Space | 65.66% Space Free | Partition Type: NTFS

Computer Name: CLONE | User Name: Ken Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/31 22:15:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
PRC - [2012/05/03 13:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/23 12:33:14 | 000,224,888 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/02/18 19:26:06 | 000,300,760 | ---- | M] (Abine Inc.) -- C:\Program Files\DoNotTrackPlus\PropertySync.exe
PRC - [2011/09/23 14:04:00 | 000,098,208 | ---- | M] (Craftsman Book Company) -- C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/07/15 16:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/06 13:41:06 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/05/04 16:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:26:11 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:25:38 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/17 18:26:14 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/17 18:17:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/17 18:16:56 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/04/12 03:12:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_87cec736\system.windows.forms.dll
MOD - [2012/03/24 09:27:11 | 000,222,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CbcCorLib\1.5.0.285__dc62ab6ce5358df9\CbcCorLib.dll
MOD - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/02/18 19:26:02 | 000,893,144 | ---- | M] () -- C:\Program Files\DoNotTrackPlus\ContentFilter.dll
MOD - [2012/02/18 19:26:00 | 000,250,072 | ---- | M] () -- C:\Program Files\DoNotTrackPlus\ButtonSite.dll
MOD - [2012/01/07 09:38:01 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df767a39\mscorlib.dll
MOD - [2012/01/07 09:37:38 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4fd16e16\system.xml.dll
MOD - [2012/01/07 09:37:14 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_643da891\system.dll
MOD - [2012/01/07 09:36:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/07 09:36:48 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010/03/04 04:02:41 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/03/04 04:02:36 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2010/03/03 12:53:12 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqusg\3.0.0.0__a53cf5803f4c3827\interop.hpqusg.dll
MOD - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2007/06/11 17:24:28 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\hppatusg01.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/05/23 08:02:00 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/04/08 17:09:26 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\WINDOWS\system32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/07/15 16:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2008/07/29 22:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 19:12:04 | 000,059,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/13 19:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 19:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [File_System | On_Demand | Stopped] -- System32\DRIVERS\srv.sys -- (Srv)
DRV - File not found [Kernel | System | Stopped] -- -- (Sfloppy)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Normandy)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KENFOS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/13 22:22:36 | 000,019,507 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sonypvl3.sys -- (sonypvl3)
DRV - [2009/07/15 16:43:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 10:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/12 14:27:00 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007/04/24 09:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007/02/09 15:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 15:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2004/12/06 15:26:16 | 000,423,454 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvt3.sys -- (sonypvt3)
DRV - [2004/11/15 14:55:14 | 000,619,390 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvf3.sys -- (sonypvf3)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003/03/31 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2003/03/31 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/17 07:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 07:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 07:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.inklineglobal.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {088AD4F2-2332-4A4A-BA83-B904BF0BE395}
IE - HKCU\..\SearchScopes\{088AD4F2-2332-4A4A-BA83-B904BF0BE395}: "URL" = https://startpage.co...anguage=english
IE - HKCU\..\SearchScopes\{09035B5D-896E-4E0F-AA58-B594AFB20D04}: "URL" = http://websearch.ask...06-23C1020D4831
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{B68193F6-AB45-431C-BB9A-3FA4853E6940}: "URL" = http://wiki.ross-tec...h={searchTerms}
IE - HKCU\..\SearchScopes\{F5F655E8-6661-4769-9952-6AE6EBFABC45}: "URL" = http://search.yahoo....0104,6901,0,8,0
IE - HKCU\..\SearchScopes\{F813F595-1DA6-4476-915D-E3C2FDF0B758}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/05/20 05:34:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 11:47:54 | 000,000,000 | ---D | M]

[2012/05/17 21:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ken Foster\Application Data\Mozilla\Extensions
[2012/06/21 21:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ken Foster\Application Data\Mozilla\Firefox\Profiles\obepgujh.default\extensions
[2012/06/16 10:30:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/16 10:30:12 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/04/13 08:06:38 | 000,004,733 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KEN FOSTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OBEPGUJH.DEFAULT\EXTENSIONS\[email protected]
[2012/05/20 05:34:34 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAM FILES\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/03 09:39:26 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/04/11 13:14:48 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.0\

