Godawgs,
First, I just want to say "thank you" again for all your help. I'm learning a lot in the process!
OK, My little "castle" never has turned red..it's been green the whole time. Realtime protection is still on, and it has been updating daily.
There are 9 trojans and viruses which have been quarantined :
VirTool:Win32/Obfuscator.ZA 6/20 6:22AM
Rogue:JS/FakePAV 6/10 12:40PM
Trojan:Win32/Meredrop 5/19 5:58AM
Trojan:Win32/Medfos.A 5/19 5:58AM
Trojan:Win32/Mofos.A 5/19 5:58a.m.
TrojanDownloader:Win32/Beebone 5/19 5:58a.m.
Exploit:Java/CVE-2012-0507 5/19 5:58AM
Rogue:Win32/Winwebsec 5/18 6:12 AM
Trojan:Win32/Waprox 5/17 8:27PM
Firefox is completly uninstalled - Thanks for posting instructions!
The IE8 fix did not work, as when I click on tools, internet options the window opens for about a half a second...only subliminally...then dissappears. I tried to re-download it, so it may work after finishing this reply and re-opening IE
Here are the OTL files;
OTL logfile created on: 6/22/2012 10:37:36 PM - Run 14
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Ken Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
503.29 Mb Total Physical Memory | 205.89 Mb Available Physical Memory | 40.91% Memory free
1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.62% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 122.25 Gb Free Space | 65.62% Space Free | Partition Type: NTFS
Computer Name: CLONE | User Name: Ken Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/05/31 22:15:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
PRC - [2012/05/03 13:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/23 12:33:14 | 000,224,888 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/02/18 19:26:06 | 000,300,760 | ---- | M] (Abine Inc.) -- C:\Program Files\DoNotTrackPlus\PropertySync.exe
PRC - [2011/10/17 22:46:26 | 000,740,984 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft Download Manager\MSDownloadManager.exe
PRC - [2011/09/23 14:04:00 | 000,098,208 | ---- | M] (Craftsman Book Company) -- C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/07/15 16:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/06 13:41:06 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/05/04 16:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
========== Modules (No Company Name) ========== MOD - [2012/06/14 03:26:11 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:25:38 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/17 18:26:14 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/17 18:17:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/17 18:16:56 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/04/12 03:12:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_87cec736\system.windows.forms.dll
MOD - [2012/03/24 09:27:11 | 000,222,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CbcCorLib\1.5.0.285__dc62ab6ce5358df9\CbcCorLib.dll
MOD - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/02/18 19:26:02 | 000,893,144 | ---- | M] () -- C:\Program Files\DoNotTrackPlus\ContentFilter.dll
MOD - [2012/02/18 19:26:00 | 000,250,072 | ---- | M] () -- C:\Program Files\DoNotTrackPlus\ButtonSite.dll
MOD - [2012/01/07 09:38:01 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df767a39\mscorlib.dll
MOD - [2012/01/07 09:37:38 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4fd16e16\system.xml.dll
MOD - [2012/01/07 09:37:14 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_643da891\system.dll
MOD - [2012/01/07 09:36:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/07 09:36:48 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010/03/04 04:02:41 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/03/04 04:02:36 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2010/03/03 12:53:12 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqusg\3.0.0.0__a53cf5803f4c3827\interop.hpqusg.dll
MOD - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2007/06/11 17:24:28 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\hppatusg01.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/05/23 08:02:00 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/04/08 17:09:26 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\WINDOWS\system32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/06 15:37:18 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/07/15 16:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2008/07/29 22:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 19:12:04 | 000,059,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/13 19:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 19:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [File_System | On_Demand | Stopped] -- System32\DRIVERS\srv.sys -- (Srv)
DRV - File not found [Kernel | System | Stopped] -- -- (Sfloppy)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Normandy)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KENFOS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/13 22:22:36 | 000,019,507 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sonypvl3.sys -- (sonypvl3)
DRV - [2009/07/15 16:43:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 10:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/12 14:27:00 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007/04/24 09:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007/02/09 15:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 15:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2004/12/06 15:26:16 | 000,423,454 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvt3.sys -- (sonypvt3)
DRV - [2004/11/15 14:55:14 | 000,619,390 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvf3.sys -- (sonypvf3)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003/03/31 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2003/03/31 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/17 07:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 07:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 07:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://google.inklineglobal.comIE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?}IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://google.inklineglobal.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://google.inklineglobal.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://google.inklineglobal.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://google.inklineglobal.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
https://startpage.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKCU\..\SearchScopes,DefaultScope = {088AD4F2-2332-4A4A-BA83-B904BF0BE395}
IE - HKCU\..\SearchScopes\{088AD4F2-2332-4A4A-BA83-B904BF0BE395}: "URL" =
https://startpage.co...anguage=englishIE - HKCU\..\SearchScopes\{09035B5D-896E-4E0F-AA58-B594AFB20D04}: "URL" =
http://websearch.ask...06-23C1020D4831IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...&rlz=1I7ADRA_enIE - HKCU\..\SearchScopes\{B68193F6-AB45-431C-BB9A-3FA4853E6940}: "URL" =
http://wiki.ross-tec...h={searchTerms}IE - HKCU\..\SearchScopes\{F5F655E8-6661-4769-9952-6AE6EBFABC45}: "URL" =
http://search.yahoo....0104,6901,0,8,0IE - HKCU\..\SearchScopes\{F813F595-1DA6-4476-915D-E3C2FDF0B758}: "URL" =
http://www.google.co...q={searchTerms}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/06/22 22:28:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/05/20 05:34:34 | 000,000,000 | ---D | M]
========== Chrome ========== CHR - Extension: No name found = C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.0\
O1 HOSTS File: ([2012/03/19 16:56:11 | 000,000,761 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ken Foster\Start Menu\Programs\Startup\Craftsman Software Update.lnk = C:\Program Files\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Do Not Track Plus © Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533}
https://dcode.suppor...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.micros...b?1267413876265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.mi...b?1267511655031 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C69CF277-F133-496D-BE88-96A6C23FC59D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ken Foster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/07 15:56:27 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2012/06/22 22:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\My Documents\My Downloads
[2012/06/22 22:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2012/06/22 22:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2012/06/19 04:53:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/06/17 12:25:14 | 002,592,800 | ---- | C] (Craftsman Book Company ) -- C:\Documents and Settings\Ken Foster\Desktop\2012_CSL_setup.exe
[2012/06/17 12:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\blekkotb_032
[2012/06/16 11:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/06/16 11:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2012/06/16 11:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2012/06/16 11:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/06/16 11:18:59 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/06/16 11:09:54 | 227,190,984 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\OfficeSTD.exe
[2012/06/16 10:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\blekkotb_019
[2012/06/16 10:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/06/16 10:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2012/06/16 09:24:31 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\FixitCenter_Run.exe
[2012/06/13 06:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\PCHealth
[2012/06/12 18:15:52 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/08 21:36:55 | 000,407,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ken Foster\Desktop\RectorDecryptor.exe
[2012/06/08 21:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor
[2012/06/07 17:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\My Documents\Tyre
[2012/06/05 18:15:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/03 21:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32
[2012/06/03 04:00:56 | 000,685,736 | ---- | C] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\RK_Quarantine
[2012/06/01 14:12:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 19:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/05/26 17:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Desktop\5-25 Dog Show
[2012/05/24 21:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Application Data\AVG Secure Search
[2012/05/24 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/24 21:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\AVG Secure Search
[2012/05/24 21:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
========== Files - Modified Within 30 Days ========== [2012/06/22 22:35:05 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/22 22:28:43 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/22 22:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/22 22:12:38 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/22 22:03:58 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/22 22:03:52 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/22 22:03:50 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/22 22:02:45 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/22 22:02:38 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/22 22:02:37 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/22 22:02:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/22 12:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/06/22 07:06:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/22 02:11:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\PCRepairClinic_fullScan.job
[2012/06/21 21:54:08 | 000,881,475 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\SecurityCheck.exe
[2012/06/20 12:57:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1177238915-682003330-1003.job
[2012/06/17 21:08:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1177238915-682003330-500.job
[2012/06/17 12:43:39 | 000,215,524 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NCE.ubk
[2012/06/17 12:43:36 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wipe 2012.lnk
[2012/06/17 12:39:29 | 000,215,524 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NCE.SAV
[2012/06/17 12:28:16 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2012/06/17 12:25:14 | 002,592,800 | ---- | M] (Craftsman Book Company ) -- C:\Documents and Settings\Ken Foster\Desktop\2012_CSL_setup.exe
[2012/06/17 12:17:04 | 000,170,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/16 18:59:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/16 11:27:39 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/06/16 11:09:54 | 227,190,984 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\OfficeSTD.exe
[2012/06/16 09:24:33 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ken Foster\Desktop\FixitCenter_Run.exe
[2012/06/14 03:21:46 | 000,550,068 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 03:21:46 | 000,100,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 03:11:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/12 15:48:54 | 000,338,127 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 06:05:57 | 000,000,000 | ---- | M] () -- C:\Documents
[2012/06/11 18:00:26 | 023,970,870 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:53:35 | 000,561,840 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/08 21:34:31 | 000,345,653 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/07 19:54:22 | 000,198,144 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\BBG2.ptm
[2012/06/07 17:50:59 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tyre.lnk
[2012/06/03 21:05:25 | 000,247,579 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/03 04:00:56 | 000,685,736 | ---- | M] (Emsisoft GmbH) -- C:\Documents and Settings\Ken Foster\Desktop\decrypt.exe
[2012/06/02 19:18:13 | 001,506,304 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/06/02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/06/02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/06/02 15:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/06/01 18:20:11 | 136,754,960 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/06/01 14:12:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ken Foster\Desktop\aswMBR.exe
[2012/05/31 22:15:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken Foster\Desktop\OTL.exe
[2012/05/31 21:54:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/31 14:45:07 | 000,002,200 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:06 | 000,237,734 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:04 | 000,702,847 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,107,479 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | M] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,155,936 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:15 | 020,521,787 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:15:03 | 021,412,620 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | M] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | M] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/31 08:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/26 17:26:25 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ========== [2012/06/22 22:28:43 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/21 21:54:03 | 000,881,475 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\SecurityCheck.exe
[2012/06/21 21:10:13 | 000,146,666 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Mar 2012 NRR.ubk
[2012/06/17 12:28:16 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2012/06/12 15:48:46 | 000,338,127 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\FSS.exe
[2012/06/12 06:05:57 | 000,000,000 | ---- | C] () -- C:\Documents
[2012/06/11 17:58:59 | 023,970,870 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\BBG.bmp
[2012/06/10 21:51:01 | 000,561,840 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\GPS BBG.jpg
[2012/06/08 21:34:31 | 000,345,653 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\rectordecryptor.zip
[2012/06/07 17:49:58 | 000,000,608 | ---- | C] () -- C:\clickmarker.gif
[2012/06/07 17:49:58 | 000,000,582 | ---- | C] () -- C:\waypoint_last.png
[2012/06/07 17:49:58 | 000,000,562 | ---- | C] () -- C:\waypoint.png
[2012/06/07 17:49:58 | 000,000,501 | ---- | C] () -- C:\waypoint_first.png
[2012/06/07 17:49:58 | 000,000,488 | ---- | C] () -- C:\waypoint_new.png
[2012/06/07 17:49:58 | 000,000,463 | ---- | C] () -- C:\waypoint_blue.png
[2012/06/03 21:05:25 | 000,247,579 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\decrypt_SetSysLog32.zip
[2012/06/02 19:18:09 | 001,506,304 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\RogueKiller.exe
[2012/06/01 18:20:11 | 136,754,960 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\setup_11.0.0.1245.x01_2012_06_01_02_03.exe
[2012/06/01 14:30:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\MBR.dat
[2012/05/31 14:45:06 | 000,002,200 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:05 | 000,237,734 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:03 | 000,702,847 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,107,479 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | C] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:38 | 000,155,936 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:08 | 020,521,787 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:14:59 | 021,412,620 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt
[2012/05/24 20:56:28 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/24 12:54:38 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/05/01 10:46:58 | 000,143,398 | ---- | C] () -- C:\WINDOWS\System32\TelenorCom.dll
[2012/05/01 10:46:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TJPEGCodec.dll
[2012/03/24 09:40:47 | 000,000,726 | ---- | C] () -- C:\WINDOWS\TNE32.INI
[2012/02/16 00:35:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 11:01:54 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2_WIPE2012.ini
[2012/01/02 11:01:36 | 000,340,992 | ---- | C] () -- C:\WINDOWS\sqlite36_engine.dll
[2011/09/18 19:24:50 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/08/12 06:14:42 | 000,726,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1343024091-1177238915-682003330-1003-0.dat
[2011/08/11 01:32:52 | 000,182,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/13 23:55:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/27 08:04:51 | 000,340,992 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2011/01/04 16:50:47 | 000,000,308 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2011/01/04 16:48:05 | 000,000,301 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2011/01/04 16:48:05 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2011/01/04 16:47:45 | 000,002,762 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2011/01/04 16:47:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2010/12/20 23:28:57 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe
[2010/12/20 20:48:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/16 23:14:25 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2010/11/14 11:55:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/11/08 21:22:28 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Ken Foster\Application Data\ViewerApp.dat
[2010/10/19 16:57:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/19 16:57:56 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/19 16:57:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/19 16:57:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/19 16:57:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 12:40:20 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2.ini
========== LOP Check ========== [2012/06/16 10:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2012/05/24 21:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/04/30 13:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/06/17 11:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/04/11 13:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/05/08 08:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/24 09:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Craftsman
[2012/01/07 08:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Doctor Web
[2012/05/17 08:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D5618A014E2B7F00006387D151FC4E
[2012/05/31 19:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/02/19 20:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/04/05 11:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gGh06511jJpPm06511
[2011/11/18 23:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\inKline Global
[2012/05/18 06:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/01/17 06:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2010/12/20 21:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/01/21 09:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Unleashed Online
[2011/03/01 13:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pFfBoGc06511
[2012/05/17 21:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/05/03 17:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2012/05/31 21:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/03/04 23:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/07 17:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tyre
[2010/07/13 14:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wick Building Systems
[2012/01/26 11:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/05/24 21:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\AVG Secure Search
[2012/06/16 10:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\blekkotb_019
[2010/04/13 09:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/12 15:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\Del Rey
[2010/03/02 00:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\DisplayTune
[2012/05/31 16:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\DriverCure
[2011/08/31 07:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\ElevatedDiagnostics
[2011/03/27 14:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\ErrorExpert
[2012/05/24 12:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\FixCleaner
[2012/05/31 16:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\FreeFLVConverter
[2011/08/10 21:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\GARMIN
[2010/12/20 12:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\GetRightToGo
[2010/03/16 22:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\ieSpell
[2011/10/26 21:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\iolo
[2010/03/03 00:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\OpenOffice.org
[2011/01/17 14:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\Oracle
[2012/01/21 09:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\PC Unleashed Online
[2012/04/11 13:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\RPPrivate
[2012/04/11 13:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\searchquband
[2010/12/22 08:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\SoftMaker
[2012/04/11 13:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\SpeedyPC Software
[2012/06/08 21:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\Tyre
[2010/04/06 15:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\Wick Building Systems
[2012/06/21 22:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\WIPE2012
[2010/12/04 18:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken Foster\Application Data\wsInspector
[2012/06/22 12:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\FixCleaner Scan.job
[2012/06/22 02:11:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\PCRepairClinic_fullScan.job
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 6/22/2012 10:37:36 PM - Run 14
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Ken Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
503.29 Mb Total Physical Memory | 205.89 Mb Available Physical Memory | 40.91% Memory free
1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.62% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 122.25 Gb Free Space | 65.62% Space Free | Partition Type: NTFS
Computer Name: CLONE | User Name: Ken Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0B2D57D5-8BFD-4554-A9B6-CC8CC0580F1D}" = RealDownloader
"{0B8E3545-85F7-4146-9F1D-F4C99E0ECB4E}" = 2012 National Renovation and Insurance Repair Estimator
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 25
"{26ED855F-2744-4610-A897-28213766B6CC}" = 2012 National Concrete and Masonry Estimator
"{2722B882-AADE-45AB-93A6-E2DCAEEA8D65}" = Image Data Converter
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{299645D8-CD11-4855-89A3-7485552011E7}" = 2012 National Painting Cost Estimator
"{32C32B46-41C3-438F-94F6-55FE150D50D8}" = ImageMixer EasyStepDVD
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35495A1B-B920-4F7E-84AD-9D42B9E8D1FF}" = The National Estimator
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40B9B3E3-05DA-4EDF-B1B0-3D9042D6CFB6}" = 2012 National Earthwork and Heavy Equipment Estimator
"{41D8E846-F259-4D80-B1E5-AE3AFA919293}" = 2012 National Electrical Estimator
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50717EBF-BF3A-43E5-8D32-037750502E56}" = 2012 National Framing and Finish Carpentry Estimator
"{587F94F4-D4B1-459E-8224-502D8A35171A}" = 2012 National Repair and Remodeling Estimator
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{76CF2560-DA37-4BD5-AE23-EAF550E44C44}" = 2012 Site License Download
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper
"{968931E3-03C7-4593-895B-EF2B6B68C613}" = 2012 National Home Improvement Estimator
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A360821C-6B51-4EE4-A7E5-5E14B15004CD}" = Sony DVD Handycam USB Driver 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BE18FDC3-7E2E-4DE5-B471-DB74491768F2}" = Nextiva Codec
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C14CB40F-1FD0-4E6D-A225-298D6E0E3613}" = 2012 National Construction Estimator
"{C6E44C01-0DF8-465D-A6C0-F8B1159CBBB1}" = Garmin Communicator Plugin
"{C82185E8-C27B-4EF4-2009-1111BC2C2B6D}" = Microsoft MapPoint North America 2009
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D363FD63-5EC5-49B7-A359-97A9CA4789A3}" = 2012 National Heavy Construction Estimator
"{E115C6A3-CE5E-465E-9851-914EC2CCDE1B}" = 2012 National Plumbing and HVAC Estimator
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip 9.20" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Do Not Track Plus Add-on_is1" = Do Not Track Plus Add-on 1.0.5403.0218
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Eusing Free Registry Defrag" = Eusing Free Registry Defrag
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MGI_PHOTOSUITE_V806" = MGI PhotoSuite 8.1 (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NirSoft IPNetInfo" = NirSoft IPNetInfo
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Security Task Manager" = Security Task Manager 1.8d
"TextMaker Viewer" = TextMaker Viewer
"Tyre_is1" = Tyre
"VLC media player" = VLC media player 2.0.1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wipe 2012" = Wipe 2012.08
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 6/20/2012 8:02:42 PM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =
Error - 6/21/2012 4:01:16 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 6/21/2012 4:01:17 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.
Error - 6/21/2012 4:01:23 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =
Error - 6/22/2012 4:01:24 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 6/22/2012 4:01:25 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.
Error - 6/22/2012 4:01:29 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =
Error - 6/22/2012 7:34:43 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 6/22/2012 7:34:44 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\KENFOS~1\LOCALS~1\Temp\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.
Error - 6/22/2012 7:34:47 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =
[ Application Events ]
Error - 6/20/2012 8:02:42 PM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =
Error - 6/21/2012 4:01:16 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 6/21/2012 4:01:17 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.
Error - 6/21/2012 4:01:23 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =
Error - 6/22/2012 4:01:24 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 6/22/2012 4:01:25 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.
Error - 6/22/2012 4:01:29 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =
Error - 6/22/2012 7:34:43 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 6/22/2012 7:34:44 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\KENFOS~1\LOCALS~1\Temp\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.
Error - 6/22/2012 7:34:47 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =
[ Application Events ]
Error - 6/20/2012 8:02:42 PM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =
Error - 6/21/2012 4:01:16 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 6/21/2012 4:01:17 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.
Error - 6/21/2012 4:01:23 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =
Error - 6/22/2012 4:01:24 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 6/22/2012 4:01:25 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.
Error - 6/22/2012 4:01:29 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =
Error - 6/22/2012 7:34:43 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 6/22/2012 7:34:44 AM | Computer Name = CLONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\KENFOS~1\LOCALS~1\Temp\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.
Error - 6/22/2012 7:34:47 AM | Computer Name = CLONE | Source = NativeWrapper | ID = 5000
Description =
[ System Events ]
Error - 6/21/2012 10:40:03 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The Bing Bar Update Service service failed to start due to the following
error: %%3
Error - 6/21/2012 10:40:04 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The BBUpdate service failed to start due to the following error: %%3
Error - 6/21/2012 10:40:04 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%2
Error - 6/21/2012 10:40:04 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%2
Error - 6/22/2012 4:06:17 AM | Computer Name = CLONE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
Error - 6/22/2012 7:34:52 AM | Computer Name = CLONE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The Bing Bar Update Service service failed to start due to the following
error: %%3
Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The BBUpdate service failed to start due to the following error: %%3
Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%2
Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%2
[ System Events ]
Error - 6/21/2012 10:40:03 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The Bing Bar Update Service service failed to start due to the following
error: %%3
Error - 6/21/2012 10:40:04 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The BBUpdate service failed to start due to the following error: %%3
Error - 6/21/2012 10:40:04 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%2
Error - 6/21/2012 10:40:04 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%2
Error - 6/22/2012 4:06:17 AM | Computer Name = CLONE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
Error - 6/22/2012 7:34:52 AM | Computer Name = CLONE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The Bing Bar Update Service service failed to start due to the following
error: %%3
Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7000
Description = The BBUpdate service failed to start due to the following error: %%3
Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%2
Error - 6/22/2012 11:03:20 PM | Computer Name = CLONE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%2
< End of report >
Update still will not work, and I still am unable to open IE8/tools/internet options
Edited by 460jetboat, 22 June 2012 - 09:51 PM.