Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Files corrupted: .crypt [Solved]


  • This topic is locked This topic is locked

#61
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ken,

Well it looks like we have more work to do. Seems like every time we get one thing sorted out something else rears it's ugly head.

We'll get there.

Last night when I ran OTL the second time there was no Extras.txt produced. Thinking that I had screwed up and not seen it, I ran OTL again this morning. Again, no Extras.txt

I think you are missing a step when running the scan. In order to get the Extras.txt file you must click the radio button beside Use Safelist in the Extra Registry section of the main program window.

I've tried to install updates four times in the last few days and it keeps telling me that Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370)could not be installed. Before running the OTL fix, there were 3 updates which could not be installed but as of this a.m. this is the only one.

We will work on the Windows updates in due course.

The Microsoft shield is yellow.

OK, but before we address that let's check to see if the Real-time protection is working.
  • Click the yellow-orange icon in the system tray, then click Open
  • Click the Settings tab and click Real-time Protection in the column on the left.
  • Make sure the box beside Turn on real-time protection(Recommended) is checked. If it isn't click it then click the Save Changes button on the bottom of the page.

Now for the yellow-orange castle icon...

A yellow-orange icon means that MSSE has not been able to update its definition database or perform a quick scan for a few days. It might also mean that an upgrade to the program is available.
  • Open the program by clicking its icon and then selecting Open.
  • In case of no scanning done for some time, click the yellow-orange Scan now button and let the program scan the system.

    If an upgrade is available, you will see an Upgrade now button instead of a Scan now button. If you see the Upgrade now button:
  • Read the instructions here, then click the yellow-orange Upgrade now button to upgrade the program.

Also this a.m. the computer seems to be out of memory. when you minimize a window, it slowly disappears from top to bottom and then the desktop icons slowly re-appear.

It surprised that you haven't mentioned this before now. Maybe the malware was preventing processes from loading or programs from running at start up(though you don't have many), and now that the system is getting cleaned the memory problem is showing up.

This is the biggest cause for the memory problem:

503.29 Mb Total Physical Memory | 68.19 Mb Available Physical Memory | 13.55% Memory free

While XP will run on 512MB of RAM, it really needs 1GB. I would recommend that you install additional RAM.

Using the Crucial Memory Advisor

Memory manufacturer Crucial has put together an amazing website, combined with an optional system scanner tool that will detect the memory already installed in your computer the same way System Information for Windows does… It’s just not as geeky.

On their homepage, there’s the two options… if you’ve already figured out the memory you have installed, you can use the drop-down menus on the right to select your system.

Posted Image

They will give you some great information about what your computer can support, along with a list of questions and answers. Turns out I can upgrade to faster PC2-5300 memory if I wanted…
NOTE: Your computer's RAM may be different! This is just an example.

Posted Image

If you chose the system scanner route, you’ll be redirected to a web page showing you the current memory configuration, and what they recommend for upgrading, although they seem to give you less information on this screen.

Posted Image

Click the link below to go to the Advisor Page

Crucial Memory Manager

If you don't mind go ahead and post the nstructions for removing Firefox.....


Completely Uninstall FireFox

***Show Hidden Files/Folders before starting***

Close all open windows and browsers.
  • Click Start > Control Panel
  • Click Add/Remove Programs
  • In the list of installed programs find the following:
    • Mozilla Firefox 10.0.2
  • Right click on it and click Change/Remove
  • In the Mozilla Firefox Uninstall Wizard that opens, click Next
  • Put a check mark in the box that says Remove my Firefox personal data and click Uninstall
  • Click Finish
    Reboot the computer.
Delete the Firefox Installation directory located here, by default:
C:\Program Files\Mozilla Firefox

Delete the Firefox folder that contains temporary data ( *.mfl files, Cache and Updates),(if it exists), located here:
C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Mozilla\Firefox

Delete all of the C:\WINDOWS\Prefetch\FIREFOX* files


Let's try to repair the IE8 installation and see if that solves the problem:

Please go to this Microsoft Support page
Scroll down to the Let me fix it myself section and follow the instructions under Methods to follow for Internet Explorer 9, for Internet Explorer 8, and for Internet Explorer 7:
When you get to the Reset Internet Explorer Settings dialog box, click the box beside Delete Personal Settings, and then click Reset
You will have to renter your settings such as Home Page ect; after the reset.



After this is done I want you to get another OTL.txt log to make sure all Firefox entries are gone, and a Extras.txt log so I can see if the Event logs are being created. Read the directions carefully



Posted Image OTL Scan

Please re-open OTL
  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the radio button beside Use Safelist.<---VERY Important
  • Click the box beside LOP Check and Purity Check
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (The Desktop)
  • Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.


Things For Your Next Post:
1. Let me know if real-time protection is on in MSSE
2. Let me know if you were able to update / upgrade MSSE
3. Let me know how the Firefox uninstall went
5. Let me know if resetting IE8 solved the problem with the Tools tab
6. The new OTL.txt log
7. The Extras.txt log
  • 0

Advertisements


#62
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Godawgs,
First, I just want to say "thank you" again for all your help. I'm learning a lot in the process!

OK, My little "castle" never has turned red..it's been green the whole time. Realtime protection is still on, and it has been updating daily.
There are 9 trojans and viruses which have been quarantined :

VirTool:Win32/Obfuscator.ZA 6/20 6:22AM
Rogue:JS/FakePAV 6/10 12:40PM
Trojan:Win32/Meredrop 5/19 5:58AM
Trojan:Win32/Medfos.A 5/19 5:58AM
Trojan:Win32/Mofos.A 5/19 5:58a.m.
TrojanDownloader:Win32/Beebone 5/19 5:58a.m.
Exploit:Java/CVE-2012-0507 5/19 5:58AM
Rogue:Win32/Winwebsec 5/18 6:12 AM
Trojan:Win32/Waprox 5/17 8:27PM


Firefox is completly uninstalled - Thanks for posting instructions!