O1 HOSTS File: ([2012/03/19 16:56:11 | 000,000,761 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ken Foster\Start Menu\Programs\Startup\Craftsman Software Update.lnk = C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Do Not Track Plus © Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.suppor...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1267413876265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1267511655031 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C69CF277-F133-496D-BE88-96A6C23FC59D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/07 15:56:27 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/19 04:53:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/06/17 12:25:14 | 002,592,800 | ---- | C] (Craftsman Book Company ) -- C:\Documents and Settings\Ken Foster\Desktop\2012_CSL_setup.exe
[2012/06/17 12:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\blekkotb_032
[2012/06/16 11:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/06/16 11:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2012/06/16 11:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2012/06/16 11:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/06/16 11:18:59 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/06/16 11:09:54 | 227,190,984 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\OfficeSTD.exe
[2012/06/16 10:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\blekkotb_019
[2012/06/16 10:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/06/16 10:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2012/06/16 09:24:31 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\FixitCenter_Run.exe
[2012/06/13 06:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\PCHealth
[2012/06/12 18:15:52 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/08 21:36:55 | 000,407,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ken Foster\Desktop\RectorDecryptor.exe
[2012/06/08 21:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor
[2012/06/07 17:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\My Documents\Tyre
[2012/06/05 18:15:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/03 21:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32
[2012/06/03 04:00:56 | 000,685,736 | ---- | C] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\RK_Quarantine
[2012/06/01 14:12:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 19:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/05/26 17:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\5-25 Dog Show
[2012/05/24 21:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/24 21:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\AVG Secure Search
[2012/05/24 21:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search

========== Files - Modified Within 30 Days ==========

[2012/06/21 21:49:44 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/21 21:40:34 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/21 21:40:23 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/21 21:40:12 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/21 21:39:52 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/21 21:39:45 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/21 21:39:45 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/21 21:39:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/21 21:35:03 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/21 21:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/21 12:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/06/21 02:11:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\PCRepairClinic_fullScan.job
[2012/06/20 12:57:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/17 21:08:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/17 12:43:39 | 000,215,524 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NCE.ubk
[2012/06/17 12:43:36 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wipe 2012.lnk
[2012/06/17 12:39:29 | 000,215,524 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NCE.SAV
[2012/06/17 12:28:16 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2012/06/17 12:25:14 | 002,592,800 | ---- | M] (Craftsman Book Company ) -- C:\Documents and Settings\Ken Foster\Desktop\2012_CSL_setup.exe
[2012/06/17 12:17:04 | 000,170,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/16 18:59:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/16 11:27:39 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/06/16 11:09:54 | 227,190,984 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\OfficeSTD.exe
[2012/06/16 09:24:33 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\FixitCenter_Run.exe
[2012/06/15 07:06:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/14 03:21:46 | 000,550,068 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 03:21:46 | 000,100,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 03:11:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/12 15:48:54 | 000,338,127 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 06:05:57 | 000,000,000 | ---- | M] () -- C:\Documents
[2012/06/11 18:00:26 | 023,970,870 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:53:35 | 000,561,840 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/08 21:34:31 | 000,345,653 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/07 19:54:22 | 000,198,144 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\BBG2.ptm
[2012/06/07 17:50:59 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tyre.lnk
[2012/06/03 21:05:25 | 000,247,579 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/03 04:00:56 | 000,685,736 | ---- | M] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:18:13 | 001,506,304 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/06/02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/06/02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/06/02 15:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/06/01 18:20:11 | 136,754,960 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/06/01 14:12:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 21:54:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/31 14:45:07 | 000,002,200 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:06 | 000,237,734 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:04 | 000,702,847 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,107,479 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | M] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,155,936 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:15 | 020,521,787 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:15:03 | 021,412,620 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | M] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | M] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/31 08:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/26 17:26:25 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/06/21 21:10:13 | 000,146,666 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NRR.ubk
[2012/06/17 12:28:16 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2012/06/12 15:48:46 | 000,338,127 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 06:05:57 | 000,000,000 | ---- | C] () -- C:\Documents
[2012/06/11 17:58:59 | 023,970,870 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:51:01 | 000,561,840 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/08 21:34:31 | 000,345,653 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/07 17:49:58 | 000,000,608 | ---- | C] () -- C:\clickmarker.gif
[2012/06/07 17:49:58 | 000,000,582 | ---- | C] () -- C:\waypoint_last.png
[2012/06/07 17:49:58 | 000,000,562 | ---- | C] () -- C:\waypoint.png
[2012/06/07 17:49:58 | 000,000,501 | ---- | C] () -- C:\waypoint_first.png
[2012/06/07 17:49:58 | 000,000,488 | ---- | C] () -- C:\waypoint_new.png
[2012/06/07 17:49:58 | 000,000,463 | ---- | C] () -- C:\waypoint_blue.png
[2012/06/03 21:05:25 | 000,247,579 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/02 19:18:09 | 001,506,304 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/01 18:20:11 | 136,754,960 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/05/31 14:45:06 | 000,002,200 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:05 | 000,237,734 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:03 | 000,702,847 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,107,479 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | C] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:38 | 000,155,936 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:08 | 020,521,787 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:14:59 | 021,412,620 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/24 20:56:28 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/24 12:54:38 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/05/01 10:46:58 | 000,143,398 | ---- | C] () -- C:\WINDOWS\System32\TelenorCom.dll
[2012/05/01 10:46:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TJPEGCodec.dll
[2012/03/24 09:40:47 | 000,000,726 | ---- | C] () -- C:\WINDOWS\TNE32.INI
[2012/02/16 00:35:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 11:01:54 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2_WIPE2012.ini
[2012/01/02 11:01:36 | 000,340,992 | ---- | C] () -- C:\WINDOWS\sqlite36_engine.dll
[2011/09/18 19:24:50 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/08/12 06:14:42 | 000,726,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1343024091-1177238915-682003330-1003-0.dat
[2011/08/11 01:32:52 | 000,182,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/13 23:55:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/27 08:04:51 | 000,340,992 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2011/01/04 16:50:47 | 000,000,308 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2011/01/04 16:48:05 | 000,000,301 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2011/01/04 16:48:05 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2011/01/04 16:47:45 | 000,002,762 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2011/01/04 16:47:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2010/12/20 23:28:57 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe
[2010/12/20 20:48:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/16 23:14:25 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2010/11/14 11:55:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/11/08 21:22:28 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Application Data\ViewerApp.dat
[2010/10/19 16:57:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/19 16:57:56 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/19 16:57:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/19 16:57:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/19 16:57:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 12:40:20 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Eusing Free Registry Cleaner
Java™ 6 Update 25
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 10.0.2 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````
  • 0

#59
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ken,

The last OTL scan should have produced an Extras.txt file. It should be on the desktop. I need you to post that.

When you click Tools on the IE Menu Bar do you get any error messages? Can you open the other Menu Bar items?

Please check the following folder for the [email protected] file:

C:\DOCUMENTS AND SETTINGS\KEN FOSTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OBEPGUJH.DEFAULT\EXTENSIONS

Let me know whether or nor the file is there.

What color is the little castle icon (for Microsoft Security Essentials) in the system tray? I'm asking because the Security Check shows this:

``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)

We can remove Firefox if you want. I'll want you to uninstall it and then completely remove all of the stragglers the uninstall process leaves on the system. Just let me know and I'll post the instructions.
  • 0

#60
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Godawgs;

Last night when I ran OTL the second time there was no Extras.txt produced. Thinking that I had screwed up and not seen it, I ran OTL again this morning. Again, no Extras.txt
Here is the log created this morning: (continued after log)

OTL logfile created on: 6/22/2012 6:22:46 AM - Run 13
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Ken Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 68.19 Mb Available Physical Memory | 13.55% Memory free
1.20 Gb Paging File | 0.74 Gb Available in Paging File | 61.65% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 122.26 Gb Free Space | 65.62% Space Free | Partition Type: NTFS

Computer Name: CLONE | User Name: Ken Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/31 22:15:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
PRC - [2012/05/03 13:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/23 12:33:14 | 000,224,888 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/02/18 19:26:06 | 000,300,760 | ---- | M] (Abine Inc.) -- C:\Program Files\DoNotTrackPlus\PropertySync.exe
PRC - [2011/09/23 14:04:00 | 000,098,208 | ---- | M] (Craftsman Book Company) -- C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/07/15 16:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/06 13:41:06 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/05/04 16:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:26:11 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:25:38 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/17 18:26:14 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/17 18:17:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/17 18:16:56 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/04/12 03:12:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_87cec736\system.windows.forms.dll
MOD - [2012/03/24 09:27:11 | 000,222,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CbcCorLib\1.5.0.285__dc62ab6ce5358df9\CbcCorLib.dll
MOD - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/02/18 19:26:02 | 000,893,144 | ---- | M] () -- C:\Program Files\DoNotTrackPlus\ContentFilter.dll
MOD - [2012/02/18 19:26:00 | 000,250,072 | ---- | M] () -- C:\Program Files\DoNotTrackPlus\ButtonSite.dll
MOD - [2012/01/07 09:38:01 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df767a39\mscorlib.dll
MOD - [2012/01/07 09:37:38 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4fd16e16\system.xml.dll
MOD - [2012/01/07 09:37:14 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_643da891\system.dll
MOD - [2012/01/07 09:36:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/07 09:36:48 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/03/04 04:02:41 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/03/04 04:02:36 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2010/03/03 12:53:12 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqusg\3.0.0.0__a53cf5803f4c3827\interop.hpqusg.dll
MOD - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/11 17:24:28 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\hppatusg01.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/05/23 08:02:00 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/04/08 17:09:26 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\WINDOWS\system32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/07/15 16:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2008/07/29 22:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 19:12:04 | 000,059,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/13 19:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 19:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [File_System | On_Demand | Stopped] -- System32\DRIVERS\srv.sys -- (Srv)
DRV - File not found [Kernel | System | Stopped] -- -- (Sfloppy)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Normandy)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KENFOS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/06/22 02:17:04 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE0F80B1-718D-4267-9BB9-66F68173327B}\MpKsl020e71f1.sys -- (MpKsl020e71f1)
DRV - [2010/11/13 22:22:36 | 000,019,507 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sonypvl3.sys -- (sonypvl3)
DRV - [2009/07/15 16:43:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 10:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/12 14:27:00 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007/04/24 09:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007/02/09 15:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 15:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2004/12/06 15:26:16 | 000,423,454 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvt3.sys -- (sonypvt3)
DRV - [2004/11/15 14:55:14 | 000,619,390 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvf3.sys -- (sonypvf3)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003/03/31 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2003/03/31 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/17 07:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 07:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 07:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.inklineglobal.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {088AD4F2-2332-4A4A-BA83-B904BF0BE395}
IE - HKCU\..\SearchScopes\{088AD4F2-2332-4A4A-BA83-B904BF0BE395}: "URL" = https://startpage.co...anguage=english
IE - HKCU\..\SearchScopes\{09035B5D-896E-4E0F-AA58-B594AFB20D04}: "URL" = http://websearch.ask...06-23C1020D4831
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{B68193F6-AB45-431C-BB9A-3FA4853E6940}: "URL" = http://wiki.ross-tec...h={searchTerms}
IE - HKCU\..\SearchScopes\{F5F655E8-6661-4769-9952-6AE6EBFABC45}: "URL" = http://search.yahoo....0104,6901,0,8,0
IE - HKCU\..\SearchScopes\{F813F595-1DA6-4476-915D-E3C2FDF0B758}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/05/20 05:34:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 11:47:54 | 000,000,000 | ---D | M]

[2012/05/17 21:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ken Foster\Application Data\Mozilla\Extensions
[2012/06/21 21:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ken Foster\Application Data\Mozilla\Firefox\Profiles\obepgujh.default\extensions
[2012/06/16 10:30:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/16 10:30:12 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/04/13 08:06:38 | 000,004,733 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KEN FOSTER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OBEPGUJH.DEFAULT\EXTENSIONS\[email protected]
[2012/05/20 05:34:34 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAM FILES\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/03 09:39:26 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/04/11 13:14:48 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.0\

O1 HOSTS File: ([2012/03/19 16:56:11 | 000,000,761 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ken Foster\Start Menu\Programs\Startup\Craftsman Software Update.lnk = C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Do Not Track Plus © Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.suppor...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1267413876265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1267511655031 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C69CF277-F133-496D-BE88-96A6C23FC59D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/07 15:56:27 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/19 04:53:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/06/17 12:25:14 | 002,592,800 | ---- | C] (Craftsman Book Company ) -- C:\Documents and Settings\Ken Foster\Desktop\2012_CSL_setup.exe
[2012/06/17 12:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\blekkotb_032
[2012/06/16 11:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/06/16 11:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2012/06/16 11:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2012/06/16 11:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/06/16 11:18:59 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/06/16 11:09:54 | 227,190,984 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\OfficeSTD.exe
[2012/06/16 10:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\blekkotb_019
[2012/06/16 10:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/06/16 10:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2012/06/16 09:24:31 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\FixitCenter_Run.exe
[2012/06/13 06:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\PCHealth
[2012/06/12 18:15:52 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/08 21:36:55 | 000,407,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ken Foster\Desktop\RectorDecryptor.exe
[2012/06/08 21:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor
[2012/06/07 17:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\My Documents\Tyre
[2012/06/05 18:15:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/03 21:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32
[2012/06/03 04:00:56 | 000,685,736 | ---- | C] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\RK_Quarantine
[2012/06/01 14:12:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 19:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/05/26 17:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\5-25 Dog Show
[2012/05/24 21:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/24 21:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\AVG Secure Search
[2012/05/24 21:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search

========== Files - Modified Within 30 Days ==========

[2012/06/22 06:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/22 05:35:01 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/22 02:11:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\PCRepairClinic_fullScan.job
[2012/06/22 02:07:38 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/21 21:54:08 | 000,881,475 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\SecurityCheck.exe
[2012/06/21 21:40:34 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/21 21:40:23 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/21 21:40:12 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/21 21:39:52 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/21 21:39:45 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/21 21:39:45 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/21 21:39:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/21 12:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/06/20 12:57:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/17 21:08:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/17 12:43:39 | 000,215,524 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NCE.ubk
[2012/06/17 12:43:36 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wipe 2012.lnk
[2012/06/17 12:39:29 | 000,215,524 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NCE.SAV
[2012/06/17 12:28:16 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2012/06/17 12:25:14 | 002,592,800 | ---- | M] (Craftsman Book Company ) -- C:\Documents and Settings\Ken Foster\Desktop\2012_CSL_setup.exe
[2012/06/17 12:17:04 | 000,170,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/16 18:59:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/16 11:27:39 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/06/16 11:09:54 | 227,190,984 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\OfficeSTD.exe
[2012/06/16 09:24:33 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\FixitCenter_Run.exe
[2012/06/15 07:06:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/14 03:21:46 | 000,550,068 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 03:21:46 | 000,100,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 03:11:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/12 15:48:54 | 000,338,127 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 06:05:57 | 000,000,000 | ---- | M] () -- C:\Documents
[2012/06/11 18:00:26 | 023,970,870 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:53:35 | 000,561,840 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/08 21:34:31 | 000,345,653 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/07 19:54:22 | 000,198,144 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\BBG2.ptm
[2012/06/07 17:50:59 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tyre.lnk
[2012/06/03 21:05:25 | 000,247,579 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/03 04:00:56 | 000,685,736 | ---- | M] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:18:13 | 001,506,304 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/06/02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/06/02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/06/02 15:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/06/01 18:20:11 | 136,754,960 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/06/01 14:12:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 21:54:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/31 14:45:07 | 000,002,200 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:06 | 000,237,734 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:04 | 000,702,847 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,107,479 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | M] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,155,936 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:15 | 020,521,787 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:15:03 | 021,412,620 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | M] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | M] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/31 08:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/26 17:26:25 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/06/21 21:54:03 | 000,881,475 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\SecurityCheck.exe
[2012/06/21 21:10:13 | 000,146,666 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NRR.ubk
[2012/06/17 12:28:16 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2012/06/12 15:48:46 | 000,338,127 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 06:05:57 | 000,000,000 | ---- | C] () -- C:\Documents
[2012/06/11 17:58:59 | 023,970,870 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:51:01 | 000,561,840 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/08 21:34:31 | 000,345,653 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/07 17:49:58 | 000,000,608 | ---- | C] () -- C:\clickmarker.gif
[2012/06/07 17:49:58 | 000,000,582 | ---- | C] () -- C:\waypoint_last.png
[2012/06/07 17:49:58 | 000,000,562 | ---- | C] () -- C:\waypoint.png
[2012/06/07 17:49:58 | 000,000,501 | ---- | C] () -- C:\waypoint_first.png
[2012/06/07 17:49:58 | 000,000,488 | ---- | C] () -- C:\waypoint_new.png
[2012/06/07 17:49:58 | 000,000,463 | ---- | C] () -- C:\waypoint_blue.png
[2012/06/03 21:05:25 | 000,247,579 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/02 19:18:09 | 001,506,304 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/01 18:20:11 | 136,754,960 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/05/31 14:45:06 | 000,002,200 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:05 | 000,237,734 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:03 | 000,702,847 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,107,479 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | C] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:38 | 000,155,936 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:08 | 020,521,787 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:14:59 | 021,412,620 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/24 20:56:28 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/24 12:54:38 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/05/01 10:46:58 | 000,143,398 | ---- | C] () -- C:\WINDOWS\System32\TelenorCom.dll
[2012/05/01 10:46:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TJPEGCodec.dll
[2012/03/24 09:40:47 | 000,000,726 | ---- | C] () -- C:\WINDOWS\TNE32.INI
[2012/02/16 00:35:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 11:01:54 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2_WIPE2012.ini
[2012/01/02 11:01:36 | 000,340,992 | ---- | C] () -- C:\WINDOWS\sqlite36_engine.dll
[2011/09/18 19:24:50 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/08/12 06:14:42 | 000,726,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1343024091-1177238915-682003330-1003-0.dat
[2011/08/11 01:32:52 | 000,182,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/13 23:55:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/27 08:04:51 | 000,340,992 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2011/01/04 16:50:47 | 000,000,308 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2011/01/04 16:48:05 | 000,000,301 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2011/01/04 16:48:05 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2011/01/04 16:47:45 | 000,002,762 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2011/01/04 16:47:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2010/12/20 23:28:57 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe
[2010/12/20 20:48:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/16 23:14:25 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2010/11/14 11:55:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/11/08 21:22:28 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Application Data\ViewerApp.dat
[2010/10/19 16:57:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/19 16:57:56 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/19 16:57:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/19 16:57:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/19 16:57:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 12:40:20 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

The Microsoft shield is yellow. I've tried to install updates four times in the last few days and it keeps telling me that Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370)could not be installed. Before running the OTL fix, there were 3 updates which could not be installed but as of this a.m. this is the only one.

If you don't mind go ahead and post the nstructions for removing Firefox.....

Also this a.m. the computer seems to be out of memory. when you minimize a window, it slowly disappears from top to bottom and then the desktop icons slowly re-appear.

KEn
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP