# desktop icons not working



## sammy221 (Jun 24, 2012)

Must have picked up a bug during a download yesterday.... desktop icons do not work on double-click, nor any links when using the Start Menu. Think I got all the attachments you asked for... thanks in advance!


----------



## flavallee (May 12, 2002)

What did you download that you suspect your computer "picked up a bug" from?

How did you obtain *Microsoft Office Enterprise 2007*?

You have *AVG 2012* installed. Hopefully, you have NOT been using its file and registry cleaning feature.

-----------------------------------------------------------

Download and save and then install the free version of

*Malwarebytes Anti-Malware 1.61.0.1400*

*SUPERAntiSpyware 5.1.0.1002*

Make sure to update their definition files during the install process.

Make sure to uncheck and decline to install any extras, such as toolbars and homepages, they may offer.

After they're installed and updated, restart the computer.

Run a quick scan with each of them.

When each scan is finished, select and remove EVERYTHING they found.

Restart the computer, if prompted to, so the removal process can finish.

Note: DON'T use the computer while each scan is in progress.

-----------------------------------------------------------


----------



## sammy221 (Jun 24, 2012)

I suspect it was a zip program called 7zip, installed a bunch of garbage on the machine that I have already removed (or so I thought), along with that program.

I have no idea how I got Office Enterprise. I did an upgrade on Windows Installer yesterday as well, I was prompted to do that while installing the GameStop app, could that be how?

No, I never touch the AVG registry stuff. Just use it for general spyware scanning. should I not be using AVG? if not, what would you recommend?

Will go run the recommended scans now. Thanks!


----------



## flavallee (May 12, 2002)

*7-Zip* is okay to use and comes pre-installed in some new computers.

Practically every program that you install or update gives you the option to uncheck and decline to install extras, such as toolbars and homepages and scanners. Many people don't take time to read each window that appears during an install/update process, and they blindly accept the default options. The end result is a computer that accumulates all this garbage - much of it which contains malware, spyware, etc..

Personally, I would get rid of *AVG 2012* and then replace it with *Microsoft Security Essentials 4.0.1526.0*. It's light-weight and very user-friendly and well-recommended here.

----------------------------------------------------------


----------



## sammy221 (Jun 24, 2012)

I think that was the problem when I downloaded, wasn't paying attention. Malwarebytes did pick up several items that are now deleted. The icons issue still exists however, and Superantispyware was unable to install... "Error creating shortcuts, aborting installation."


----------



## flavallee (May 12, 2002)

Start Malwarebytes Anti-Malware.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

------------------------------------------------------------

It appears that you downloaded and installed *jZip* and not *7-Zip*.

I'm not familiar with it, so I don't know if it's reliable and safe to use.

------------------------------------------------------------


----------



## sammy221 (Jun 24, 2012)

Malware log file attached.


----------



## flavallee (May 12, 2002)

It can't be viewed as an attachment, so I'm copying-and-pasting it here.

----------------------------------------------------------

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Poopy :: ME-5C333FFBDF86 [administrator]

6/24/2012 10:48:27 AM
mbam-log-2012-06-24 (10-48-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190623
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\RECYCLER\S-1-5-21-1957994488-725345543-748979477-1003\Dc11.exe (PUP.BundleInstaller.IQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poopy\Local Settings\Temp\J8s3YGMn.exe.part (PUP.BundleInstaller.IQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poopy\Local Settings\Temporary Internet Files\Content.IE5\4XHTVT8D\vfd-cb-signed[1].exe (Rootkit.Agent) -> Quarantined and deleted successfully.

----------------------------------------------------------


----------



## flavallee (May 12, 2002)

Click Start - Run, then type in

*%temp%* (% is the percentage symbol on the number 5 key)

and then click OK.

Click Start - Run, then type in

*c:\windows\temp*

and then click OK.

Once those 2 temp folders appear and you can view their contents, select and delete EVERYTHING that's inside them.

If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

If a massive number of files are being deleted, the computer may appear to "hang". Be patient and wait for the deletion process to finish.

After it's done, restart the computer.

-----------------------------------------------------------

Try again to install and update *SUPERAntiSpyware* and then run a quick scan with it and then remove EVERYTHING it finds.

-----------------------------------------------------------


----------



## sammy221 (Jun 24, 2012)

Deleting and restart done. SuperAntiSpyware will still not install.


----------



## flavallee (May 12, 2002)

The download file may be corrupted. Delete it, then download and save and try to install it again.

Your computer may have a rootkit infection - which I'm not trained and qualified to deal with. Some rootkit infections can't be resolved and may require doing a clean reinstall of Windows to get rid of it.

-------------------------------------------------------


----------



## sammy221 (Jun 24, 2012)

The re-download gives me the same error message, unfortunately.


----------



## flavallee (May 12, 2002)

I've requested a gold/blue shield removal specialist assist you. This section is very busy, so I don''t know when one will reply. Good luck. I'm going off-line shortly for the rest of the day.

--------------------------------------------------------


----------



## sammy221 (Jun 24, 2012)

OK, thanks for all your help.


----------



## Cookiegal (Aug 27, 2003)

I'm posting a couple of your logs here for easier reference. Please do not attach logs unless asked to do so.

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702
Run by Poopy at 9:40:06 on 2012-06-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.213 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1310344557625
TCP: DhcpNameServer = 216.138.0.4 216.138.27.254
TCP: Interfaces\{03F0AC22-6B71-4F83-BAEC-3748AA81050F} : DhcpNameServer = 216.138.0.4 216.138.27.254
TCP: Interfaces\{E68CBBDC-47FE-41E2-8BBE-4F950990696A} : DhcpNameServer = 216.138.0.4 216.138.27.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2011-7-10 278528]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2011-7-10 642432]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-7-10 50704]
.
=============== Created Last 30 ================
.
2012-06-24 06:11:25	--------	d-----w-	c:\program files\common files\Stardock
2012-06-24 06:10:53	--------	d-----w-	c:\program files\2K Games
2012-06-24 06:01:38	--------	d-----w-	c:\documents and settings\all users\application data\Gibraltar
2012-06-23 21:30:12	--------	d-----w-	c:\documents and settings\poopy\application data\Stardock
2012-06-23 21:29:25	--------	d-----w-	c:\program files\GameStop App
2012-06-23 21:29:25	--------	d-----w-	c:\documents and settings\all users\application data\GameStop
2012-06-23 21:02:11	--------	dc-h--w-	c:\documents and settings\all users\application data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}
2012-06-23 21:01:56	--------	d-----w-	c:\documents and settings\poopy\local settings\application data\PackageAware
2012-06-23 20:56:32	--------	d-----w-	c:\documents and settings\all users\application data\Stardock
2012-06-23 20:49:05	--------	d-----w-	c:\program files\OApps
2012-06-23 20:49:01	--------	d-----w-	c:\documents and settings\all users\application data\blekko toolbars
2012-06-23 20:43:23	--------	d-----w-	c:\program files\Free Offers from Freeze.com
2012-06-13 00:01:34	521728	-c----w-	c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-15 00:17:13	1809	----a-w-	c:\windows\wininit.tmp
2012-06-02 20:19:44	22040	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38	15384	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34	15384	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30	17944	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09	599040	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:08:26	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:20:33	1863168	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 14:42:33	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 12:08:49	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-11 12:08:49	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-11 11:38:02	385024	----a-w-	c:\windows\system32\html.iec
2012-05-04 13:16:13	2148352	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19	2026496	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-19 09:50:26	24896	----a-w-	c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 9:41:06.21 ===============


----------



## Cookiegal (Aug 27, 2003)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/10/2011 5:52:28 PM
System Uptime: 6/24/2012 7:16:08 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 124.969 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_29A2&SUBSYS_01DD1028&REV_02\3&172E68DD&0&10
Manufacturer: 
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_29A2&SUBSYS_01DD1028&REV_02\3&172E68DD&0&10
Service: 
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_29A3&SUBSYS_01DD1028&REV_02\3&172E68DD&0&11
Manufacturer: 
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_29A3&SUBSYS_01DD1028&REV_02\3&172E68DD&0&11
Service: 
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_01DD1028&REV_02\3&172E68DD&0&C8
Manufacturer: 
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_01DD1028&REV_02\3&172E68DD&0&C8
Service: 
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&1B02CB0B&0&18F0
Manufacturer: 
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&1B02CB0B&0&18F0
Service: 
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_01DD1028&REV_02\3&172E68DD&0&FB
Manufacturer: 
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_01DD1028&REV_02\3&172E68DD&0&FB
Service: 
.
==== System Restore Points ===================
.
RP275: 3/26/2012 3:47:10 PM - System Checkpoint
RP276: 3/27/2012 4:47:10 PM - System Checkpoint
RP277: 3/28/2012 4:47:22 PM - System Checkpoint
RP278: 3/29/2012 6:23:22 PM - System Checkpoint
RP279: 3/30/2012 6:47:22 PM - System Checkpoint
RP280: 3/31/2012 7:47:22 PM - System Checkpoint
RP281: 4/1/2012 8:10:56 PM - System Checkpoint
RP282: 4/2/2012 9:10:56 PM - System Checkpoint
RP283: 4/3/2012 9:11:08 PM - System Checkpoint
RP284: 4/4/2012 10:11:08 PM - System Checkpoint
RP285: 4/5/2012 11:11:08 PM - System Checkpoint
RP286: 4/7/2012 12:11:10 AM - System Checkpoint
RP287: 4/8/2012 12:46:39 AM - System Checkpoint
RP288: 4/9/2012 1:46:16 AM - System Checkpoint
RP289: 4/10/2012 1:46:39 AM - System Checkpoint
RP290: 4/10/2012 6:10:54 PM - Software Distribution Service 3.0
RP291: 4/11/2012 6:48:47 PM - System Checkpoint
RP292: 4/12/2012 7:48:47 PM - System Checkpoint
RP293: 4/13/2012 11:40:18 PM - System Checkpoint
RP294: 4/14/2012 11:53:48 PM - System Checkpoint
RP295: 4/16/2012 12:28:29 AM - System Checkpoint
RP296: 4/17/2012 1:28:29 AM - System Checkpoint
RP297: 4/18/2012 2:28:29 AM - System Checkpoint
RP298: 4/19/2012 2:40:15 AM - System Checkpoint
RP299: 4/20/2012 3:28:42 AM - System Checkpoint
RP300: 4/21/2012 3:40:43 AM - System Checkpoint
RP301: 4/22/2012 4:08:06 AM - System Checkpoint
RP302: 4/23/2012 5:08:06 AM - System Checkpoint
RP303: 4/24/2012 6:08:06 AM - System Checkpoint
RP304: 4/25/2012 7:08:06 AM - System Checkpoint
RP305: 4/26/2012 8:08:10 AM - System Checkpoint
RP306: 4/27/2012 9:08:09 AM - System Checkpoint
RP307: 4/28/2012 10:08:07 AM - System Checkpoint
RP308: 4/29/2012 12:34:45 PM - System Checkpoint
RP309: 4/30/2012 12:52:28 PM - System Checkpoint
RP310: 5/1/2012 1:08:24 PM - System Checkpoint
RP311: 5/2/2012 2:08:25 PM - System Checkpoint
RP312: 5/3/2012 2:14:00 PM - System Checkpoint
RP313: 5/4/2012 3:14:00 PM - System Checkpoint
RP314: 5/5/2012 3:15:15 PM - System Checkpoint
RP315: 5/6/2012 4:14:10 PM - System Checkpoint
RP316: 5/7/2012 5:25:17 PM - System Checkpoint
RP317: 5/8/2012 6:14:10 PM - System Checkpoint
RP318: 5/9/2012 6:42:35 PM - System Checkpoint
RP319: 5/10/2012 8:11:02 PM - System Checkpoint
RP320: 5/11/2012 5:32:22 PM - Software Distribution Service 3.0
RP321: 5/12/2012 5:52:41 PM - System Checkpoint
RP322: 5/13/2012 5:57:11 PM - System Checkpoint
RP323: 5/14/2012 7:09:12 PM - System Checkpoint
RP324: 5/15/2012 12:28:28 PM - Installed AVG 2012
RP325: 5/15/2012 12:31:12 PM - Removed AVG 2012
RP326: 5/16/2012 12:54:53 PM - System Checkpoint
RP327: 5/17/2012 12:57:12 PM - System Checkpoint
RP328: 5/18/2012 1:57:12 PM - System Checkpoint
RP329: 5/19/2012 1:57:29 PM - System Checkpoint
RP330: 5/20/2012 2:24:30 PM - System Checkpoint
RP331: 5/21/2012 2:31:28 PM - System Checkpoint
RP332: 5/22/2012 3:24:31 PM - System Checkpoint
RP333: 5/23/2012 4:24:31 PM - System Checkpoint
RP334: 5/24/2012 5:10:21 PM - System Checkpoint
RP335: 5/25/2012 6:10:21 PM - System Checkpoint
RP336: 5/26/2012 7:10:21 PM - System Checkpoint
RP337: 5/27/2012 8:10:21 PM - System Checkpoint
RP338: 5/28/2012 9:10:23 PM - System Checkpoint
RP339: 5/29/2012 10:10:21 PM - System Checkpoint
RP340: 5/30/2012 11:10:21 PM - System Checkpoint
RP341: 6/1/2012 12:10:23 AM - System Checkpoint
RP342: 6/2/2012 12:18:59 AM - System Checkpoint
RP343: 6/3/2012 12:36:08 AM - System Checkpoint
RP344: 6/4/2012 1:10:36 AM - System Checkpoint
RP345: 6/5/2012 2:10:34 AM - System Checkpoint
RP346: 6/6/2012 2:15:31 AM - System Checkpoint
RP347: 6/7/2012 3:15:32 AM - System Checkpoint
RP348: 6/8/2012 4:15:32 AM - System Checkpoint
RP349: 6/9/2012 5:58:17 AM - System Checkpoint
RP350: 6/10/2012 6:02:53 AM - System Checkpoint
RP351: 6/11/2012 6:10:20 AM - System Checkpoint
RP352: 6/12/2012 7:10:37 AM - System Checkpoint
RP353: 6/13/2012 8:10:37 AM - System Checkpoint
RP354: 6/14/2012 9:10:37 AM - System Checkpoint
RP355: 6/15/2012 10:10:37 AM - System Checkpoint
RP356: 6/16/2012 11:10:39 AM - System Checkpoint
RP357: 6/16/2012 12:36:38 PM - Software Distribution Service 3.0
RP358: 6/17/2012 1:21:32 PM - System Checkpoint
RP359: 6/18/2012 1:26:09 PM - System Checkpoint
RP360: 6/19/2012 2:26:09 PM - System Checkpoint
RP361: 6/20/2012 3:26:09 PM - System Checkpoint
RP362: 6/21/2012 4:26:09 PM - System Checkpoint
RP363: 6/22/2012 4:36:03 PM - System Checkpoint
RP364: 6/23/2012 4:16:06 PM - Installed Windows XP KB942288-v3.
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AIM 7
AVG 2012
BovadaPoker
Civilization III
Civilization III: Complete
Download Updater (AOL LLC)
ESPNMotion
GameStop App
GemMaster Mystic
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
jZip
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 9.0.1 (x86 en-US)
NETGEAR WNA3100 wireless USB 2.0 adapter
Pdf995
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SigmaTel Audio
Sonic Encoders
Strat-O-Matic Baseball 2012f
Strat-O-Matic CD-ROM Ver16.00H
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
6/23/2012 4:18:14 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/20/2012 12:37:20 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 30469A29BDBA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/17/2012 11:18:25 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## sammy221 (Jun 24, 2012)

Sorry for the long delay, been very busy. The ComboFix/puppy log is attached.


----------



## Cookiegal (Aug 27, 2003)

Please copy and past the log in a reply.


----------



## sammy221 (Jun 24, 2012)

Sorry about that. Here you go.

ComboFix 12-07-07.04 - Poopy 07/07/2012 15:27:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.155 [GMT -5:00]
Running from: c:\documents and settings\Poopy\My Documents\TechGuy stuff\puppy.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-05 00:10 . 2012-07-05 00:10 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-07-05 00:10 . 2012-07-05 00:10 -------- d-----w- c:\program files\Common Files\xing shared
2012-07-05 00:09 . 2012-07-05 00:09 150736 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-07-05 00:09 . 2012-07-05 00:09 129176 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-24 15:37 . 2012-06-24 15:37 -------- d-----w- c:\documents and settings\Poopy\Application Data\Malwarebytes
2012-06-24 15:37 . 2012-06-24 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-24 15:37 . 2012-06-24 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-24 15:37 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 06:11 . 2012-06-24 06:11 -------- d-----w- c:\program files\Common Files\Stardock
2012-06-24 06:10 . 2012-06-24 06:10 -------- d-----w- c:\program files\2K Games
2012-06-24 06:01 . 2012-06-24 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Gibraltar
2012-06-23 21:30 . 2012-06-23 21:30 -------- d-----w- c:\documents and settings\Poopy\Application Data\Stardock
2012-06-23 21:29 . 2012-06-24 17:13 -------- d-----w- c:\program files\GameStop App
2012-06-23 21:29 . 2012-06-23 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\GameStop
2012-06-23 21:02 . 2012-06-23 21:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}
2012-06-23 21:01 . 2012-06-23 21:01 -------- d-----w- c:\documents and settings\Poopy\Local Settings\Application Data\PackageAware
2012-06-23 20:56 . 2012-06-23 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2012-06-23 20:49 . 2012-06-23 20:49 -------- d-----w- c:\program files\OApps
2012-06-23 20:49 . 2012-06-23 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-06-13 00:01 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 00:19 . 2012-04-01 18:12 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-05 00:19 . 2011-07-15 00:35 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 00:09 . 2011-07-10 23:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-05 00:09 . 2011-07-10 23:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-15 00:17 . 2012-01-04 01:39 1809 ----a-w- c:\windows\wininit.tmp
2012-06-02 20:19 . 2011-07-11 00:38 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2011-07-11 00:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2011-07-10 22:47 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2011-07-10 22:47 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2011-07-10 22:47 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2011-07-11 00:38 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2011-07-11 00:38 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2011-07-10 22:47 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2011-07-10 22:47 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2011-07-11 00:38 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2011-07-10 22:47 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2011-07-10 22:47 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-10 11:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-07-10 22:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-01-13 23:25 . 2011-07-15 00:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-07-05 296096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 301248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [7/10/2011 6:55 PM 642432]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [7/10/2011 6:55 PM 278528]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 1:12 PM 257696]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:19]
.
2012-07-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-725345543-748979477-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 17:00]
.
2012-07-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-725345543-748979477-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 17:00]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 216.138.0.4 216.138.27.254
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-07 15:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3112)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-07-07 15:41:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 20:41
.
Pre-Run: 134,070,530,048 bytes free
Post-Run: 134,215,299,072 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A589CF7606924F4969A5DD426151EE41


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## sammy221 (Jun 24, 2012)

When I try to run OTS, I get this message: "OldTime Scanner has encountered a problem and needs to close", along with the standard option to tell Microsoft about the problem.


----------



## Cookiegal (Aug 27, 2003)

Let's try this one instead:

Download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under Custom Scans/Fixes type in *Netsvcs*
Click the Quick Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## sammy221 (Jun 24, 2012)

Scan runs for about 5 minutes, and this error pops up:

Access violation at address 0052C047 in module 'OTL.exe'. Read of address 00000000.

I click OK, and the scan pauses at trying to read the Start Menu folder.


----------



## Cookiegal (Aug 27, 2003)

Download and run the following tool to help allow other programs to run. _(Courtesy of BleepingComputer.com)_
There are 4 different versions. If one of them won't run then download and try to run the other one. Do not reboot after running this program.

Vista and Win7 users need to right click and choose *Run as Admin* 
*You only need to get one of them to run, not all of them.*

rkill.exe
rkill.com
rkill.scr
rkill.pif

Then see if you can get either OTS or OTL to run.


----------



## sammy221 (Jun 24, 2012)

Here's the rkill log:

This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish. 

Rkill was run on 07/12/2012 at 17:01:54. 
Operating System: Microsoft Windows XP 


Processes terminated by Rkill or while it was running: 



Rkill completed on 07/12/2012 at 17:02:04. 


Tried both OTS and OTL again and got the same errors as before.


----------



## Cookiegal (Aug 27, 2003)

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## sammy221 (Jun 24, 2012)

The TDSSKiller log:

21:53:04.0787 9944 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
21:53:05.0271 9944 ============================================================
21:53:05.0271 9944 Current date / time: 2012/07/12 21:53:05.0271
21:53:05.0271 9944 SystemInfo:
21:53:05.0271 9944 
21:53:05.0271 9944 OS Version: 5.1.2600 ServicePack: 3.0
21:53:05.0271 9944 Product type: Workstation
21:53:05.0271 9944 ComputerName: ME-5C333FFBDF86
21:53:05.0271 9944 UserName: Poopy
21:53:05.0271 9944 Windows directory: C:\WINDOWS
21:53:05.0271 9944 System windows directory: C:\WINDOWS
21:53:05.0271 9944 Processor architecture: Intel x86
21:53:05.0271 9944 Number of processors: 2
21:53:05.0271 9944 Page size: 0x1000
21:53:05.0271 9944 Boot type: Normal boot
21:53:05.0271 9944 ============================================================
21:53:05.0834 9944 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:53:05.0834 9944 ============================================================
21:53:05.0834 9944 \Device\Harddisk0\DR0:
21:53:05.0834 9944 MBR partitions:
21:53:05.0834 9944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x120A8A59
21:53:05.0834 9944 ============================================================
21:53:05.0865 9944 C: <-> \Device\Harddisk0\DR0\Partition0
21:53:05.0865 9944 ============================================================
21:53:05.0865 9944 Initialize success
21:53:05.0865 9944 ============================================================
21:53:12.0724 3440 ============================================================
21:53:12.0724 3440 Scan started
21:53:12.0724 3440 Mode: Manual; 
21:53:12.0724 3440 ============================================================
21:53:12.0943 3440 Abiosdsk - ok
21:53:12.0974 3440 abp480n5 - ok
21:53:13.0006 3440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:53:13.0006 3440 ACPI - ok
21:53:13.0037 3440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:53:13.0037 3440 ACPIEC - ok
21:53:13.0115 3440 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:53:13.0115 3440 AdobeFlashPlayerUpdateSvc - ok
21:53:13.0131 3440 adpu160m - ok
21:53:13.0193 3440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:53:13.0193 3440 aec - ok
21:53:13.0224 3440 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:53:13.0224 3440 AFD - ok
21:53:13.0240 3440 Aha154x - ok
21:53:13.0271 3440 aic78u2 - ok
21:53:13.0287 3440 aic78xx - ok
21:53:13.0349 3440 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:53:13.0349 3440 Alerter - ok
21:53:13.0396 3440 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:53:13.0396 3440 ALG - ok
21:53:13.0396 3440 AliIde - ok
21:53:13.0427 3440 amsint - ok
21:53:13.0506 3440 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:53:13.0506 3440 AppMgmt - ok
21:53:13.0521 3440 asc - ok
21:53:13.0552 3440 asc3350p - ok
21:53:13.0568 3440 asc3550 - ok
21:53:13.0724 3440 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:53:13.0724 3440 aspnet_state - ok
21:53:13.0787 3440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:53:13.0787 3440 AsyncMac - ok
21:53:13.0834 3440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
21:53:13.0834 3440 atapi - ok
21:53:13.0849 3440 Atdisk - ok
21:53:13.0881 3440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:53:13.0881 3440 Atmarpc - ok
21:53:13.0912 3440 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:53:13.0912 3440 AudioSrv - ok
21:53:13.0959 3440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:53:13.0959 3440 audstub - ok
21:53:14.0318 3440 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:53:14.0349 3440 AVGIDSAgent - ok
21:53:14.0506 3440 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
21:53:14.0506 3440 AVGIDSDriver - ok
21:53:14.0537 3440 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
21:53:14.0537 3440 AVGIDSFilter - ok
21:53:14.0584 3440 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
21:53:14.0584 3440 AVGIDSHX - ok
21:53:14.0615 3440 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
21:53:14.0615 3440 AVGIDSShim - ok
21:53:14.0662 3440 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:53:14.0677 3440 Avgldx86 - ok
21:53:14.0693 3440 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:53:14.0693 3440 Avgmfx86 - ok
21:53:14.0724 3440 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:53:14.0724 3440 Avgrkx86 - ok
21:53:14.0787 3440 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:53:14.0787 3440 Avgtdix - ok
21:53:14.0849 3440 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:53:14.0849 3440 avgwd - ok
21:53:14.0927 3440 BCMH43XX (b770039886598aab7cf5eaeec2409e31) C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
21:53:14.0927 3440 BCMH43XX - ok
21:53:14.0974 3440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:53:14.0974 3440 Beep - ok
21:53:15.0037 3440 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:53:15.0037 3440 BITS - ok
21:53:15.0084 3440 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:53:15.0084 3440 Browser - ok
21:53:15.0099 3440 catchme - ok
21:53:15.0146 3440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:53:15.0146 3440 cbidf2k - ok
21:53:15.0162 3440 cd20xrnt - ok
21:53:15.0209 3440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:53:15.0209 3440 Cdaudio - ok
21:53:15.0224 3440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:53:15.0224 3440 Cdfs - ok
21:53:15.0271 3440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:53:15.0271 3440 Cdrom - ok
21:53:15.0302 3440 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
21:53:15.0302 3440 cercsr6 - ok
21:53:15.0318 3440 Changer - ok
21:53:15.0365 3440 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:53:15.0365 3440 CiSvc - ok
21:53:15.0396 3440 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:53:15.0396 3440 ClipSrv - ok
21:53:15.0521 3440 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:53:15.0521 3440 clr_optimization_v2.0.50727_32 - ok
21:53:15.0537 3440 CmdIde - ok
21:53:15.0568 3440 COMSysApp - ok
21:53:15.0615 3440 Cpqarray - ok
21:53:15.0662 3440 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:53:15.0662 3440 CryptSvc - ok
21:53:15.0677 3440 dac2w2k - ok
21:53:15.0693 3440 dac960nt - ok
21:53:15.0756 3440 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:53:15.0756 3440 DcomLaunch - ok
21:53:15.0818 3440 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:53:15.0818 3440 Dhcp - ok
21:53:15.0834 3440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:53:15.0834 3440 Disk - ok
21:53:15.0865 3440 dmadmin - ok
21:53:15.0927 3440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:53:15.0927 3440 dmboot - ok
21:53:15.0959 3440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:53:15.0959 3440 dmio - ok
21:53:15.0974 3440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:53:15.0974 3440 dmload - ok
21:53:16.0021 3440 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:53:16.0021 3440 dmserver - ok
21:53:16.0068 3440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:53:16.0068 3440 DMusic - ok
21:53:16.0099 3440 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:53:16.0115 3440 Dnscache - ok
21:53:16.0146 3440 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:53:16.0146 3440 Dot3svc - ok
21:53:16.0162 3440 dpti2o - ok
21:53:16.0209 3440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:53:16.0209 3440 drmkaud - ok
21:53:16.0256 3440 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:53:16.0256 3440 EapHost - ok
21:53:16.0318 3440 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
21:53:16.0318 3440 ehRecvr - ok
21:53:16.0365 3440 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
21:53:16.0365 3440 ehSched - ok
21:53:16.0396 3440 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:53:16.0396 3440 ERSvc - ok
21:53:16.0443 3440 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:53:16.0443 3440 Eventlog - ok
21:53:16.0490 3440 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:53:16.0490 3440 EventSystem - ok
21:53:16.0521 3440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:53:16.0521 3440 Fastfat - ok
21:53:16.0568 3440 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:53:16.0568 3440 FastUserSwitchingCompatibility - ok
21:53:16.0615 3440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:53:16.0615 3440 Fdc - ok
21:53:16.0631 3440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:53:16.0631 3440 Fips - ok
21:53:16.0646 3440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:53:16.0662 3440 Flpydisk - ok
21:53:16.0709 3440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:53:16.0709 3440 FltMgr - ok
21:53:16.0787 3440 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:53:16.0787 3440 FontCache3.0.0.0 - ok
21:53:16.0818 3440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:53:16.0818 3440 Fs_Rec - ok
21:53:16.0865 3440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:53:16.0865 3440 Ftdisk - ok
21:53:16.0912 3440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:53:16.0912 3440 Gpc - ok
21:53:16.0943 3440 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:53:16.0959 3440 HDAudBus - ok
21:53:17.0021 3440 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:53:17.0021 3440 helpsvc - ok
21:53:17.0037 3440 HidServ - ok
21:53:17.0084 3440 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:53:17.0084 3440 hidusb - ok
21:53:17.0131 3440 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:53:17.0131 3440 hkmsvc - ok
21:53:17.0146 3440 hpn - ok
21:53:17.0193 3440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:53:17.0209 3440 HTTP - ok
21:53:17.0240 3440 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:53:17.0256 3440 HTTPFilter - ok
21:53:17.0256 3440 i2omgmt - ok
21:53:17.0287 3440 i2omp - ok
21:53:17.0318 3440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
21:53:17.0318 3440 i8042prt - ok
21:53:17.0349 3440 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:53:17.0349 3440 iastor - ok
21:53:17.0474 3440 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:53:17.0474 3440 idsvc - ok
21:53:17.0490 3440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:53:17.0490 3440 Imapi - ok
21:53:17.0552 3440 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:53:17.0568 3440 ImapiService - ok
21:53:17.0584 3440 ini910u - ok
21:53:17.0615 3440 IntelIde - ok
21:53:17.0662 3440 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:53:17.0662 3440 intelppm - ok
21:53:17.0693 3440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:53:17.0693 3440 Ip6Fw - ok
21:53:17.0724 3440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:53:17.0724 3440 IpFilterDriver - ok
21:53:17.0756 3440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:53:17.0756 3440 IpInIp - ok
21:53:17.0787 3440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:53:17.0802 3440 IpNat - ok
21:53:17.0818 3440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:53:17.0818 3440 IPSec - ok
21:53:17.0849 3440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:53:17.0849 3440 IRENUM - ok
21:53:17.0881 3440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:53:17.0881 3440 isapnp - ok
21:53:17.0927 3440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:53:17.0927 3440 Kbdclass - ok
21:53:17.0943 3440 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:53:17.0943 3440 kbdhid - ok
21:53:18.0006 3440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:53:18.0006 3440 kmixer - ok
21:53:18.0037 3440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:53:18.0037 3440 KSecDD - ok
21:53:18.0068 3440 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:53:18.0068 3440 lanmanserver - ok
21:53:18.0099 3440 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:53:18.0099 3440 lanmanworkstation - ok
21:53:18.0115 3440 lbrtfdc - ok
21:53:18.0162 3440 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:53:18.0177 3440 LmHosts - ok
21:53:18.0240 3440 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
21:53:18.0240 3440 McrdSvc - ok
21:53:18.0271 3440 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:53:18.0271 3440 Messenger - ok
21:53:18.0318 3440 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
21:53:18.0318 3440 MHN - ok
21:53:18.0349 3440 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:53:18.0349 3440 MHNDRV - ok
21:53:18.0459 3440 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:53:18.0459 3440 Microsoft Office Groove Audit Service - ok
21:53:18.0474 3440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:53:18.0474 3440 mnmdd - ok
21:53:18.0521 3440 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:53:18.0521 3440 mnmsrvc - ok
21:53:18.0568 3440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:53:18.0568 3440 Modem - ok
21:53:18.0584 3440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:53:18.0584 3440 Mouclass - ok
21:53:18.0615 3440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:53:18.0615 3440 mouhid - ok
21:53:18.0646 3440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:53:18.0646 3440 MountMgr - ok
21:53:18.0662 3440 mraid35x - ok
21:53:18.0693 3440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:53:18.0693 3440 MRxDAV - ok
21:53:18.0756 3440 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:53:18.0756 3440 MRxSmb - ok
21:53:18.0771 3440 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:53:18.0771 3440 MSDTC - ok
21:53:18.0818 3440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:53:18.0818 3440 Msfs - ok
21:53:18.0849 3440 MSIServer - ok
21:53:18.0881 3440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:53:18.0881 3440 MSKSSRV - ok
21:53:18.0896 3440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:53:18.0912 3440 MSPCLOCK - ok
21:53:18.0927 3440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:53:18.0943 3440 MSPQM - ok
21:53:18.0990 3440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:53:18.0990 3440 mssmbios - ok
21:53:19.0006 3440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:53:19.0006 3440 Mup - ok
21:53:19.0052 3440 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:53:19.0068 3440 napagent - ok
21:53:19.0099 3440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:53:19.0099 3440 NDIS - ok
21:53:19.0131 3440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:53:19.0131 3440 NdisTapi - ok
21:53:19.0177 3440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:53:19.0177 3440 Ndisuio - ok
21:53:19.0193 3440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:53:19.0193 3440 NdisWan - ok
21:53:19.0224 3440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:53:19.0224 3440 NDProxy - ok
21:53:19.0240 3440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:53:19.0256 3440 NetBIOS - ok
21:53:19.0302 3440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:53:19.0302 3440 NetBT - ok
21:53:19.0381 3440 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:53:19.0381 3440 NetDDE - ok
21:53:19.0396 3440 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:53:19.0396 3440 NetDDEdsdm - ok
21:53:19.0443 3440 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:53:19.0443 3440 Netlogon - ok
21:53:19.0490 3440 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:53:19.0490 3440 Netman - ok
21:53:19.0646 3440 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:53:19.0646 3440 NetTcpPortSharing - ok
21:53:19.0693 3440 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:53:19.0693 3440 Nla - ok
21:53:19.0709 3440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:53:19.0709 3440 Npfs - ok
21:53:19.0756 3440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:53:19.0756 3440 Ntfs - ok
21:53:19.0771 3440 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:53:19.0771 3440 NtLmSsp - ok
21:53:19.0834 3440 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:53:19.0849 3440 NtmsSvc - ok
21:53:19.0881 3440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:53:19.0881 3440 Null - ok
21:53:19.0912 3440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:53:19.0912 3440 NwlnkFlt - ok
21:53:19.0927 3440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:53:19.0927 3440 NwlnkFwd - ok
21:53:20.0037 3440 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:53:20.0052 3440 odserv - ok
21:53:20.0115 3440 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:53:20.0115 3440 ose - ok
21:53:20.0162 3440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:53:20.0162 3440 Parport - ok
21:53:20.0177 3440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:53:20.0177 3440 PartMgr - ok
21:53:20.0224 3440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:53:20.0224 3440 ParVdm - ok
21:53:20.0240 3440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:53:20.0240 3440 PCI - ok
21:53:20.0256 3440 PCIDump - ok
21:53:20.0287 3440 PCIIde - ok
21:53:20.0318 3440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:53:20.0318 3440 Pcmcia - ok
21:53:20.0334 3440 PDCOMP - ok
21:53:20.0349 3440 PDFRAME - ok
21:53:20.0381 3440 PDRELI - ok
21:53:20.0396 3440 PDRFRAME - ok
21:53:20.0427 3440 perc2 - ok
21:53:20.0443 3440 perc2hib - ok
21:53:20.0552 3440 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:53:20.0552 3440 PlugPlay - ok
21:53:20.0568 3440 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:53:20.0584 3440 PolicyAgent - ok
21:53:20.0615 3440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:53:20.0631 3440 PptpMiniport - ok
21:53:20.0631 3440 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:53:20.0631 3440 ProtectedStorage - ok
21:53:20.0662 3440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:53:20.0662 3440 PSched - ok
21:53:20.0693 3440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:53:20.0693 3440 Ptilink - ok
21:53:20.0724 3440 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:53:20.0724 3440 PxHelp20 - ok
21:53:20.0756 3440 ql1080 - ok
21:53:20.0771 3440 Ql10wnt - ok
21:53:20.0802 3440 ql12160 - ok
21:53:20.0818 3440 ql1240 - ok
21:53:20.0849 3440 ql1280 - ok
21:53:20.0865 3440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:53:20.0881 3440 RasAcd - ok
21:53:20.0912 3440 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:53:20.0912 3440 RasAuto - ok
21:53:20.0943 3440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:53:20.0943 3440 Rasl2tp - ok
21:53:20.0990 3440 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:53:20.0990 3440 RasMan - ok
21:53:21.0021 3440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:53:21.0021 3440 RasPppoe - ok
21:53:21.0037 3440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:53:21.0037 3440 Raspti - ok
21:53:21.0068 3440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:53:21.0068 3440 Rdbss - ok
21:53:21.0099 3440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:53:21.0099 3440 RDPCDD - ok
21:53:21.0146 3440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:53:21.0146 3440 rdpdr - ok
21:53:21.0193 3440 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:53:21.0209 3440 RDPWD - ok
21:53:21.0240 3440 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:53:21.0240 3440 RDSessMgr - ok
21:53:21.0271 3440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:53:21.0271 3440 redbook - ok
21:53:21.0318 3440 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:53:21.0318 3440 RemoteAccess - ok
21:53:21.0349 3440 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:53:21.0349 3440 RemoteRegistry - ok
21:53:21.0381 3440 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:53:21.0381 3440 RpcLocator - ok
21:53:21.0443 3440 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:53:21.0443 3440 RpcSs - ok
21:53:21.0474 3440 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:53:21.0474 3440 RSVP - ok
21:53:21.0521 3440 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:53:21.0521 3440 SamSs - ok
21:53:21.0552 3440 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:53:21.0552 3440 SCardSvr - ok
21:53:21.0599 3440 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:53:21.0599 3440 Schedule - ok
21:53:21.0646 3440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:53:21.0646 3440 Secdrv - ok
21:53:21.0677 3440 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:53:21.0677 3440 seclogon - ok
21:53:21.0693 3440 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:53:21.0693 3440 SENS - ok
21:53:21.0724 3440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:53:21.0724 3440 Serial - ok
21:53:21.0787 3440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:53:21.0787 3440 Sfloppy - ok
21:53:21.0818 3440 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:53:21.0834 3440 SharedAccess - ok
21:53:21.0881 3440 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:53:21.0881 3440 ShellHWDetection - ok
21:53:21.0896 3440 Simbad - ok
21:53:21.0927 3440 Sparrow - ok
21:53:21.0974 3440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:53:21.0974 3440 splitter - ok
21:53:22.0021 3440 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:53:22.0021 3440 Spooler - ok
21:53:22.0052 3440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:53:22.0052 3440 sr - ok
21:53:22.0099 3440 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:53:22.0099 3440 srservice - ok
21:53:22.0162 3440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:53:22.0162 3440 Srv - ok
21:53:22.0209 3440 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:53:22.0209 3440 SSDPSRV - ok
21:53:22.0302 3440 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
21:53:22.0334 3440 STHDA - ok
21:53:22.0396 3440 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:53:22.0396 3440 stisvc - ok
21:53:22.0474 3440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:53:22.0474 3440 swenum - ok
21:53:22.0521 3440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:53:22.0521 3440 swmidi - ok
21:53:22.0537 3440 SwPrv - ok
21:53:22.0568 3440 symc810 - ok
21:53:22.0584 3440 symc8xx - ok
21:53:22.0615 3440 sym_hi - ok
21:53:22.0646 3440 sym_u3 - ok
21:53:22.0677 3440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:53:22.0677 3440 sysaudio - ok
21:53:22.0709 3440 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:53:22.0709 3440 SysmonLog - ok
21:53:22.0756 3440 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:53:22.0771 3440 TapiSrv - ok
21:53:22.0818 3440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:53:22.0818 3440 Tcpip - ok
21:53:22.0849 3440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:53:22.0849 3440 TDPIPE - ok
21:53:22.0881 3440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:53:22.0881 3440 TDTCP - ok
21:53:22.0912 3440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:53:22.0912 3440 TermDD - ok
21:53:22.0943 3440 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:53:22.0959 3440 TermService - ok
21:53:22.0974 3440 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:53:22.0974 3440 Themes - ok
21:53:23.0021 3440 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:53:23.0021 3440 TlntSvr - ok
21:53:23.0037 3440 TosIde - ok
21:53:23.0084 3440 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:53:23.0084 3440 TrkWks - ok
21:53:23.0131 3440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:53:23.0146 3440 Udfs - ok
21:53:23.0146 3440 ultra - ok
21:53:23.0177 3440 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
21:53:23.0177 3440 UMWdf - ok
21:53:23.0224 3440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:53:23.0224 3440 Update - ok
21:53:23.0256 3440 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:53:23.0271 3440 upnphost - ok
21:53:23.0271 3440 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:53:23.0287 3440 UPS - ok
21:53:23.0334 3440 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:53:23.0349 3440 usbaudio - ok
21:53:23.0365 3440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:53:23.0365 3440 usbehci - ok
21:53:23.0396 3440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:53:23.0396 3440 usbhub - ok
21:53:23.0459 3440 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:53:23.0459 3440 usbprint - ok
21:53:23.0490 3440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:53:23.0490 3440 usbscan - ok
21:53:23.0521 3440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:53:23.0521 3440 USBSTOR - ok
21:53:23.0568 3440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:53:23.0568 3440 usbuhci - ok
21:53:23.0584 3440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:53:23.0584 3440 VgaSave - ok
21:53:23.0599 3440 ViaIde - ok
21:53:23.0662 3440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:53:23.0662 3440 VolSnap - ok
21:53:23.0693 3440 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:53:23.0709 3440 VSS - ok
21:53:23.0740 3440 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:53:23.0740 3440 W32Time - ok
21:53:23.0787 3440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:53:23.0787 3440 Wanarp - ok
21:53:23.0802 3440 WDICA - ok
21:53:23.0834 3440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:53:23.0834 3440 wdmaud - ok
21:53:23.0881 3440 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:53:23.0881 3440 WebClient - ok
21:53:23.0974 3440 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:53:23.0974 3440 winmgmt - ok
21:53:24.0068 3440 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
21:53:24.0068 3440 WmdmPmSN - ok
21:53:24.0146 3440 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:53:24.0146 3440 Wmi - ok
21:53:24.0209 3440 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:53:24.0209 3440 WmiApSrv - ok
21:53:24.0256 3440 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:53:24.0256 3440 WS2IFSL - ok
21:53:24.0287 3440 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:53:24.0287 3440 wscsvc - ok
21:53:24.0381 3440 WSWNA3100 (76fbefab6677af9c498116f1aaea8bdb) C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
21:53:24.0381 3440 WSWNA3100 - ok
21:53:24.0459 3440 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:53:24.0459 3440 wuauserv - ok
21:53:24.0506 3440 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:53:24.0521 3440 WZCSVC - ok
21:53:24.0568 3440 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:53:24.0568 3440 xmlprov - ok
21:53:24.0646 3440 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:53:25.0146 3440 \Device\Harddisk0\DR0 - ok
21:53:25.0146 3440 Boot (0x1200) (d79bc9511041b415b7043a2ccd78db38) \Device\Harddisk0\DR0\Partition0
21:53:25.0146 3440 \Device\Harddisk0\DR0\Partition0 - ok
21:53:25.0162 3440 ============================================================
21:53:25.0162 3440 Scan finished
21:53:25.0162 3440 ============================================================
21:53:25.0209 5528 Detected object count: 0
21:53:25.0209 5528 Actual detected object count: 0


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## sammy221 (Jun 24, 2012)

Double-clicking the errors does nothing. Tried a right-click to view properties, none are available.....?


----------



## Cookiegal (Aug 27, 2003)

Double-clicking the error does something, you just don't see it doing anything. It copies the error to the clipboard then when you open Notepad you just right-click and "paste" and it will appear.


----------



## sammy221 (Jun 24, 2012)

I tried that, the option to paste into Notepad is not available.


----------



## Cookiegal (Aug 27, 2003)

Try by the menu bar at the top "Edit" "Paste".


----------



## sammy221 (Jun 24, 2012)

When I select an error, I do not have that option. Refresh, Properties, and Help are the only actions I have available. Properties tells me "No properties are available on this object."


----------



## Cookiegal (Aug 27, 2003)

That sounds like the "action" tab on the main error page. You aren't supposed to just highlight the error, you have to double-click on it to open it. Do you see the button that looks like two pieces of paper?


----------



## sammy221 (Jun 24, 2012)

No, I don't. When I double click the error to open, nothing happens.


----------



## Cookiegal (Aug 27, 2003)

Uninstall this update (the Windows Installer) because we're going to try a system restore and it may break the Windows Installer which was installed after the date we want to restore to...you can reinstall it afterward) via Add or Remove Programs in the Control Panel:

KB942288-v3

Then try a System Restore to June 22nd, before this problem started. To do that, go to *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Restore My Computer to an Earlier Time* and click the Next button and follow the prompts to select the date and restore the system.

Let me know if that solves the problem.


----------



## sammy221 (Jun 24, 2012)

Do I need to be worried about any files that have been put on the computer since that date?


----------



## Cookiegal (Aug 27, 2003)

It depends what type of files. A system restore will not affect personal files such as e-mail, documents or photos but it changes system files and settings. Also, if any programs have been installed since the restore point used they may be broken and would have to be reinstalled. That's why it's best to uninstall anything that's been installed since then and reinstall it after the restore. A system restore can be undone (*provided it's not done in safe mode*) but that may not fix a broken update or program.

But, as always, it's best to back up everything important to some type of media outside of the computer itself such as an external hard drive and/or CDs.


----------



## sammy221 (Jun 24, 2012)

Performed the update uninstall and attempted the restore. The computer went through the restart and I got this message:

Your computer cannot be restored to:
Friday June 22 2012
System Checkpoint

No changes have been made to your computer.


----------



## Cookiegal (Aug 27, 2003)

Try one more just to see if that might be a faulty one.


----------



## sammy221 (Jun 24, 2012)

Nope, same result. Wondering if you're becoming as frustrated as I am.


----------



## Cookiegal (Aug 27, 2003)

Little bit...

Please see if you can uninstall jzip.

Do you recognize these?

c:\documents and settings\poopy\local settings\application data\PackageAware
c:\program files\OApps


----------



## sammy221 (Jun 24, 2012)

Why jzip? I've had that on my computer for some time. I removed 7zip back when all this started.

No, I don't know what either of those folders is doing on the computer.


----------



## Cookiegal (Aug 27, 2003)

Because it looked like that was what you had installed that caused the problem instead of 7-zip and also because the toolbar is considered malware. 7-zip is a legitimate program but you need to download it from a reliable source.

Open Notepad and copy and paste the text in the code box below into it:


```
Folder::
c:\documents and settings\All Users\Application Data\blekko toolbars

DirLook::
c:\program files\OApps
c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## sammy221 (Jun 24, 2012)

ComboFix ran an update before scanning, I assume that won't affect the process.

ComboFix 12-07-14.01 - Poopy 07/15/2012 14:25:01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.716 [GMT -5:00]
Running from: c:\documents and settings\Poopy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Poopy\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\blekko toolbars
c:\program files\OApps
c:\program files\OApps\config.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-05 00:10 . 2012-07-05 00:10 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-07-05 00:10 . 2012-07-05 00:10 -------- d-----w- c:\program files\Common Files\xing shared
2012-07-05 00:09 . 2012-07-05 00:09 150736 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-07-05 00:09 . 2012-07-05 00:09 129176 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-24 15:37 . 2012-06-24 15:37 -------- d-----w- c:\documents and settings\Poopy\Application Data\Malwarebytes
2012-06-24 15:37 . 2012-06-24 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-24 15:37 . 2012-06-24 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-24 15:37 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 06:11 . 2012-06-24 06:11 -------- d-----w- c:\program files\Common Files\Stardock
2012-06-24 06:10 . 2012-06-24 06:10 -------- d-----w- c:\program files\2K Games
2012-06-24 06:01 . 2012-06-24 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Gibraltar
2012-06-23 21:30 . 2012-06-23 21:30 -------- d-----w- c:\documents and settings\Poopy\Application Data\Stardock
2012-06-23 21:29 . 2012-06-24 17:13 -------- d-----w- c:\program files\GameStop App
2012-06-23 21:29 . 2012-06-23 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\GameStop
2012-06-23 21:15 . 2008-04-14 00:12 78848 ----a-w- c:\windows\system32\msiexec.exe
2012-06-23 21:15 . 2008-04-14 00:11 2843136 ----a-w- c:\windows\system32\msi.dll
2012-06-23 21:15 . 2008-04-14 00:11 271360 ----a-w- c:\windows\system32\msihnd.dll
2012-06-23 21:15 . 2008-04-14 00:11 15360 ----a-w- c:\windows\system32\msisip.dll
2012-06-23 21:15 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\msimsg.dll
2012-06-23 21:02 . 2012-06-23 21:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}
2012-06-23 21:01 . 2012-06-23 21:01 -------- d-----w- c:\documents and settings\Poopy\Local Settings\Application Data\PackageAware
2012-06-23 20:56 . 2012-06-23 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 09:20 . 2012-04-01 18:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 09:20 . 2011-07-15 00:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 00:09 . 2011-07-10 23:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-05 00:09 . 2011-07-10 23:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-15 00:17 . 2012-01-04 01:39 1809 ----a-w- c:\windows\wininit.tmp
2012-06-02 20:19 . 2011-07-11 00:38 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2011-07-11 00:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2011-07-10 22:47 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2011-07-10 22:47 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2011-07-10 22:47 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2011-07-11 00:38 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2011-07-11 00:38 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2011-07-10 22:47 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2011-07-10 22:47 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2011-07-11 00:38 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2011-07-10 22:47 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2011-07-10 22:47 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-10 11:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-07-10 22:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-01-13 23:25 . 2011-07-15 00:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6} ----
.
2012-06-23 21:29 . 2012-06-23 21:29 94 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\instance.dat
2012-06-23 21:29 . 2012-06-23 21:29 262 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\GameStopApp_setup.dat
2012-06-23 21:29 . 2012-06-23 21:29 142 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\GameStopApp_setup.lnk
2012-06-23 21:29 . 2012-06-23 21:29 1609 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\GameStopApp_setup.par
2012-06-23 21:29 . 2012-06-14 15:10 590523 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\mia.lib
2012-06-23 21:29 . 2012-04-18 18:56 66010 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\setup.bmp
2012-06-23 21:29 . 2012-06-14 15:10 311296 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\GameStopApp_setup.msi
2012-06-23 21:29 . 2012-06-14 15:10 3325394 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\GameStopApp_setup.res
2012-06-23 21:29 . 2012-06-14 15:10 3576344 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\GameStopApp_setup.exe
2012-06-23 21:29 . 2012-06-23 21:29 0 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}
2012-06-23 21:02 . 2012-06-23 21:02 0 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\{79B7B63C-5992-4F92-9E81-21B6907F23B6}
2012-06-23 21:01 . 2012-06-14 15:07 592040 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\app.dat
2012-06-23 21:01 . 2012-04-12 00:21 357 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\ImpulseSelfRefresh.exe.config
2012-06-23 21:01 . 2012-06-14 15:06 357 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\CleanGSA.exe.config
2012-06-23 21:01 . 2012-06-14 15:06 8861 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\GSANative.exe.config
2012-06-23 21:01 . 2012-06-14 15:06 355 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\ImpulseSelfRefresh.exe.config
2012-06-23 21:01 . 2012-06-14 15:06 120832 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\VistaBridgeLibrary.dll
2012-06-23 21:01 . 2012-06-14 15:06 174080 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\VDialog.dll
2012-06-23 21:01 . 2012-06-14 15:06 24576 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\SDSecurity.dll
2012-06-23 21:01 . 2012-06-14 15:06 34816 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Stardock.Central.Security.dll
2012-06-23 21:01 . 2012-06-14 15:06 17920 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\StardockCentralDSkin.dll
2012-06-23 21:01 . 2012-06-14 15:06 144696 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Sd.Zip.dll
2012-06-23 21:01 . 2012-06-14 15:06 71680 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Sd.UI.dll
2012-06-23 21:01 . 2012-06-14 15:06 43008 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Sd.Uninstall.dll
2012-06-23 21:01 . 2012-06-14 15:06 182272 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Sd.Web.dll
2012-06-23 21:01 . 2012-06-14 15:06 5632 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\469993E5\Sd.Irc.resources.dll
2012-06-23 21:01 . 2012-06-14 15:06 112640 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Sd.InstallManager.dll
2012-06-23 21:01 . 2012-06-14 15:06 215040 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Sd.Irc.dll
2012-06-23 21:01 . 2012-06-14 15:06 71680 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Sd.dll
2012-06-23 21:01 . 2012-06-14 15:06 235520 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Sd.Common.XmlSerializers.dll
2012-06-23 21:01 . 2012-06-14 15:06 534528 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Sd.Common.dll
2012-06-23 21:01 . 2012-06-14 15:06 55296 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Sd.Central.Archive.dll
2012-06-23 21:01 . 2012-06-14 15:06 395264 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\sd.central.cvp.server.dll
2012-06-23 21:01 . 2012-06-14 15:06 388608 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Newtonsoft.Json.dll
2012-06-23 21:01 . 2012-06-14 15:06 120832 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\MyDock.Util.dll
2012-06-23 21:01 . 2010-12-30 05:39 442368 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\mMSI.dll\mMSIExec.dll
2012-06-23 21:01 . 2012-06-14 15:06 491312 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Microsoft.WindowsAPICodePack.Shell.dll
2012-06-23 21:01 . 2012-06-14 15:06 87344 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Microsoft.WindowsAPICodePack.dll
2012-06-23 21:01 . 2010-12-30 05:39 101888 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
2012-06-23 21:01 . 2012-06-14 15:06 620544 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\libGLESv2.dll
2012-06-23 21:01 . 2012-06-14 15:06 111104 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\libEGL.dll
2012-06-23 21:01 . 2012-06-14 15:06 20252160 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\libcef.dll
2012-06-23 21:01 . 2012-06-14 15:06 51200 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Interop.IWshRuntimeLibrary.dll
2012-06-23 21:01 . 2012-06-14 15:06 37096 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Interop.ShockwaveFlashObjects.dll
2012-06-23 21:01 . 2012-06-14 15:06 1433856 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\ImpulseReactor.dll
2012-06-23 21:01 . 2012-06-14 15:06 9949184 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\icudt.dll
2012-06-23 21:01 . 2012-06-14 15:06 190464 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\ICSharpCode.SharpZipLib.dll
2012-06-23 21:01 . 2012-06-14 15:06 14056 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\DeElevator64.dll
2012-06-23 21:01 . 2012-06-14 15:06 3582744 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Gibraltar.Agent.dll
2012-06-23 21:01 . 2012-06-14 15:06 15080 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\DeElevator.dll
2012-06-23 21:01 . 2012-06-14 15:06 1998168 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\d3dx9_43.dll
2012-06-23 21:01 . 2012-06-14 15:06 2106216 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\d3dcompiler_43.dll
2012-06-23 21:01 . 2012-06-14 15:06 1011944 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Console.dll
2012-06-23 21:01 . 2012-06-14 15:06 117262 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\avutil-51.dll
2012-06-23 21:01 . 2012-06-14 15:06 33000 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\AxInterop.ShockwaveFlashObjects.dll
2012-06-23 21:01 . 2012-06-14 15:06 184846 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\avformat-53.dll
2012-06-23 21:01 . 2012-06-14 15:06 1093646 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\avcodec-53.dll
2012-06-23 21:01 . 2012-06-14 15:06 133944 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\7zxr.dll
2012-06-23 21:01 . 2012-06-14 15:06 867048 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\7z.dll
2012-06-23 21:01 . 2012-06-14 15:09 131360 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\ImpulseSelfRefresh.exe
2012-06-23 21:01 . 2012-06-14 15:06 71680 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\UninstHelper.exe
2012-06-23 21:01 . 2012-06-14 15:06 3086336 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\GSANative.exe
2012-06-23 21:01 . 2012-06-14 15:06 127768 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Gibraltar.Packager.exe
2012-06-23 21:01 . 2012-06-14 15:06 137216 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\GSAMini.exe
2012-06-23 21:01 . 2012-06-14 15:06 2039536 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\GameStopNow.exe
2012-06-23 21:01 . 2012-06-14 15:06 1173264 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\GameStopApp.exe
2012-06-23 21:01 . 2012-06-14 15:06 63488 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\CleanGSA.exe
2012-06-23 21:01 . 2012-06-14 15:06 440040 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\Activate.exe
2012-06-23 21:01 . 2011-09-27 19:30 61 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\1A14CC9A\impulse_logic.ini
2012-06-23 21:01 . 2012-06-04 18:45 59 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\1A14CC9A\impulse_main.ini
2012-06-23 21:01 . 2012-06-14 15:06 523064 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\7za.exe
2012-06-23 21:01 . 2011-09-27 19:30 61 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\1A14CC9A\impulse_images.ini
2012-06-23 21:01 . 2012-06-08 13:16 14711 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\wastelands.xml
2012-06-23 21:01 . 2010-08-26 15:24 3561 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\wc.xml
2012-06-23 21:01 . 2010-11-08 19:40 15055 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\zallag.xml
2012-06-23 21:01 . 2012-06-14 15:06 18724 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\7zip_license.txt
2012-06-23 21:01 . 2012-06-14 15:06 11804 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\eula.txt
2012-06-23 21:01 . 2012-06-14 15:06 1332 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\readme.txt
2012-06-23 21:01 . 2012-06-14 15:06 950 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393\sdsfresp.txt
2012-06-23 21:01 . 2012-04-02 19:30 13993 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\valve.xml
2012-06-23 21:01 . 2011-05-06 21:13 56093 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\viva.xml
2012-06-23 21:01 . 2008-08-23 18:50 12767 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\wargaming.xml
2012-06-23 21:01 . 2012-06-11 21:27 34526 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\warner.xml
2012-06-23 21:01 . 2011-04-21 17:34 8767 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\threedonkeys.xml
2012-06-23 21:01 . 2009-06-12 13:32 21153 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\tiltedm.xml
2012-06-23 21:01 . 2011-04-28 17:04 13058 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\timegate.xml
2012-06-23 21:01 . 2011-11-30 16:35 77648 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\topware.xml
2012-06-23 21:01 . 2012-05-02 17:51 10494 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\trion.xml
2012-06-23 21:01 . 2009-10-07 20:43 8760 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\trisynergy.xml
2012-06-23 21:01 . 2012-04-02 19:30 319603 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\ubi.xml
2012-06-23 21:01 . 2009-06-19 16:58 59136 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\stratfirst.xml
2012-06-23 21:01 . 2011-08-31 16:54 16118 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\tdesk.xml
2012-06-23 21:01 . 2012-04-02 19:30 111456 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\telltale.xml
2012-06-23 21:01 . 2012-06-12 18:17 168029 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\thq.xml
2012-06-23 21:01 . 2008-03-03 13:44 202 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\servers.xml
2012-06-23 21:01 . 2009-02-02 19:57 6432 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\siber.xml
2012-06-23 21:01 . 2009-06-22 17:39 6972 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\snowball.xml
2012-06-23 21:01 . 2012-04-02 19:30 5124 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\sony.xml
2012-06-23 21:01 . 2012-04-09 19:33 35781 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\squarenix.xml
2012-06-23 21:01 . 2012-05-18 12:50 33761 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\railsimulator.xml
2012-06-23 21:01 . 2012-04-02 19:30 2257 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\reverie.xml
2012-06-23 21:01 . 2010-01-28 17:32 2926 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\rlx.xml
2012-06-23 21:01 . 2011-08-31 16:54 20955 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\sap.xml
2012-06-23 21:01 . 2012-04-24 18:53 118546 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\sds.xml
2012-06-23 21:01 . 2012-06-05 18:32 199094 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\sega.xml
2012-06-23 21:01 . 2012-05-21 12:26 22550 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\playrix.xml
2012-06-23 21:01 . 2012-02-27 20:51 57795 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\popcap.xml
2012-06-23 21:01 . 2012-05-17 16:04 38778 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\positech.xml
2012-06-23 21:01 . 2012-06-07 19:38 264391 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\prima.xml
2012-06-23 21:01 . 2012-06-11 17:11 422705 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\paradox.xml
2012-06-23 21:01 . 2011-02-18 18:30 49339 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\namco.xml
2012-06-23 21:01 . 2012-05-11 17:18 12630 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\ncsoft.xml
2012-06-23 21:01 . 2012-06-12 22:04 41050 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\networks.xml
2012-06-23 21:01 . 2008-10-17 15:22 18308 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\nival.xml
2012-06-23 21:01 . 2011-03-17 16:56 5879 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\oddworld.xml
2012-06-23 21:01 . 2012-01-25 15:27 250904 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\odnt.xml
2012-06-23 21:01 . 2009-10-08 21:35 44 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\myoffice.xml
2012-06-23 21:01 . 2012-05-29 19:40 39940 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\n3vgames.xml
2012-06-23 21:01 . 2012-03-22 19:32 13773 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\muzzylane.xml
2012-06-23 21:01 . 2010-03-03 15:32 822547 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\MyColors.xml
2012-06-23 21:01 . 2009-06-19 16:47 29936 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\merscom.xml
2012-06-23 21:01 . 2012-05-02 14:58 77883 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\microids.xml
2012-06-23 21:01 . 2012-04-02 19:30 11264 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\microsoft.xml
2012-06-23 21:01 . 2011-05-25 13:47 110453 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\mumbojumbo.xml
2012-06-23 21:01 . 2010-08-26 15:24 2504 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\isv.xml
2012-06-23 21:01 . 2012-06-12 21:24 180426 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\kalypso.xml
2012-06-23 21:01 . 2012-04-02 19:30 19968 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\legacy.xml
2012-06-23 21:01 . 2010-11-15 13:43 44643 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\light.xml
2012-06-23 21:01 . 2012-04-19 18:58 294178 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\meridian4.xml
2012-06-23 21:01 . 2011-10-03 13:06 47892 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\interplay.xml
2012-06-23 21:01 . 2009-01-30 18:13 8226 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\iolo.xml
2012-06-23 21:01 . 2012-04-02 19:30 2752 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\igs.xml
2012-06-23 21:01 . 2012-06-05 15:34 7420 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\impulse.xml
2012-06-23 21:01 . 2012-06-11 15:52 1431677 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\indies.xml
2012-06-23 21:01 . 2009-10-08 21:35 44 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\futurem.xml
2012-06-23 21:01 . 2008-10-13 15:39 24808 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\gamehouse.xml
2012-06-23 21:01 . 2008-08-25 12:54 7097 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\gsoft.xml
2012-06-23 21:01 . 2012-04-02 19:30 59393 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\herinteractive.xml
2012-06-23 21:01 . 2009-04-30 21:03 18004 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\hothead.xml
2012-06-23 21:01 . 2012-06-11 15:54 66845 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\iceberg.xml
2012-06-23 21:01 . 2010-09-23 18:06 3302 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\ignition.xml
2012-06-23 21:01 . 2009-11-10 20:46 4662 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\eidos.xml
2012-06-23 21:01 . 2012-04-02 19:30 17409 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\encore.xml
2012-06-23 21:01 . 2011-08-24 22:07 37417 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\enl.xml
2012-06-23 21:01 . 2009-05-08 14:29 30665 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\epic.xml
2012-06-23 21:01 . 2012-06-12 22:04 93559 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\focushome.xml
2012-06-23 21:01 . 2010-09-27 11:50 11188 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\freestuff.xml
2012-06-23 21:01 . 2012-05-04 16:49 121600 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\drengin.xml
2012-06-23 21:01 . 2012-06-12 18:05 261290 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\ea.xml
2012-06-23 21:01 . 2009-07-20 13:52 5292 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\d3p.xml
2012-06-23 21:01 . 2012-04-02 19:30 10478 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\deepsilver.xml
2012-06-23 21:01 . 2012-04-02 19:30 14778 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\devolver.xml
2012-06-23 21:01 . 2012-04-02 19:30 53819 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\dgf.xml
2012-06-23 21:01 . 2011-01-13 15:46 8769 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\digironin.xml
2012-06-23 21:01 . 2012-04-02 19:30 5020 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\disney.xml
2012-06-23 21:01 . 2012-06-11 13:37 167871 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\dreamcatch.xml
2012-06-23 21:01 . 2010-11-10 18:43 4489 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\cdv.xml
2012-06-23 21:01 . 2010-02-24 19:39 94583 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\cinemaware.xml
2012-06-23 21:01 . 2009-11-13 21:44 5346 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\clearcrown.xml
2012-06-23 21:01 . 2011-03-28 17:03 27995 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\corel.xml
2012-06-23 21:01 . 2011-07-22 13:30 20652 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\cyan.xml
2012-06-23 21:01 . 2008-08-25 00:44 23549 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\cypron.xml
2012-06-23 21:01 . 2009-10-08 21:38 8729 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\avg.xml
2012-06-23 21:01 . 2012-03-23 19:46 76668 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\bethesda.xml
2012-06-23 21:01 . 2011-10-21 15:08 34241 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\blitzgames.xml
2012-06-23 21:01 . 2012-04-12 15:15 16031 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\bohemia.xml
2012-06-23 21:01 . 2012-05-18 13:06 71337 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\capcom.xml
2012-06-23 21:01 . 2012-04-19 17:05 14572  -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\cdp.xml
2012-06-23 21:01 . 2009-10-08 21:34 44 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\akella.xml
2012-06-23 21:01 . 2008-08-23 18:42 5283 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\alawar.xml
2012-06-23 21:01 . 2008-11-03 15:04 2463 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\amd.xml
2012-06-23 21:01 . 2010-03-25 13:34 15103 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\apogee.xml
2012-06-23 21:01 . 2012-06-04 18:57 105247 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\atari.xml
2012-06-23 21:01 . 2010-05-21 14:23 50632 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\auran.xml
2012-06-23 21:01 . 2012-06-11 17:10 130820 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\2kg.xml
2012-06-23 21:01 . 2012-04-02 19:30 2972 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\7sixty.xml
2012-06-23 21:01 . 2012-06-05 19:29 97765 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\activision.xml
2012-06-23 21:01 . 2012-05-07 16:17 128224 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB\1c.xml
2012-06-23 21:01 . 2012-06-14 15:06 1406 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\icon_update.ico
2012-06-23 21:01 . 2012-06-14 15:06 151 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\imp_right.png
2012-06-23 21:01 . 2012-06-14 15:06 10211 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\imp_top.png
2012-06-23 21:01 . 2012-06-14 15:06 358 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\separator.png
2012-06-23 21:01 . 2012-06-14 15:06 24431 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\user_logo.png
2012-06-23 21:01 . 2012-06-14 15:06 4805 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\user_pic.png
2012-06-23 21:01 . 2012-06-14 15:06 360 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\btn_buynow_over.png
2012-06-23 21:01 . 2012-06-14 15:06 442 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\btn_buynow_up.png
2012-06-23 21:01 . 2012-06-14 15:06 1088 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\btn_close2_overdown.png
2012-06-23 21:01 . 2012-06-14 15:06 1017 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\btn_close2_up.png
2012-06-23 21:01 . 2012-06-14 15:06 410 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\btn_close_down.png
2012-06-23 21:01 . 2012-06-14 15:06 402 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\btn_close_over.png
2012-06-23 21:01 . 2012-06-14 15:06 400 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\btn_close_up.png
2012-06-23 21:01 . 2012-06-14 15:06 2486 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\imp_bottom.png
2012-06-23 21:01 . 2012-06-14 15:06 828 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\imp_left.png
2012-06-23 21:01 . 2012-06-14 15:06 27350 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\imp_middle.png
2012-06-23 21:01 . 2012-06-14 15:06 21130 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\about.png
2012-06-23 21:01 . 2012-06-14 15:06 436 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867\btn_buynow_down.png
2012-06-23 21:01 . 2012-06-14 15:06 2849 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\zh-TW.pak
2012-06-23 21:01 . 2012-06-14 15:06 2979 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\sl.pak
2012-06-23 21:01 . 2012-06-14 15:06 4935 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\sr.pak
2012-06-23 21:01 . 2012-06-14 15:06 3026 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\sv.pak
2012-06-23 21:01 . 2012-06-14 15:06 2988 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\sw.pak
2012-06-23 21:01 . 2012-06-14 15:06 7909 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\ta.pak
2012-06-23 21:01 . 2012-06-14 15:06 7575 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\te.pak
2012-06-23 21:01 . 2012-06-14 15:06 5893 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\th.pak
2012-06-23 21:01 . 2012-06-14 15:06 3060 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\tr.pak
2012-06-23 21:01 . 2012-06-14 15:06 4743 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\uk.pak
2012-06-23 21:01 . 2012-06-14 15:06 3644 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\vi.pak
2012-06-23 21:01 . 2012-06-14 15:06 2730 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\zh-CN.pak
2012-06-23 21:01 . 2012-06-14 15:06 3361 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\ko.pak
2012-06-23 21:01 . 2012-06-14 15:06 3310 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\lt.pak
2012-06-23 21:01 . 2012-06-14 15:06 3300 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\lv.pak
2012-06-23 21:01 . 2012-06-14 15:06 8878 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\ml.pak
2012-06-23 21:01 . 2012-06-14 15:06 6227 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\mr.pak
2012-06-23 21:01 . 2012-06-14 15:06 2964 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\nb.pak
2012-06-23 21:01 . 2012-06-14 15:06 3106 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\nl.pak
2012-06-23 21:01 . 2012-06-14 15:06 3113 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\pl.pak
2012-06-23 21:01 . 2012-06-14 15:06 3133 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\pt-BR.pak
2012-06-23 21:01 . 2012-06-14 15:06 3168 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\pt-PT.pak
2012-06-23 21:01 . 2012-06-14 15:06 3447 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\ro.pak
2012-06-23 21:01 . 2012-06-14 15:06 4933 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\ru.pak
2012-06-23 21:01 . 2012-06-14 15:06 3248 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\sk.pak
2012-06-23 21:01 . 2012-06-14 15:06 3026 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\fi.pak
2012-06-23 21:01 . 2012-06-14 15:06 3452 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\fil.pak
2012-06-23 21:01 . 2012-06-14 15:06 3364 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\fr.pak
2012-06-23 21:01 . 2012-06-14 15:06 6658 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\gu.pak
2012-06-23 21:01 . 2012-06-14 15:06 3468 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\he.pak
2012-06-23 21:01 . 2012-06-14 15:06 6511 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\hi.pak
2012-06-23 21:01 . 2012-06-14 15:06 3050 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\hr.pak
2012-06-23 21:01 . 2012-06-14 15:06 3383 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\hu.pak
2012-06-23 21:01 . 2012-06-14 15:06 2932 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\id.pak
2012-06-23 21:01 . 2012-06-14 15:06 3105 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\it.pak
2012-06-23 21:01 . 2012-06-14 15:06 4194 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\ja.pak
2012-06-23 21:01 . 2012-06-14 15:06 7517 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\kn.pak
2012-06-23 21:01 . 2012-06-14 15:06 3284 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\cs.pak
2012-06-23 21:01 . 2012-06-14 15:06 2924 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\da.pak
2012-06-23 21:01 . 2012-06-14 15:06 3409 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\de.pak
2012-06-23 21:01 . 2012-06-14 15:06 5477 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\el.pak
2012-06-23 21:01 . 2012-06-14 15:06 2794 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\en-GB.pak
2012-06-23 21:01 . 2012-06-14 15:06 2798 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\en-US.pak
2012-06-23 21:01 . 2012-06-14 15:06 3284 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\es-419.pak
2012-06-23 21:01 . 2012-06-14 15:06 3415 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\es.pak
2012-06-23 21:01 . 2012-06-14 15:06 2997 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\et.pak
2012-06-23 21:01 . 2012-06-14 15:06 4660 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\fa.pak
2012-06-23 21:01 . 2012-06-14 15:06 2292280 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588\chrome.pak
2012-06-23 21:01 . 2012-06-14 15:06 5292 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\bg.pak
2012-06-23 21:01 . 2012-06-14 15:06 6818 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\bn.pak
2012-06-23 21:01 . 2012-06-14 15:06 3312 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\ca.pak
2012-06-23 21:01 . 2012-06-14 15:06 3454 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\am.pak
2012-06-23 21:01 . 2012-06-14 15:06 4817 -c--a-w- c:\documents and settings\All Users\Application Data\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA\ar.pak
.
---- Directory of c:\program files\OApps ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_20.35.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-12 09:20 . 2012-07-12 09:20 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-07-12 08:20 . 2012-07-12 08:20 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
+ 2012-07-12 08:20 . 2012-07-12 08:20 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
+ 2012-04-01 18:12 . 2012-07-12 09:20 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-15 15:56 . 2012-07-15 17:07 7176664 c:\windows\system32\Restore\rstrlog.dat
+ 2012-07-12 09:20 . 2012-07-12 09:20 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-07-05 296096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 301248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [7/10/2011 6:55 PM 642432]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [7/10/2011 6:55 PM 278528]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 1:12 PM 250056]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:20]
.
2012-07-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-725345543-748979477-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 17:00]
.
2012-07-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-725345543-748979477-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 17:00]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 216.138.0.4 216.138.27.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-15 14:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-07-15 14:34:50
ComboFix-quarantined-files.txt 2012-07-15 19:34
ComboFix2.txt 2012-07-07 20:41
.
Pre-Run: 134,269,898,752 bytes free
Post-Run: 134,269,947,904 bytes free
.
- - End Of File - - 8F28C4E68B6D6BECC4AF6D65B9DAB2E4


----------



## Cookiegal (Aug 27, 2003)

No, that was fine to let it update.

Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## sammy221 (Jun 24, 2012)

I cannot get IE to run. I can't run the scan in Firefox?


----------



## Cookiegal (Aug 27, 2003)

Yes, apparently you can use Firefox now.


----------



## sammy221 (Jun 24, 2012)

ESET scan log:


[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2566e8a99913144e8fac0941dab2c549
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-15 11:22:08
# local_time=2012-07-15 06:22:08 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 14012161 14012161 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=67852
# found=0
# cleaned=0
# scan_time=3120


----------



## Cookiegal (Aug 27, 2003)

Do you have your Windows XP installation disk?


----------



## sammy221 (Jun 24, 2012)

Yes.


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *and type in:

*sfc /scannow*

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. You may be prompted to insert the installation CD


----------



## sammy221 (Jun 24, 2012)

Complete. Is there a log file for the scan you need to see?


----------



## Cookiegal (Aug 27, 2003)

No. Did it replace any files? Has anything changed?


----------



## sammy221 (Jun 24, 2012)

It did not give me any notification that files were replaced. No change otherwise.


----------



## Cookiegal (Aug 27, 2003)

Try running number 20 at the following link. It's a registry file. Right-click number 20 and select "save link as" and save the file to your desktop. Then. double-click the file on your desktop and allow it to merge into the registry.

http://www.kellys-korner-xp.com/xp_tweaks.htm

Reboot after and let me know if the desktop icons work now.


----------



## sammy221 (Jun 24, 2012)

No, they still don't work. FYI, the system icons (My Computer, Recycle Bin, etc.) have always worked on double-click... everything I have installed on the machine requires me to right-click to open, along with all the Start Menu shortcuts.


----------



## sammy221 (Jun 24, 2012)

I still have not gotten rid of AVG and jZip and installed the recommended programs instead, I don't know that it will help the current problem but I will do that if you think I should.


----------



## Cookiegal (Aug 27, 2003)

No, that's fine for now.

Are you able to open word documents with double-clicking?


----------



## sammy221 (Jun 24, 2012)

No. Can open Notepad files on double click.


----------



## Cookiegal (Aug 27, 2003)

Let's try this fix to restore the lnk file associations.

Click *HERE* to download the fix and save it to your desktop.

Right-click the zipped file and select *Extract All...*

Double-click the .reg file that you extracted and allow it to merge into the registry.

Reboot your computer and let me know if the desktop icons work now.


----------



## sammy221 (Jun 24, 2012)

YES!!!! It works. Cookiegal, thank you for all your efforts, and your patience. I will definitely visit the donation page, or maybe the store. Thanks again!


----------



## Cookiegal (Aug 27, 2003)

Glad to hear it. :up:

Please post a new HijackThis log so I can see if anything there still needs to be addressed.


----------



## sammy221 (Jun 24, 2012)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:46:31 PM, on 7/18/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\stsystra.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Poopy\Desktop\TechGuy stuff\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - Global Startup: NETGEAR WNA3100 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1310344557625
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe

--
End of file - 5444 bytes


----------



## Cookiegal (Aug 27, 2003)

Everything looks fine there.

Here are some final instructions for you.

As with any infection, I recommend that you change all passwords for logging into to sites that you use on your computer as a precaution.

Please open OTS again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTS program.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## sammy221 (Jun 24, 2012)

and done. Thanks again for all your help!


----------



## Cookiegal (Aug 27, 2003)

It was my pleasure.


----------