The IE8 fix did not work, as when I click on tools, internet options the window opens for about a half a second...only subliminally...then dissappears. I tried to re-download it, so it may work after finishing this reply and re-opening IE

Here are the OTL files;

OTL logfile created on: 6/22/2012 10:37:36 PM - Run 14
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Ken Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 205.89 Mb Available Physical Memory | 40.91% Memory free
1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.62% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 122.25 Gb Free Space | 65.62% Space Free | Partition Type: NTFS

Computer Name: CLONE | User Name: Ken Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/31 22:15:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
PRC - [2012/05/03 13:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/23 12:33:14 | 000,224,888 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/02/18 19:26:06 | 000,300,760 | ---- | M] (Abine Inc.) -- C:\Program Files\DoNotTrackPlus\PropertySync.exe
PRC - [2011/10/17 22:46:26 | 000,740,984 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft Download Manager\MSDownloadManager.exe
PRC - [2011/09/23 14:04:00 | 000,098,208 | ---- | M] (Craftsman Book Company) -- C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/07/15 16:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/06 13:41:06 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/05/04 16:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:26:11 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:25:38 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/17 18:26:14 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/17 18:17:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/17 18:16:56 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/04/12 03:12:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_87cec736\system.windows.forms.dll
MOD - [2012/03/24 09:27:11 | 000,222,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CbcCorLib\1.5.0.285__dc62ab6ce5358df9\CbcCorLib.dll
MOD - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/02/18 19:26:02 | 000,893,144 | ---- | M] () -- C:\Program Files\DoNotTrackPlus\ContentFilter.dll
MOD - [2012/02/18 19:26:00 | 000,250,072 | ---- | M] () -- C:\Program Files\DoNotTrackPlus\ButtonSite.dll
MOD - [2012/01/07 09:38:01 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df767a39\mscorlib.dll
MOD - [2012/01/07 09:37:38 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4fd16e16\system.xml.dll
MOD - [2012/01/07 09:37:14 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_643da891\system.dll
MOD - [2012/01/07 09:36:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/07 09:36:48 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010/03/04 04:02:41 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/03/04 04:02:36 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2010/03/03 12:53:12 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqusg\3.0.0.0__a53cf5803f4c3827\interop.hpqusg.dll
MOD - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2007/06/11 17:24:28 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\hppatusg01.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/05/23 08:02:00 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/04/08 17:09:26 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\WINDOWS\system32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/07/15 16:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2008/07/29 22:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 19:12:04 | 000,059,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/13 19:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 19:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [File_System | On_Demand | Stopped] -- System32\DRIVERS\srv.sys -- (Srv)
DRV - File not found [Kernel | System | Stopped] -- -- (Sfloppy)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Normandy)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KENFOS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/13 22:22:36 | 000,019,507 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sonypvl3.sys -- (sonypvl3)
DRV - [2009/07/15 16:43:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 10:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/12 14:27:00 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007/04/24 09:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007/02/09 15:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 15:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2004/12/06 15:26:16 | 000,423,454 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvt3.sys -- (sonypvt3)
DRV - [2004/11/15 14:55:14 | 000,619,390 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvf3.sys -- (sonypvf3)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003/03/31 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2003/03/31 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/17 07:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 07:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 07:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.inklineglobal.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {088AD4F2-2332-4A4A-BA83-B904BF0BE395}
IE - HKCU\..\SearchScopes\{088AD4F2-2332-4A4A-BA83-B904BF0BE395}: "URL" = https://startpage.co...anguage=english
IE - HKCU\..\SearchScopes\{09035B5D-896E-4E0F-AA58-B594AFB20D04}: "URL" = http://websearch.ask...06-23C1020D4831
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{B68193F6-AB45-431C-BB9A-3FA4853E6940}: "URL" = http://wiki.ross-tec...h={searchTerms}
IE - HKCU\..\SearchScopes\{F5F655E8-6661-4769-9952-6AE6EBFABC45}: "URL" = http://search.yahoo....0104,6901,0,8,0
IE - HKCU\..\SearchScopes\{F813F595-1DA6-4476-915D-E3C2FDF0B758}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/06/22 22:28:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/05/20 05:34:34 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.0\

O1 HOSTS File: ([2012/03/19 16:56:11 | 000,000,761 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ken Foster\Start Menu\Programs\Startup\Craftsman Software Update.lnk = C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Do Not Track Plus © Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.suppor...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1267413876265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1267511655031 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C69CF277-F133-496D-BE88-96A6C23FC59D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/07 15:56:27 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 22:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\My Documents\My Downloads
[2012/06/22 22:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2012/06/22 22:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2012/06/19 04:53:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/06/17 12:25:14 | 002,592,800 | ---- | C] (Craftsman Book Company ) -- C:\Documents and Settings\Ken Foster\Desktop\2012_CSL_setup.exe
[2012/06/17 12:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\blekkotb_032
[2012/06/16 11:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/06/16 11:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2012/06/16 11:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2012/06/16 11:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/06/16 11:18:59 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/06/16 11:09:54 | 227,190,984 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\OfficeSTD.exe
[2012/06/16 10:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\blekkotb_019
[2012/06/16 10:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/06/16 10:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2012/06/16 09:24:31 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\FixitCenter_Run.exe
[2012/06/13 06:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\PCHealth
[2012/06/12 18:15:52 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/08 21:36:55 | 000,407,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ken Foster\Desktop\RectorDecryptor.exe
[2012/06/08 21:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor
[2012/06/07 17:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\My Documents\Tyre
[2012/06/05 18:15:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/03 21:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32
[2012/06/03 04:00:56 | 000,685,736 | ---- | C] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\RK_Quarantine
[2012/06/01 14:12:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 19:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/05/26 17:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\5-25 Dog Show
[2012/05/24 21:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/24 21:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\AVG Secure Search
[2012/05/24 21:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search

========== Files - Modified Within 30 Days ==========

[2012/06/22 22:35:05 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/22 22:28:43 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/22 22:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/22 22:12:38 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/22 22:03:58 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/22 22:03:52 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/22 22:03:50 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/22 22:02:45 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/22 22:02:38 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/22 22:02:37 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/22 22:02:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/22 12:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/06/22 07:06:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/22 02:11:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\PCRepairClinic_fullScan.job
[2012/06/21 21:54:08 | 000,881,475 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\SecurityCheck.exe
[2012/06/20 12:57:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/17 21:08:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/17 12:43:39 | 000,215,524 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NCE.ubk
[2012/06/17 12:43:36 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wipe 2012.lnk
[2012/06/17 12:39:29 | 000,215,524 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NCE.SAV
[2012/06/17 12:28:16 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2012/06/17 12:25:14 | 002,592,800 | ---- | M] (Craftsman Book Company ) -- C:\Documents and Settings\Ken Foster\Desktop\2012_CSL_setup.exe
[2012/06/17 12:17:04 | 000,170,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/16 18:59:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/16 11:27:39 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/06/16 11:09:54 | 227,190,984 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\OfficeSTD.exe
[2012/06/16 09:24:33 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\FixitCenter_Run.exe
[2012/06/14 03:21:46 | 000,550,068 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 03:21:46 | 000,100,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 03:11:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/12 15:48:54 | 000,338,127 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 06:05:57 | 000,000,000 | ---- | M] () -- C:\Documents
[2012/06/11 18:00:26 | 023,970,870 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:53:35 | 000,561,840 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/08 21:34:31 | 000,345,653 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/07 19:54:22 | 000,198,144 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\BBG2.ptm
[2012/06/07 17:50:59 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tyre.lnk
[2012/06/03 21:05:25 | 000,247,579 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/03 04:00:56 | 000,685,736 | ---- | M] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:18:13 | 001,506,304 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/06/02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/06/02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/06/02 15:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/06/01 18:20:11 | 136,754,960 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/06/01 14:12:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 21:54:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/31 14:45:07 | 000,002,200 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:06 | 000,237,734 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:04 | 000,702,847 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,107,479 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | M] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,155,936 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:15 | 020,521,787 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:15:03 | 021,412,620 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | M] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | M] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/31 08:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/26 17:26:25 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/06/22 22:28:43 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/21 21:54:03 | 000,881,475 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\SecurityCheck.exe
[2012/06/21 21:10:13 | 000,146,666 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NRR.ubk
[2012/06/17 12:28:16 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2012/06/12 15:48:46 | 000,338,127 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 06:05:57 | 000,000,000 | ---- | C] () -- C:\Documents
[2012/06/11 17:58:59 | 023,970,870 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:51:01 | 000,561,840 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/08 21:34:31 | 000,345,653 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/07 17:49:58 | 000,000,608 | ---- | C] () -- C:\clickmarker.gif
[2012/06/07 17:49:58 | 000,000,582 | ---- | C] () -- C:\waypoint_last.png
[2012/06/07 17:49:58 | 000,000,562 | ---- | C] () -- C:\waypoint.png
[2012/06/07 17:49:58 | 000,000,501 | ---- | C] () -- C:\waypoint_first.png
[2012/06/07 17:49:58 | 000,000,488 | ---- | C] () -- C:\waypoint_new.png
[2012/06/07 17:49:58 | 000,000,463 | ---- | C] () -- C:\waypoint_blue.png
[2012/06/03 21:05:25 | 000,247,579 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/02 19:18:09 | 001,506,304 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/01 18:20:11 | 136,754,960 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/05/31 14:45:06 | 000,002,200 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:05 | 000,237,734 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:03 | 000,702,847 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,107,479 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | C] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:38 | 000,155,936 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:08 | 020,521,787 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:14:59 | 021,412,620 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/24 20:56:28 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/24 12:54:38 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/05/01 10:46:58 | 000,143,398 | ---- | C] () -- C:\WINDOWS\System32\TelenorCom.dll
[2012/05/01 10:46:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TJPEGCodec.dll
[2012/03/24 09:40:47 | 000,000,726 | ---- | C] () -- C:\WINDOWS\TNE32.INI
[2012/02/16 00:35:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 11:01:54 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2_WIPE2012.ini
[2012/01/02 11:01:36 | 000,340,992 | ---- | C] () -- C:\WINDOWS\sqlite36_engine.dll
[2011/09/18 19:24:50 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/08/12 06:14:42 | 000,726,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1343024091-1177238915-682003330-1003-0.dat
[2011/08/11 01:32:52 | 000,182,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/13 23:55:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/27 08:04:51 | 000,340,992 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2011/01/04 16:50:47 | 000,000,308 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2011/01/04 16:48:05 | 000,000,301 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2011/01/04 16:48:05 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2011/01/04 16:47:45 | 000,002,762 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2011/01/04 16:47:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2010/12/20 23:28:57 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe
[2010/12/20 20:48:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/16 23:14:25 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2010/11/14 11:55:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/11/08 21:22:28 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Application Data\ViewerApp.dat
[2010/10/19 16:57:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/19 16:57:56 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/19 16:57:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/19 16:57:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/19 16:57:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 12:40:20 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2.ini

========== LOP Check ==========

[2012/06/16 10:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2012/05/24 21:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/04/30 13:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/06/17 11:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/04/11 13:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/05/08 08:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/24 09:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Craftsman
[2012/01/07 08:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Doctor Web
[2012/05/17 08:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D5618A014E2B7F00006387D151FC4E
[2012/05/31 19:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/02/19 20:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/04/05 11:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gGh06511jJpPm06511
[2011/11/18 23:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\inKline Global
[2012/05/18 06:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/01/17 06:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2010/12/20 21:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/01/21 09:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Unleashed Online
[2011/03/01 13:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pFfBoGc06511
[2012/05/17 21:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/05/03 17:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2012/05/31 21:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/03/04 23:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/07 17:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tyre
[2010/07/13 14:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wick Building Systems
[2012/01/26 11:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/05/24 21:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\AVG Secure Search
[2012/06/16 10:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\blekkotb_019
[2010/04/13 09:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/12 15:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\Del Rey
[2010/03/02 00:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\DisplayTune
[2012/05/31 16:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\DriverCure
[2011/08/31 07:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\ElevatedDiagnostics
[2011/03/27 14:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\ErrorExpert
[2012/05/24 12:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\FixCleaner
[2012/05/31 16:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\FreeFLVConverter
[2011/08/10 21:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\GARMIN
[2010/12/20 12:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\GetRightToGo
[2010/03/16 22:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\ieSpell
[2011/10/26 21:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\iolo
[2010/03/03 00:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\OpenOffice.org
[2011/01/17 14:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\Oracle
[2012/01/21 09:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\PC Unleashed Online
[2012/04/11 13:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\RPPrivate
[2012/04/11 13:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\searchquband
[2010/12/22 08:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\SoftMaker
[2012/04/11 13:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\SpeedyPC Software
[2012/06/08 21:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\Tyre
[2010/04/06 15:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\Wick Building Systems
[2012/06/21 22:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\WIPE2012
[2010/12/04 18:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\wsInspector
[2012/06/22 12:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\FixCleaner Scan.job
[2012/06/22 02:11:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\PCRepairClinic_fullScan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 6/22/2012 10:37:36 PM - Run 14
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Ken Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 205.89 Mb Available Physical Memory | 40.91% Memory free
1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.62% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 122.25 Gb Free Space | 65.62% Space Free | Partition Type: NTFS

Computer Name: CLONE | User Name: Ken Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0B2D57D5-8BFD-4554-A9B6-CC8CC0580F1D}" = RealDownloader
"{0B8E3545-85F7-4146-9F1D-F4C99E0ECB4E}" = 2012 National Renovation and Insurance Repair Estimator
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{26ED855F-2744-4610-A897-28213766B6CC}" = 2012 National Concrete and Masonry Estimator
"{2722B882-AADE-45AB-93A6-E2DCAEEA8D65}" = Image Data Converter
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{299645D8-CD11-4855-89A3-7485552011E7}" = 2012 National Painting Cost Estimator
"{32C32B46-41C3-438F-94F6-55FE150D50D8}" = ImageMixer EasyStepDVD
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35495A1B-B920-4F7E-84AD-9D42B9E8D1FF}" = The National Estimator
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40B9B3E3-05DA-4EDF-B1B0-3D9042D6CFB6}" = 2012 National Earthwork and Heavy Equipment Estimator
"{41D8E846-F259-4D80-B1E5-AE3AFA919293}" = 2012 National Electrical Estimator
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50717EBF-BF3A-43E5-8D32-037750502E56}" = 2012 National Framing and Finish Carpentry Estimator
"{587F94F4-D4B1-459E-8224-502D8A35171A}" = 2012 National Repair and Remodeling Estimator
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{76CF2560-DA37-4BD5-AE23-EAF550E44C44}" = 2012 Site License Download
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper
"{968931E3-03C7-4593-895B-EF2B6B68C613}" = 2012 National Home Improvement Estimator
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A360821C-6B51-4EE4-A7E5-5E14B15004CD}" = Sony DVD Handycam USB Driver 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BE18FDC3-7E2E-4DE5-B471-DB74491768F2}" = Nextiva Codec
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C14CB40F-1FD0-4E6D-A225-298D6E0E3613}" = 2012 National Construction Estimator
"{C6E44C01-0DF8-465D-A6C0-F8B1159CBBB1}" = Garmin Communicator Plugin
"{C82185E8-C27B-4EF4-2009-1111BC2C2B6D}" = Microsoft MapPoint North America 2009
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D363FD63-5EC5-49B7-A359-97A9CA4789A3}" = 2012 National Heavy Construction Estimator
"{E115C6A3-CE5E-465E-9851-914EC2CCDE1B}" = 2012 National Plumbing and HVAC Estimator
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip 9.20" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Do Not Track Plus Add-on_is1" = Do Not Track Plus Add-on 1.0.5403.0218
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Eusing Free Registry Defrag" = Eusing Free Registry Defrag
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MGI_PHOTOSUITE_V806" = MGI PhotoSuite 8.1 (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NirSoft IPNetInfo" = NirSoft IPNetInfo
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Security Task Manager" = Security Task Manager 1.8d
"TextMaker Viewer" = TextMaker Viewer
"Tyre_is1" = Tyre
"VLC media player" = VLC media player 2.0.1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wipe 2012" = Wipe 2012.08
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2012 8:02:42 PM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =

Error - 6/21/2012 4:01:16 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/21/2012 4:01:17 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error - 6/21/2012 4:01:23 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =

Error - 6/22/2012 4:01:24 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/22/2012 4:01:25 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error - 6/22/2012 4:01:29 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =

Error - 6/22/2012 7:34:43 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/22/2012 7:34:44 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\KENFOS~1\LOCALS~1\Temp\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error - 6/22/2012 7:34:47 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =

[ Application Events ]
Error - 6/20/2012 8:02:42 PM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =

Error - 6/21/2012 4:01:16 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/21/2012 4:01:17 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error - 6/21/2012 4:01:23 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =

Error - 6/22/2012 4:01:24 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/22/2012 4:01:25 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error - 6/22/2012 4:01:29 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =

Error - 6/22/2012 7:34:43 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/22/2012 7:34:44 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\KENFOS~1\LOCALS~1\Temp\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error - 6/22/2012 7:34:47 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =

[ Application Events ]
Error - 6/20/2012 8:02:42 PM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =

Error - 6/21/2012 4:01:16 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/21/2012 4:01:17 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error - 6/21/2012 4:01:23 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =

Error - 6/22/2012 4:01:24 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/22/2012 4:01:25 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error - 6/22/2012 4:01:29 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =

Error - 6/22/2012 7:34:43 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/22/2012 7:34:44 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\KENFOS~1\LOCALS~1\Temp\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error - 6/22/2012 7:34:47 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =

[ System Events ]
Error - 6/21/2012 10:40:03 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The Bing Bar Update Service service failed to start due to the following
error: %%3

Error - 6/21/2012 10:40:04 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The BBUpdate service failed to start due to the following error: %%3

Error - 6/21/2012 10:40:04 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%2

Error - 6/21/2012 10:40:04 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%2

Error - 6/22/2012 4:06:17 AM | Computer Name = CLONE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

Error - 6/22/2012 7:34:52 AM | Computer Name = CLONE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The Bing Bar Update Service service failed to start due to the following
error: %%3

Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The BBUpdate service failed to start due to the following error: %%3

Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%2

Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%2

[ System Events ]
Error - 6/21/2012 10:40:03 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The Bing Bar Update Service service failed to start due to the following
error: %%3

Error - 6/21/2012 10:40:04 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The BBUpdate service failed to start due to the following error: %%3

Error - 6/21/2012 10:40:04 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%2

Error - 6/21/2012 10:40:04 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%2

Error - 6/22/2012 4:06:17 AM | Computer Name = CLONE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

Error - 6/22/2012 7:34:52 AM | Computer Name = CLONE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The Bing Bar Update Service service failed to start due to the following
error: %%3

Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The BBUpdate service failed to start due to the following error: %%3

Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%2

Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%2


< End of report >


Update still will not work, and I still am unable to open IE8/tools/internet options

Edited by 460jetboat, 22 June 2012 - 09:51 PM.

  • 0

#63
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ken,

There is gonna be a lot to do in this post so let's get to it.


Godawgs,
First, I just want to say "thank you" again for all your help.

And believe it or not, you're still welcome.

OK, My little "castle" never has turned red..it's been green the whole time. Realtime protection is still on, and it has been updating daily.

HUH? :huh: In post #60, you said it was yellow. Is this getting to you? :lol: That's what I was addressing. Anyway I'm glad it's all good now.

There are 9 trojans and viruses which have been quarantined :

VirTool:Win32/Obfuscator.ZA 6/20 6:22AM
Rogue:JS/FakePAV 6/10 12:40PM
Trojan:Win32/Meredrop 5/19 5:58AM
Trojan:Win32/Medfos.A 5/19 5:58AM
Trojan:Win32/Mofos.A 5/19 5:58a.m.
TrojanDownloader:Win32/Beebone 5/19 5:58a.m.
Exploit:Java/CVE-2012-0507 5/19 5:58AM
Rogue:Win32/Winwebsec 5/18 6:12 AM
Trojan:Win32/Waprox 5/17 8:27PM

You can go ahead and delete them from the quarantine page if you want to.

Firefox is completly uninstalled - Thanks for posting instructions!

My pleasure.

The IE8 fix did not work, as when I click on tools, internet options the window opens for about a half a second...only subliminally...then dissappears...and I still am unable to open IE8/tools/internet options

Yep, looks like we're gonna need to re-install IE8.

Update still will not work,

And we're gonna tackle this obstacle!

The good news is that the Windows Event logs are being generated now.
We are gonna run another OTL fix to clean up the Firefox remnants still showing then we'll do the rest.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:COMMANDS
[CREATERESTOREPOINT]

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/06/22 22:28:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/05/20 05:34:34 | 000,000,000 | ---D | M]
[2011/03/01 13:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pFfBoGc06511
[2012/01/26 11:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-2.

Uninstall and re-install Internet Explorer 8

Go to this Microsoft download page and download Internet Explorer 8. Save it to the desktop.

When you remove Internet Explorer 8, your previous version of Internet Explorer will be restored. For example, if you upgraded Internet Explorer 6 to IE8, you will wind up with Internet Explorer 6 after you remove Internet Explorer 8.

  • Click Start > Control Panel > Add or Remove programs

    Posted Image
  • Once Add or Remove programs opens, scroll down the list until you see Windows Internet Explorer 8 as you see in the example below:

    Posted Image
  • Click on the words Windows Internet Explorer 8 and you will see a Remove button appear as you can see below:

    Posted Image
  • After you click on the Remove button, you will be brought to a screen like the one below. From here, all you need to do is click on Next. This will start the removal process.

    Posted Image
  • The removal process lists applications that were installed after Internet Explorer 8 was installed. Sometimes applications rely on Internet Explorer for functionality. This warns us that we may have problems with these applications after the uninstall is complete. Don’t worry, we will be reinstalling it when we are done! Go ahead and click on Yes to continue.

    Posted Image
  • You will see file copying going on, followed by 4 removal steps. The computer will run through each of them until IE8 has been uninstalled and replaced with an older version.

    Posted Image
  • When it is done you will see a Finish button. Clicking on Finish will restart your computer.

    Posted Image
  • After restarting your machine, you will have your previous version of IE installed.
  • Make sure all windows are closed then double click the IE8-WindowsXP-x86-ENU.exe file on the desktop to start the installation of IE8.


Step-3.

Windows Updates and the Dot Net problem

Click on this Microsoft download link and click the Download button to download the Microsoft .NET Framework 1.1 Service Pack 1 file and save it on the desktop.

Close all open windows and double click the NDP1.1sp1-KB867460-X86.exe file to install the service pack. Make sure you select Yes when it indicates it is already installed and asks if you want to reinstall.

Now try the KB2656370 update again.


Step-4.

Things For Your Next Post:
1. The OTL fixes log
2. The new OTL.txt log....there won't be an Extras.txt log this time
3. Let me know how the other things went.
  • 0

#64
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Okay, when we are in the middle of the IE8 uninstall it is unable to find ieakmmc.chm and asks me to direct it to the file on my computer.
Trouble is, upon doing a search for this file, it seems to return many files by this name, however they are all crypt files.
I'm unable to continue with the un-install.

What say you Guru?

I went to Best buy today, and bought a 1G stick of memory...works much better now. Thanks!

I had never noticed that the little thing was a castle! What I was refering to was the little shield telling you there were updates ready to install.
See what you get dealing with ol timers?? :)

Ken

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service BBUpdate stopped successfully!
Service BBUpdate deleted successfully!
File C:\Program Files\Microsoft\BingBar\SeaPort.EXE not found.
Service BBSvc stopped successfully!
Service BBSvc deleted successfully!
File C:\Program Files\Microsoft\BingBar\BBSvc.EXE not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@garmin.com/GpsControl\ deleted successfully.
C:\Program Files\Garmin GPS Plugin\npGarmin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1\ deleted successfully.
Item C:\WINDOWS\ is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5\ deleted successfully.
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.1.0\ deleted successfully.
C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.1.0\ deleted successfully.
C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1\ deleted successfully.
C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1\ deleted successfully.
C:\Program Files\VideoLAN\VLC\npvlc.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ deleted successfully.
C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ not found.
Folder C:\Documents and Settings\All Users\Application Data\pFfBoGc06511\ not found.
C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.CLONE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Emm's documents

User: Ken Foster
->Temp folder emptied: 2421972 bytes
->Temporary Internet Files folder emptied: 82134077 bytes
->Flash cache emptied: 470 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 18630 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: tndavis
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2347753 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 31135 bytes

Total Files Cleaned = 83.00 mb


OTL by OldTimer - Version 3.2.45.0 log created on 06232012_125451

Files\Folders moved on Reboot...
C:\Documents and Settings\Ken Foster\Local Settings\Temporary Internet Files\Content.IE5\IF02ZDIL\page__pid__2170490__st__60[1].txt moved successfully.

Registry entries deleted on Reboot...

Edited by 460jetboat, 23 June 2012 - 12:23 PM.

  • 0

#65
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I went to Best buy today, and bought a 1G stick of memory...works much better now. Thanks!

You betcha.

I had never noticed that the little thing was a castle!

OK, let's call it a house with a flag on top :woot:

See what you get dealing with ol timers?? :)

Yep, I know exactly what you get......cause I'm in that demographic :rofl:


Let's do an OTL custom scan and see if we can find any good ieakmmc.chm files.

I have changed the settings a bit so read them carefully.


Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
/md5start
ieakmmc.chm
/md5stop

2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Make sure the Output box at the top is set to Minimal Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Post the OTL.txt log in your next reply.
  • 0

#66
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Ok, here ya go. Could it be possible that all of these crypt files are just set to read only, rather than being incrypted?
Ken

OTL logfile created on: 6/23/2012 3:24:21 PM - Run 15
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Ken Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.29 Mb Total Physical Memory | 501.56 Mb Available Physical Memory | 49.40% Memory free
1.64 Gb Paging File | 1.25 Gb Available in Paging File | 76.44% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 122.20 Gb Free Space | 65.59% Space Free | Partition Type: NTFS

Computer Name: CLONE | User Name: Ken Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ken Foster\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\DoNotTrackPlus\PropertySync.exe (Abine Inc.)
PRC - C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_87cec736\system.windows.forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CbcCorLib\1.5.0.285__dc62ab6ce5358df9\CbcCorLib.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Program Files\DoNotTrackPlus\ContentFilter.dll ()
MOD - C:\Program Files\DoNotTrackPlus\ButtonSite.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df767a39\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4fd16e16\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_643da891\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll ()
MOD - c:\windows\assembly\gac\interop.hpqusg\3.0.0.0__a53cf5803f4c3827\interop.hpqusg.dll ()
MOD - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
MOD - C:\WINDOWS\system32\hppatusg01.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (PuranDefrag) -- C:\WINDOWS\system32\PuranDefragS.exe (Puran Software)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (RemoteRegistry) -- C:\WINDOWS\system32\regsvc.dll (Microsoft Corporation)
SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) WAN Miniport (ATW) -- System32\DRIVERS\wanatw4.sys File not found
DRV - (Srv) -- System32\DRIVERS\srv.sys File not found
DRV - (Sfloppy) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (Normandy) -- File not found
DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found
DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\KENFOS~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (sonypvl3) -- C:\WINDOWS\System32\drivers\sonypvl3.sys (Sony Corporation)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys (Microsoft Corporation)
DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Microsoft Corporation)
DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (pdiddcci) -- C:\WINDOWS\system32\drivers\pdiddcci.sys (Portrait Displays, Inc.)
DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\WINDOWS\system32\drivers\s125bus.sys (MCCI Corporation)
DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.)
DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.)
DRV - (sonypvt3) -- C:\WINDOWS\System32\drivers\sonypvt3.sys (Sony Corporation)
DRV - (sonypvf3) -- C:\WINDOWS\System32\drivers\sonypvf3.sys (Sony Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (WS2IFSL) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.inklineglobal.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.inklineglobal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {088AD4F2-2332-4A4A-BA83-B904BF0BE395}
IE - HKCU\..\SearchScopes\{088AD4F2-2332-4A4A-BA83-B904BF0BE395}: "URL" = https://startpage.co...anguage=english
IE - HKCU\..\SearchScopes\{09035B5D-896E-4E0F-AA58-B594AFB20D04}: "URL" = http://websearch.ask...06-23C1020D4831
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{B68193F6-AB45-431C-BB9A-3FA4853E6940}: "URL" = http://wiki.ross-tec...h={searchTerms}
IE - HKCU\..\SearchScopes\{F5F655E8-6661-4769-9952-6AE6EBFABC45}: "URL" = http://search.yahoo....0104,6901,0,8,0
IE - HKCU\..\SearchScopes\{F813F595-1DA6-4476-915D-E3C2FDF0B758}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/05/20 05:34:34 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.0\

O1 HOSTS File: ([2012/03/19 16:56:11 | 000,000,761 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ken Foster\Start Menu\Programs\Startup\Craftsman Software Update.lnk = C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Do Not Track Plus © Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.suppor...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1267413876265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1267511655031 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C69CF277-F133-496D-BE88-96A6C23FC59D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/07 15:56:27 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 13:01:52 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\IE8-WindowsXP-x86-ENU.exe
[2012/06/22 22:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\My Documents\My Downloads
[2012/06/22 22:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2012/06/22 22:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2012/06/19 04:53:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/06/17 12:25:14 | 002,592,800 | ---- | C] (Craftsman Book Company ) -- C:\Documents and Settings\Ken Foster\Desktop\2012_CSL_setup.exe
[2012/06/17 12:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\blekkotb_032
[2012/06/16 11:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/06/16 11:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2012/06/16 11:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2012/06/16 11:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/06/16 11:18:59 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/06/16 11:09:54 | 227,190,984 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\OfficeSTD.exe
[2012/06/16 10:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\blekkotb_019
[2012/06/16 10:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/06/16 10:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2012/06/16 09:24:31 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\FixitCenter_Run.exe
[2012/06/13 06:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\PCHealth
[2012/06/12 18:15:52 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/08 21:36:55 | 000,407,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ken Foster\Desktop\RectorDecryptor.exe
[2012/06/08 21:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor
[2012/06/07 17:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\My Documents\Tyre
[2012/06/05 18:15:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/03 21:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32
[2012/06/03 04:00:56 | 000,685,736 | ---- | C] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\RK_Quarantine
[2012/06/01 14:12:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 19:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/05/26 17:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\5-25 Dog Show
[2012/05/24 21:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/24 21:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\AVG Secure Search
[2012/05/24 21:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[72 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/23 15:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/23 14:35:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/23 13:35:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/23 13:07:15 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/23 13:04:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/23 13:01:51 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\IE8-WindowsXP-x86-ENU.exe
[2012/06/23 12:57:42 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/23 12:57:37 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/23 12:57:32 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/23 12:57:31 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/23 12:57:31 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/23 12:57:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/23 02:11:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\PCRepairClinic_fullScan.job
[2012/06/22 22:28:43 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/22 12:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/06/22 07:06:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/21 21:54:08 | 000,881,475 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\SecurityCheck.exe
[2012/06/20 12:57:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/17 21:08:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/17 12:43:39 | 000,215,524 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NCE.ubk
[2012/06/17 12:43:36 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wipe 2012.lnk
[2012/06/17 12:39:29 | 000,215,524 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NCE.SAV
[2012/06/17 12:28:16 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2012/06/17 12:25:14 | 002,592,800 | ---- | M] (Craftsman Book Company ) -- C:\Documents and Settings\Ken Foster\Desktop\2012_CSL_setup.exe
[2012/06/17 12:17:04 | 000,170,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/16 18:59:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/16 11:27:39 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/06/16 11:09:54 | 227,190,984 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\OfficeSTD.exe
[2012/06/16 09:24:33 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\FixitCenter_Run.exe
[2012/06/14 03:21:46 | 000,550,068 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 03:21:46 | 000,100,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/12 15:48:54 | 000,338,127 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 06:05:57 | 000,000,000 | ---- | M] () -- C:\Documents
[2012/06/11 18:00:26 | 023,970,870 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:53:35 | 000,561,840 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/08 21:34:31 | 000,345,653 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/07 19:54:22 | 000,198,144 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\BBG2.ptm
[2012/06/07 17:50:59 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tyre.lnk
[2012/06/03 21:05:25 | 000,247,579 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/03 04:00:56 | 000,685,736 | ---- | M] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:18:13 | 001,506,304 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/06/02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/06/02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/06/02 15:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/06/01 18:20:11 | 136,754,960 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/06/01 14:12:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 21:54:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/31 14:45:07 | 000,002,200 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:06 | 000,237,734 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:04 | 000,702,847 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,107,479 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | M] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,155,936 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:15 | 020,521,787 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:15:03 | 021,412,620 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | M] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | M] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/31 08:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/26 17:26:25 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[72 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/22 22:28:43 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/21 21:54:03 | 000,881,475 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\SecurityCheck.exe
[2012/06/21 21:10:13 | 000,146,666 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NRR.ubk
[2012/06/17 12:28:16 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2012/06/12 15:48:46 | 000,338,127 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 06:05:57 | 000,000,000 | ---- | C] () -- C:\Documents
[2012/06/11 17:58:59 | 023,970,870 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:51:01 | 000,561,840 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/08 21:34:31 | 000,345,653 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/07 17:49:58 | 000,000,608 | ---- | C] () -- C:\clickmarker.gif
[2012/06/07 17:49:58 | 000,000,582 | ---- | C] () -- C:\waypoint_last.png
[2012/06/07 17:49:58 | 000,000,562 | ---- | C] () -- C:\waypoint.png
[2012/06/07 17:49:58 | 000,000,501 | ---- | C] () -- C:\waypoint_first.png
[2012/06/07 17:49:58 | 000,000,488 | ---- | C] () -- C:\waypoint_new.png
[2012/06/07 17:49:58 | 000,000,463 | ---- | C] () -- C:\waypoint_blue.png
[2012/06/03 21:05:25 | 000,247,579 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/02 19:18:09 | 001,506,304 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/01 18:20:11 | 136,754,960 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/05/31 14:45:06 | 000,002,200 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:05 | 000,237,734 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:03 | 000,702,847 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,107,479 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | C] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:38 | 000,155,936 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:08 | 020,521,787 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:14:59 | 021,412,620 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/24 20:56:28 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/01 10:46:58 | 000,143,398 | ---- | C] () -- C:\WINDOWS\System32\TelenorCom.dll
[2012/05/01 10:46:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TJPEGCodec.dll
[2012/03/24 09:40:47 | 000,000,726 | ---- | C] () -- C:\WINDOWS\TNE32.INI
[2012/02/16 00:35:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 11:01:54 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2_WIPE2012.ini
[2012/01/02 11:01:36 | 000,340,992 | ---- | C] () -- C:\WINDOWS\sqlite36_engine.dll
[2011/09/18 19:24:50 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/08/12 06:14:42 | 000,726,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1343024091-1177238915-682003330-1003-0.dat
[2011/08/11 01:32:52 | 000,182,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/13 23:55:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/27 08:04:51 | 000,340,992 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2011/01/04 16:50:47 | 000,000,308 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2011/01/04 16:48:05 | 000,000,301 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2011/01/04 16:48:05 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2011/01/04 16:47:45 | 000,002,762 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2011/01/04 16:47:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2010/12/20 23:28:57 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe
[2010/12/20 20:48:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/16 23:14:25 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2010/11/14 11:55:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/11/08 21:22:28 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Application Data\ViewerApp.dat
[2010/10/19 16:57:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/19 16:57:56 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/19 16:57:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/19 16:57:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/19 16:57:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 12:40:20 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2.ini

========== Custom Scans ==========

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#67
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ken,

Are we having fun yet?

Ok, here ya go. Could it be possible that all of these crypt files are just set to read only, rather than being incrypted?

That would be nice, but no. I'm afraid they're encrypted.

And the bugger got every ieakmmc.chm file too! OK, lets try this.


Step-1.

  • Download the ieakmmc.zip folder below and save it to your desktop. Then log out of G2G.
  • On your desktop, right click the ieakmmc.zip folder and click Extract All..., an Extract Folders window will open.
  • In the box under Files will be extracted to this folder:, type the following:

    C:\Windows\Help
  • Uncheck the box beside Show extracted files when complete if it is checked and click Extract
This will put a copy of the file where it should be.


Step-2.

Now try to uninstall IE8 again. If you get another message that a file is missing let me know and we'll find a good copy.

If this was the only missing file and IE8 completes the uninstall procedure, then pick up with number 9 in STEP 2 (Uninstalling and re-installing IE8) of post #63 and complete the rest of the steps.


Step-3.

Let me know what happened.....

Attached File  ieakmmc.zip   46.3KB   43 downloads
  • 0

#68
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Are you sure about this one?? IE still will not uninstall, and the file which was extracted is: ieakmmc Compiled HTML help file, Which takes me to the webpage "Internet Explorer Maintance".
I've followed your instructions 4 times on how to unzip the file and download to C:\Windows\help but it does not put the file there.

I'm stumped.

Ken
  • 0

#69
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I closed IE and tried to uninstall again after last post.
After that, it would not even open.
I tried to reinstall it and it would say that it needed to restart the computer.
Went through restarting 3 times, and IE still would not open.
Finally had to do system restore to 10:35 pm yesterday and now it opens again! Whew!

Ken
  • 0

#70
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OK, hold on and I'll be back to you.
  • 0

Advertisements


#71
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
A small edit for the Extraction Wizard in XP


  • On your desktop, right click the ieakmmc.zip folder and click Extract All..., The Extraction Wizard will open.
  • Click Next
  • Under Files will be extracted to this folder: box, click the Browse button. A Select a destination window will open.
  • Click the + beside My Computer
  • Click the + beside Local Disk(C:/)
  • Scroll down the list and click the + beside the folder named Windows
  • Scroll down the list and find the folder named Help and click the folder.
  • Click the OK button at the bottom of the window.
This will put a copy of the file where it should be. And it is a compiled HTML help file.

Close the Extraction Wizard and do a search of the C:/Windows/Help folder and make sure the ieakmmc.chm file is there.
If it is see if IE8 will uninstall now. It you can't find it let me know before doing anything else.
  • 0

#72
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Yes - it even asks if I want to overwrite the existing file in C:\windows\help-I answered yes.
However, the only one I see in that folder is <ieakmmc> and the folder has a yellow question mark on it.
It is not a .chm file, rather Microsoft HTML Help file created 07 Jan '09.
The file right next to it is ieakmmc.chm which is a crypt file created Thursday, May 31, 2012, 2:09:31 PM

I'm unable to find one created today.

Ken

Edited by 460jetboat, 24 June 2012 - 01:05 PM.

  • 0

#73
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Are you saying the HELP folder has a yellow question mark on it?

Can you take a screen shot of the folders in the windows folder showing the yellow question mark.

And can you take a screen shot of the ieakmmc files in the C:/Windows/Help folder showing the two of them ?

Capture a Screen Shot

  • When you have the screen up that you want to capture...click on the ALT key + PRT SCR key. This will put the screen shot in the clipboard.
  • Click on Start>> All Programs>> Accessories>> Paint. A Paint window will open up.
  • Left click in the white area and press the CTRL + V keys. This will paste the screen shot from the clipboard into the Paint window.
  • On the Menu bar at the top of the Paint window, click on File, click on Save and save it to your desktop.
  • In the File Name box, name it something related to the screen your capturing.
  • In the Save as type: box, BE SURE TO SAVE IT AS A .JPG ...otherwise it may be to big to upload.

To upload the screen shot and put it in a post, click on this link for directions.
  • 0

#74
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
here's one

Attached Thumbnails

  • Iaekmmc.JPG

  • 0

#75
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Next....

Attached Thumbnails

  • windows-help.JPG

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP