Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Have I got a virus? (Can't install any antivirus)  (Read 17900 times)

0 Members and 1 Guest are viewing this topic.

adamslack

    Topic Starter


    Greenhorn

    • Experience: Beginner
    • OS: Unknown
    Have I got a virus? (Can't install any antivirus)
    « on: June 16, 2012, 11:39:38 AM »
    Hi there, and a massive thank you in advance for any help I am given, whoever you may be you are a legend!

    I think my computer has a virus, it started with the internet freezing up & giving me the dreaded egg timer of doom, and unable to click anything / bring up task manager. The only thing to do was turn off at the button and restart. This made me think I might have a virus. This computer used to be solely for making music and was not connected to the net, but my past PC was rubbish so as I'd upgraded my music PC i thought I'd use this for internet browsing. Foolishly I didn't think to update antivirus / antispyware etc, so didn't have a current antivirus installed, so i tried to install AVG, but it stalled near the end of installation and I had to turn off at the button. After this it would not reboot in normal mode so I started safe mode and removed it. I could then get back to normal mode but attempting to install other free antivirus programs i get the same problem - it freezes during installation, have to boot to safe mode, remove & only then get to normal again. This made me think maybe i've got a virus that blocks antivirus? I tried an online scanner but the same problem prevailed after.

    I have followed the steps in your sticky but the SUPERAntiSpyware did not make a log! It seems a bit different to the steps you explained to get the log - there is no tab that you specified in Preferences, but there is a View Scan Logs button which I can see but there's nothing in there! (even though it took 3 hours to complete the scan and removed about 466 threats!) so unfortunately I can't post this log. If there is any other way to reach this log then please advise but i presume rescanning wouldn't show the original threats etc. I've had a look in the Program Files folder but no logs saved in there.

    Anyway, here are the MBAM & DDS logs below, and thank you once again for any help!!!

    Adam

    MBAM:
    Quote
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.16.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    Adam :: ADAMPC01 [administrator]

    02/01/2002 03:40:43
    mbam-log-2002-01-02 (03-40-43).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 188165
    Time elapsed: 4 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    DDS
    Quote
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512  BrowserJavaVersion: 1.6.0_33
    Run by Adam at 4:22:05 on 2002-01-02
    Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1023.480 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\System32\MAFWTray.exe
    C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = localhost
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
    BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
    TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    uRun: [Google Update] "c:\documents and settings\adam\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [NvMixerTray] c:\program files\nvidia corporation\nvmixer\NvMixerTray.exe
    mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
    mRun: [MBM 5] "c:\program files\motherboard monitor 5\MBM5.EXE"
    mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
    mRun: [POINTER] point32.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
    mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
    mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
    mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [MAFWTaskbarApp] c:\windows\system32\MAFWTray.exe
    mRun: [HPPQVideo] "c:\program files\hp\scheduledlaunch\hp color laserjet cm1312 mfp series\bin\hppschlnch.exe" -r software\hewlett-packard\scheduledlaunch\CLJ_CM1312_MFP_Series -f PQOptimizerVideo.xml -o remindLater
    mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
    mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
    IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38174.1975
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{F2FD492D-366B-4857-95F7-2BB84E1F93F8} : DhcpNameServer = 192.168.0.1
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\adam\application data\mozilla\firefox\profiles\nie14n2c.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_GB&apn_uid=d26db9b6-c0dd-42c7-a54d-17822a26fcce&apn_ptnrs=^ABZ&apn_sauid=82DFD54E-D6E7-4E2D-9538-E3578EE848C4&apn_dtid=^YYYYYY^YY^GB&&q=
    FF - plugin: c:\documents and settings\adam\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: c:\windows\system32\npwmsdrm.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2007-6-24 160640]
    R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2007-6-24 5248]
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
    R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2004-6-19 10240]
    R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2005-1-15 11264]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-7-6 266328]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2006-1-15 33792]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2007-5-2 54520]
    S3 KORGUMDS;KORG USB MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [2005-4-14 12544]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120]
    S3 Powercore;PowerCore;c:\windows\system32\drivers\PCore.sys [2007-1-27 76800]
    S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys);c:\windows\system32\drivers\ScratchAmp.sys [2005-4-12 22912]
    .
    =============== Created Last 30 ================
    .
    2012-06-15 08:43:23   --------   d-----w-   c:\program files\Ask.com
    2012-06-15 08:43:21   --------   d-----w-   c:\documents and settings\adam\local settings\application data\AskToolbar
    2012-06-15 08:43:07   --------   d-----w-   c:\documents and settings\adam\local settings\application data\APN
    2012-06-15 08:42:37   --------   d-----w-   c:\documents and settings\all users\application data\Avira
    2012-06-15 07:42:15   33792   -c----w-   c:\windows\system32\dllcache\custsat.dll
    2012-06-15 07:40:41   --------   d-----w-   c:\windows\network diagnostic
    2012-06-15 07:40:39   144384   ------w-   c:\windows\system32\drivers\hdaudbus.sys
    2012-06-15 07:40:38   10240   ------w-   c:\windows\system32\drivers\sffp_mmc.sys
    2012-06-15 07:39:21   19569   ----a-w-   c:\windows\003160_.tmp
    2012-06-14 08:03:50   --------   d-----w-   c:\program files\AVG
    2012-06-13 20:22:00   --------   d-----w-   c:\documents and settings\all users\AVG Secure Search
    2012-06-13 19:30:02   --------   d--h--w-   c:\documents and settings\all users\application data\Common Files
    2012-06-13 19:16:30   --------   d-----w-   c:\documents and settings\all users\application data\MFAData
    2012-06-13 18:01:46   --------   d-----w-   c:\program files\Spybot - Search & Destroy
    2012-06-13 18:01:46   --------   d-----w-   c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2012-06-07 07:42:08   770384   ----a-w-   c:\program files\mozilla firefox\msvcr100.dll
    2012-06-07 07:42:08   421200   ----a-w-   c:\program files\mozilla firefox\msvcp100.dll
    2012-04-27 19:13:34   --------   d-----w-   c:\program files\Mozilla Maintenance Service
    2012-04-27 19:13:32   157600   ----a-w-   c:\program files\mozilla firefox\maintenanceservice_installer.exe
    2012-04-27 19:13:32   113120   ----a-w-   c:\program files\mozilla firefox\maintenanceservice.exe
    2012-04-19 18:00:57   277776   ----a-w-   c:\windows\system\Msvcrt.dll
    2012-04-19 18:00:57   25088   ----a-w-   c:\windows\ReWire.dll
    2012-04-19 18:00:56   --------   d-----w-   c:\program files\Propellerhead
    2012-04-19 04:50:26   24896   ----a-w-   c:\windows\system32\drivers\avgidshx.sys
    2012-03-31 00:03:54   --------   d-----w-   c:\documents and settings\adam\application data\PriceGong
    2012-03-19 17:20:11   624608   ----a-w-   c:\program files\mozilla firefox\gkmedias.dll
    2012-03-19 17:20:11   43488   ----a-w-   c:\program files\mozilla firefox\mozglue.dll
    2012-03-19 05:17:28   301248   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
    2012-02-22 05:25:32   235216   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
    2012-02-02 23:09:42   --------   d-----w-   c:\documents and settings\adam\application data\DVDVideoSoft
    2012-02-02 23:09:38   --------   d-----w-   c:\program files\common files\DVDVideoSoft
    2012-01-31 04:46:50   31952   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
    2012-01-29 22:14:08   --------   d-----w-   c:\documents and settings\all users\application data\regid.1986-12.com.adobe
    2012-01-29 21:33:58   --------   d-----w-   c:\windows\system32\wbem\AutoRecover
    2012-01-28 08:46:03   --------   d-----w-   c:\program files\Adobe CS5
    2012-01-27 09:06:06   33792   ------w-   c:\program files\messenger\custsat.dll
    2012-01-27 09:06:01   9728   ------w-   c:\windows\system32\rwnh.dll
    2012-01-27 09:06:01   9728   ------w-   c:\windows\system32\comsdupd.exe
    2012-01-27 09:06:01   53248   ------w-   c:\windows\system32\vbicodec.ax
    2012-01-27 09:06:01   239616   ------w-   c:\windows\system32\wstrenderer.ax
    2012-01-27 09:06:01   164352   ------w-   c:\windows\system32\wstpager.ax
    2012-01-27 09:06:01   10752   ------w-   c:\windows\system32\smtpapi.dll
    2012-01-27 09:00:30   19528   ----a-w-   c:\windows\002792_.tmp
    2012-01-27 09:00:12   26488   ----a-w-   c:\windows\system32\spupdsvc.exe
    2012-01-03 07:22:02   103864   ----a-w-   c:\program files\internet explorer\plugins\nppdf32.dll
    2011-12-29 07:57:37   --------   d-----w-   c:\program files\Amazon
    2011-12-27 10:06:51   --------   d-----w-   c:\documents and settings\adam\local settings\application data\cache
    2011-12-27 10:04:55   --------   d-----w-   c:\program files\VTech
    2011-12-27 10:04:55   --------   d-----w-   c:\documents and settings\all users\application data\VTech
    2011-12-23 13:32:08   17232   ----a-w-   c:\windows\system32\drivers\avgidsshimx.sys
    2011-12-23 13:32:06   24144   ----a-w-   c:\windows\system32\drivers\avgidsfilterx.sys
    2011-12-23 13:32:00   139856   ----a-w-   c:\windows\system32\drivers\avgidsdriverx.sys
    2011-12-11 21:45:17   --------   d-----w-   c:\documents and settings\adam\local settings\application data\PMB Files
    2011-12-11 21:45:13   --------   d-----w-   c:\documents and settings\all users\application data\PMB Files
    2011-12-11 21:44:41   --------   d-----w-   c:\program files\Pando Networks
    2011-12-11 12:46:24   --------   d-----w-   c:\documents and settings\adam\local settings\application data\WMTools Downloaded Files
    2011-10-23 10:16:47   --------   d-----w-   c:\documents and settings\adam\local settings\application data\CutePDF Writer
    2011-10-23 10:15:45   --------   d-----w-   c:\program files\GPLGS
    2011-10-23 10:14:46   87552   ----a-w-   c:\windows\system32\cpwmon2k.dll
    2011-10-23 10:14:34   --------   d-----w-   c:\program files\Acro Software
    2011-10-11 08:28:59   --------   d-----w-   c:\documents and settings\adam\.swt
    2011-10-11 08:28:48   --------   d-----w-   c:\documents and settings\adam\application data\Azureus
    2011-10-11 08:26:59   --------   d-----w-   c:\program files\Conduit
    2011-10-11 08:26:43   --------   d-----w-   c:\program files\Vuze
    2011-10-11 08:26:28   --------   d-----w-   c:\documents and settings\adam\local settings\application data\Conduit
    2011-10-11 08:26:27   --------   d-----w-   c:\documents and settings\adam\local settings\application data\Temp
    2011-09-30 19:24:03   --------   d-----w-   c:\documents and settings\adam\local settings\application data\HP
    2011-09-30 19:03:55   --------   d-----w-   c:\program files\common files\HP
    2011-09-30 19:03:50   --------   d-----w-   c:\program files\common files\Hewlett-Packard
    2011-09-30 19:02:57   241664   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\hpzpp5k4.DLL
    2011-09-30 19:02:53   59928   ----a-w-   c:\windows\system32\fxcompchannel.dll
    2011-09-30 19:02:30   15104   ----a-w-   c:\windows\system32\drivers\usbscan.sys
    2011-09-30 19:01:26   331776   ----a-w-   c:\windows\system32\hppcpr11.dll
    2011-09-30 19:01:25   26136   ----a-w-   c:\windows\system32\drivers\hpfxgen.sys
    2011-09-30 19:01:25   188416   ----a-w-   c:\windows\system32\hppcew11.dll
    2011-09-30 19:01:25   17432   ----a-w-   c:\windows\system32\drivers\hpfxbulk.sys
    2011-09-30 19:01:21   770048   ----a-w-   c:\windows\system32\hpptsp04.dll
    2011-09-30 19:01:21   729088   ----a-w-   c:\windows\system32\hpxp1312.dll
    2011-09-30 19:01:21   450560   ----a-w-   c:\windows\system32\hppasc11.dll
    2011-09-30 19:01:10   --------   d-----w-   c:\program files\HP
    2011-09-30 18:59:07   --------   d-----w-   c:\program files\common files\SWF Studio
    2011-09-30 18:56:09   --------   d-----w-   C:\HP_CM1312_series_full_solution_v5.0_AM-EMEA
    2011-02-18 23:40:50   773968   ----a-w-   c:\windows\system32\msvcr100.dll
    2009-08-06 19:24:18   21728   ----a-w-   c:\windows\system32\wucltui.dll.mui
    2009-08-06 19:24:12   15072   ----a-w-   c:\windows\system32\wuaucpl.cpl.mui
    2009-08-06 19:24:06   15064   ----a-w-   c:\windows\system32\wuapi.dll.mui
    2009-08-06 19:24:00   17632   ----a-w-   c:\windows\system32\wuaueng.dll.mui
    2009-07-12 11:11:20   670016   ----a-w-   c:\program files\common files\microsoft shared\vc\msdia90.dll
    2009-03-12 14:46:24   12288   ----a-r-   c:\windows\Twunk_32.dll
    2009-03-12 14:46:24   12288   ----a-r-   c:\windows\Twunk_16.dll
    2008-05-01 19:09:14   --------   d-----w-   c:\program files\East West
    2008-04-30 22:32:09   60160   ----a-w-   c:\windows\system32\drivers\drmk.sys
    2008-04-30 22:32:09   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys
    2008-04-30 22:27:36   815104   ----a-w-   c:\windows\system32\mafwcpl.exe
    2008-04-30 22:27:36   61440   ----a-w-   c:\windows\system32\MAFWCoIn.dll
    2008-04-30 22:27:36   26624   ----a-w-   c:\windows\system32\mafw.cpl
    2008-04-30 22:27:36   17920   ----a-w-   c:\windows\system32\defwasio.dll
    2008-04-30 22:27:36   17408   ----a-w-   c:\windows\system32\mafwpnl.dll
    2008-04-30 22:27:36   161920   ----a-w-   c:\windows\system32\drivers\deltafw.sys
    2008-04-30 22:27:36   16128   ----a-w-   c:\windows\system32\drivers\mafwboot.sys
    2008-04-30 22:27:36   155648   ----a-w-   c:\windows\system32\mafwTray.exe
    2008-04-30 22:27:16   --------   d-----w-   c:\program files\M-Audio Firewire Family
    2008-04-30 22:26:34   749568   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
    2008-04-30 22:26:34   69715   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
    2008-04-30 22:26:34   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
    2008-04-30 22:26:34   323716   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
    2008-04-30 22:26:34   274432   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
    2008-04-30 22:26:34   192644   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
    2008-04-30 22:26:34   180224   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
    2008-04-30 22:24:25   --------   d-----w-   c:\program files\CCleaner
    2008-04-14 04:39:26   24064   -c----w-   c:\windows\system32\dllcache\pidgen.dll
    2007-09-04 20:01:37   --------   d-----w-   C:\temp
    2007-08-31 22:34:11   --------   d-----w-   c:\program files\InterLok
    2007-08-31 22:33:30   --------   d-----w-   c:\program files\common files\Sonnox Oxford
    2007-06-24 18:59:30   5248   ----a-w-   c:\windows\system32\drivers\a347scsi.sys
    2007-06-24 18:59:30   160640   ----a-w-   c:\windows\system32\drivers\a347bus.sys
    2007-06-24 18:59:28   --------   d-----w-   c:\program files\Alcohol Soft
    2007-05-02 02:31:54   54520   ----a-w-   c:\windows\system32\drivers\iLokDrvr.sys
    2007-05-02 02:31:20   78648   ----a-w-   c:\windows\system32\drivers\TPkd.sys
    2007-04-30 07:35:57   --------   d-----w-   c:\documents and settings\adam\local settings\application data\Native Instruments
    2007-04-30 07:35:37   --------   d-----w-   c:\documents and settings\adam\application data\Audio Ease
    2007-04-30 07:28:17   --------   d-----w-   c:\documents and settings\all users\application data\Audio Ease
    2007-04-30 07:28:13   --------   d-----w-   c:\program files\Audio Ease
    2007-04-30 07:25:38   --------   d-----w-   c:\program files\common files\Native Instruments
    2007-04-24 09:33:00   114688   ----a-w-   c:\windows\system32\hplbdchn.dll
    2007-02-23 03:24:12   --------   d-----w-   c:\documents and settings\adam\local settings\application data\Help
    2007-02-19 22:49:13   12160   -c--a-w-   c:\windows\system32\dllcache\mouhid.sys
    2007-02-19 22:49:13   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
    2007-02-19 22:49:07   10368   ----a-w-   c:\windows\system32\drivers\hidusb.sys
    2007-02-02 14:38:48   7680   ----a-w-   c:\windows\system32\hpboidps.dll
    2007-02-02 14:38:46   39424   ----a-w-   c:\windows\system32\hpbpro.dll
    2007-02-02 14:38:46   25600   ----a-w-   c:\windows\system32\hpboid.dll
    2007-02-02 14:38:44   7680   ----a-w-   c:\windows\system32\hpbprops.dll
    2007-02-02 14:38:42   24576   ----a-w-   c:\windows\system32\hpbmiapi.dll
    2007-01-29 20:52:28   --------   d-----w-   c:\documents and settings\adam\application data\TC Electronic
    2007-01-27 09:24:27   9216   ----a-r-   c:\windows\system32\pcore_co.dll
    2007-01-27 09:24:27   499712   ----a-w-   c:\windows\system32\msvcp71.dll
    2007-01-27 09:24:26   348160   ----a-w-   c:\windows\system32\msvcr71.dll
    2007-01-27 09:24:25   1782077   ----a-r-   c:\windows\system32\PCoreMsg.exe
    2007-01-27 09:24:21   122880   ----a-r-   c:\windows\system32\PCore.cpl
    2007-01-27 09:24:20   880640   ----a-r-   c:\windows\system32\PCore.exe
    2007-01-27 09:24:19   76800   ----a-r-   c:\windows\system32\drivers\PCore.sys
    2007-01-27 09:24:19   248364   ----a-r-   c:\windows\system32\PCore.bin
    2007-01-27 09:24:19   163840   ----a-r-   c:\windows\system32\PCore.dll
    2007-01-26 20:23:59   --------   d-----w-   c:\program files\common files\PACE Anti-Piracy
    2007-01-26 20:23:59   --------   d-----w-   c:\documents and settings\all users\application data\PACE Anti-Piracy
    2007-01-26 20:23:59   --------   d-----w-   c:\documents and settings\adam\local settings\application data\PACE Anti-Piracy
    2007-01-26 20:23:59   --------   d-----w-   c:\documents and settings\adam\application data\PACE Anti-Piracy
    2007-01-26 20:23:54   --------   d-----w-   c:\documents and settings\adam\application data\Waves Audio
    2007-01-26 20:19:16   785   ------w-   c:\windows\Tpkdboot.reg
    2007-01-26 20:19:16   634880   ------w-   c:\windows\system32\ilinet.dll
    2007-01-26 20:19:16   1060864   ------w-   c:\windows\system32\MFC71.dll
    2007-01-26 20:19:15   692224   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
    2007-01-26 20:19:15   57344   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
    2007-01-26 20:19:15   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
    2007-01-26 20:19:15   237568   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
    2007-01-26 20:19:15   155648   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
    2007-01-26 20:19:14   282756   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
    2007-01-26 20:19:14   163972   ----a-w-   c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
    2007-01-25 17:25:02   208896   ----a-w-   c:\windows\system32\nvudisp.exe
    2007-01-25 17:25:02   --------   d-----w-   c:\windows\nview
    2006-11-08 15:35:40   33280   ----a-w-   c:\windows\system32\HPZipr12.dll
    2006-11-08 15:35:40   29696   ----a-w-   c:\windows\system32\hpzipt12.dll
    2006-11-08 15:35:40   20480   ----a-w-   c:\windows\system32\hpzisn12.dll
    2006-11-08 15:35:38   53248   ----a-w-   c:\windows\system32\HPZipm12.dll
    2006-11-08 15:35:38   49152   ----a-w-   c:\windows\system32\HPZidr12.dll
    2006-11-08 15:35:36   43520   ----a-w-   c:\windows\system32\HPZinw12.dll
    2006-05-02 09:28:34   --------   d-----w-   c:\program files\SpinAudio
    2006-01-15 19:43:48   33792   ----a-w-   c:\windows\system32\drivers\cledx.sys
    2006-01-15 19:43:42   16896   ----a-w-   c:\windows\system32\drivers\synasUSB.sys
    2006-01-15 19:43:41   45056   ----a-w-   c:\windows\system32\Synsopos.exe
    2006-01-15 19:43:40   700416   ----a-w-   c:\windows\system32\SYNSOACC.dll
    2006-01-15 19:43:40   17784   ----a-w-   c:\windows\system32\drivers\NSynas32.sys
    2006-01-15 19:43:40   147456   ----a-w-   c:\windows\system32\SynsoLChk.dll
    2006-01-15 19:43:40   --------   d-----w-   c:\program files\Syncrosoft
    2006-01-15 18:37:26   --------   d-----w-   c:\program files\Spin Audio
    2005-12-21 16:35:25   --------   d-----w-   c:\program files\Sony
    2005-12-21 16:35:15   438608   ----a-w-   c:\windows\system32\wmv8dmod.dll
    2005-12-21 16:35:14   665424   ----a-w-   c:\windows\system32\wmv8dmoe.dll
    2005-12-21 16:35:14   566272   ----a-w-   c:\windows\system32\wmvdmoe.dll
    2005-12-21 16:35:14   115200   ----a-w-   c:\windows\system32\wmsdmoe.dll
    2005-12-21 16:35:13   285184   ----a-w-   c:\windows\system32\wmidx2.ocx
    2005-12-21 16:33:55   --------   d-----w-   c:\program files\Sony Setup
    2005-09-23 06:28:56   32768   ----a-w-   c:\windows\system32\netfxperf.dll
    2005-09-23 06:28:52   74240   ----a-w-   c:\windows\system32\mscories.dll
    2005-09-23 06:28:52   270848   ----a-w-   c:\windows\system32\mscoree.dll
    2005-09-23 06:28:52   150016   ----a-w-   c:\windows\system32\mscorier.dll
    2005-09-23 06:28:52   150016   ----a-w-   c:\program files\internet explorer\mui\0409\mscorier.dll
    2005-09-23 06:28:38   83456   ----a-w-   c:\windows\system32\dfshim.dll
    2005-04-25 12:45:46   40648   ----a-w-   c:\program files\common files\microsoft shared\dw\DWDCW20.DLL
    2005-04-25 12:45:42   36040   ----a-w-   c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE
    2005-04-25 12:44:40   631488   ----a-w-   c:\program files\common files\microsoft shared\dw\DW20.EXE
    2005-04-20 18:57:35   135168   ------w-   c:\windows\system32\l3codecx.acm
    2005-04-20 18:56:02   --------   d-----w-   c:\program files\Roxio
    2005-04-20 18:53:07   53248   ------w-   c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
    2005-04-20 18:53:07   126976   ------w-   c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
    2005-04-20 18:53:06   114688   ------w-   c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
    2005-04-16 16:49:08   --------   d-----w-   c:\program files\RazorLame
    2005-04-14 22:47:46   47616   ----a-r-   c:\windows\system32\KORGUMDD.DRV
    2005-04-14 22:47:46   12544   ----a-r-   c:\windows\system32\drivers\KORGUMDS.SYS
    2005-04-13 08:14:48   60032   ----a-w-   c:\windows\system32\drivers\usbaudio.sys
    2005-04-12 09:58:21   22912   ----a-w-   c:\windows\system32\drivers\ScratchAmp.sys
    2005-04-05 15:25:32   --------   d-----w-   c:\documents and settings\adam\application data\FabFilter
    2005-02-10 01:40:53   --------   d-----w-   c:\program files\Sonic Foundry MP3 Plug-In
    2005-01-16 02:10:29   1409   ----a-w-   c:\windows\system32\tmpAB39D.FOT
    2005-01-15 20:49:55   --------   d-----w-   c:\program files\Windows Media Components
    2005-01-15 20:49:48   --------   d--h--w-   c:\windows\msdownld.tmp
    2005-01-15 20:47:13   619008   ----a-r-   c:\windows\system32\vobhw.dll
    2005-01-15 20:47:13   19456   ----a-w-   c:\windows\system32\asapi.dll
    2005-01-15 20:47:13   11264   ----a-r-   c:\windows\system32\drivers\asapi.sys
    2005-01-15 20:47:13   --------   d-----w-   c:\program files\VOB
    2005-01-15 20:44:37   270336   ----a-w-   c:\program files\internet explorer\plugins\NPDocBox.dll
    2005-01-15 20:44:37   --------   d-----w-   c:\windows\Profiles
    2004-12-17 14:22:21   --------   d-----w-   c:\program files\Edirol
    2004-12-01 12:32:07   1777664   ----a-w-   c:\windows\system32\GDIplus.dll
    2004-11-30 11:35:57   --------   d-----w-   c:\documents and settings\adam\local settings\application data\Adobe
    2004-11-26 01:37:47   --------   d-----w-   c:\program files\Antares
    2004-11-20 20:33:07   86016   ----a-w-   c:\windows\unvise32qt.exe
    2004-11-20 20:33:05   98304   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin7.dll
    2004-11-20 20:33:05   98304   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin6.dll
    2004-11-20 20:33:05   98304   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin5.dll
    2004-11-20 20:33:05   98304   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin4.dll
    2004-11-20 20:33:05   98304   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin3.dll
    2004-11-20 20:33:05   98304   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin2.dll
    2004-11-20 20:33:05   98304   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin.dll
    2004-11-20 20:32:59   --------   d-----w-   c:\windows\system32\QuickTime
    2004-11-20 20:32:20   --------   d-----w-   c:\windows\system32\BWKDLogs
    2004-11-20 20:30:11   --------   d-----w-   c:\documents and settings\all users\application data\Kodak
    2004-11-20 20:29:34   --------   d-----w-   c:\program files\Kodak
    2004-11-16 18:08:53   --------   d-----w-   c:\program files\Spectrasonics
    2004-11-01 11:13:48   73   ----a-w-   c:\windows\system32\ssprs.dll
    2004-11-01 11:13:48   1025   ----a-w-   c:\windows\system32\clauth2.dll
    2004-11-01 11:13:48   1025   ----a-w-   c:\windows\system32\clauth1.dll
    2004-11-01 11:13:39   205   ----a-w-   c:\windows\system32\lsprst7.dll
    2004-11-01 11:13:39   1025   ----a-w-   c:\windows\system32\sysprs7.dll
    2004-11-01 11:09:05   163840   ----a-w-   c:\windows\system32\ArtFfct.dll
    2004-11-01 11:09:05   --------   d-----w-   c:\program files\Arturia
    2004-11-01 10:57:50   --------   d-----w-   c:\program files\Sonitus-fx-R3
    2004-10-23 18:37:02   --------   d-----w-   c:\program files\Waves Transform
    2004-10-23 18:33:50   --------   d-----w-   c:\program files\Waves
    2004-09-20 19:12:48   109256   ----a-w-   c:\program files\common files\microsoft shared\dw\1025\DWINTL20.DLL
    2004-09-04 15:57:02   52480   ----a-w-   c:\windows\system32\drivers\i8042prt.sys
    2004-09-04 15:57:02   23040   ----a-w-   c:\windows\system32\drivers\mouclass.sys
    2004-09-04 15:56:47   --------   d-----w-   c:\program files\Microsoft Hardware
    2004-08-04 00:56:58   7680   ----a-w-   c:\windows\system32\spdwnwxp.exe
    2004-08-04 00:56:58   20992   ------w-   c:\windows\system32\spupdwxp.exe
    2004-08-04 00:56:58   11264   ------w-   c:\windows\system32\spnpinst.exe
    2004-07-19 15:56:28   --------   d-----w-   c:\program files\Steinberg
    2004-07-08 17:04:59   --------   d-----w-   c:\program files\Digidesign
    2004-07-08 16:51:12   --------   d-----w-   c:\program files\common files\Digidesign
    2004-07-08 16:41:08   --------   d-----w-   c:\documents and settings\adam\application data\Applied Acoustics Systems
    2004-07-08 16:40:50   1   ----a-w-   c:\windows\system32\ceme20.dll
    2004-07-08 16:18:43   --------   d-----w-   c:\documents and settings\adam\application data\Sonic Foundry
    2004-07-08 16:17:54   --------   d-----w-   c:\program files\Sonic Foundry Setup
    2004-07-08 16:05:05   69632   ----a-w-   c:\windows\system32\NI_DFD_KOMPAKT.dll
    2004-07-08 16:05:05   69632   ----a-w-   c:\windows\system32\NI_DFD_1_2_9.dll
    2004-07-08 16:05:05   69632   ----a-w-   c:\windows\system32\NI_DFD_1_2_7.dll
    2004-07-08 16:05:05   69632   ----a-w-   c:\windows\system32\NI_DFD_1_2_4.dll
    2004-07-08 16:05:05   69632   ----a-w-   c:\windows\system32\NI_DFD.dll
    2004-07-08 16:05:05   --------   d-----w-   c:\program files\Native Instruments
    2004-07-08 16:04:37   65536   ----a-w-   c:\windows\system32\NI_DFD_1_2_8.dll
    2004-07-08 15:59:28   --------   d-----w-   c:\program files\Recycle
    2004-07-08 15:59:02   168450   ----a-w-   c:\windows\LOOP.exe
    2004-07-08 15:47:16   --------   d-----w-   c:\program files\PSP Nitro
    2004-07-08 15:38:26   --------   d-----w-   c:\program files\coolpro2
    2004-07-08 13:55:21   --------   d-----w-   c:\documents and settings\adam\WINDOWS
    2004-07-08 10:10:44   --------   d-----w-   c:\documents and settings\adam\application data\Steinberg
    2004-07-06 14:32:52   --------   d-----w-   c:\windows\system32\ZoneLabs
    2004-07-06 14:32:52   --------   d-----w-   c:\program files\Zone Labs
    2004-07-06 14:32:26   --------   d-----w-   c:\windows\Internet Logs
    2004-07-06 14:29:47   --------   d-----w-   c:\program files\InterVideo
    2004-07-06 14:28:50   --------   d-----w-   c:\program files\PowerQuest
    2004-07-06 13:54:55   3480   ----a-w-   c:\windows\system32\mbmiodrvr.sys
    2004-07-06 13:54:53   --------   d-----w-   c:\program files\Motherboard Monitor 5
    2004-07-06 13:54:11   --------   d-----w-   c:\documents and settings\adam\local settings\application data\Google
    2004-07-06 13:52:47   --------   d-----w-   c:\windows\Cache
    2004-07-06 12:53:22   --------   d-----w-   c:\program files\Kaspersky Lab
    2004-07-06 12:53:22   --------   d-----w-   c:\program files\common files\KAV Shared Files
    2004-07-06 12:51:29   --------   d-----w-   c:\program files\Executive Software
    2004-07-06 12:36:51   --------   d-----w-   c:\program files\Microsoft ActiveSync
    2004-07-06 12:35:51   --------   d-----w-   c:\windows\ShellNew
    2004-07-06 12:35:50   --------   d-----w-   c:\program files\common files\L&H
    2004-07-06 12:32:44   240640   ----a-w-   c:\windows\system32\mpg4dmod.dll
    2004-07-06 12:32:43   2362104   -c--a-w-   c:\windows\system32\dllcache\wmvcore.dll
    2004-07-06 12:32:43   229376   -c--a-w-   c:\windows\system32\dllcache\wmasf.dll
    2004-07-06 12:32:42   226816   ----a-w-   c:\program files\windows media player\npdrmv2.dll
    2004-07-06 12:32:42   10240   ----a-w-   c:\program files\windows media player\npwmsdrm.dll
    2004-07-06 12:32:03   89184   ------w-   c:\windows\system32\drivers\imagedrv.sys
    2004-07-06 12:32:03   57344   ------w-   c:\windows\system32\ImageDrive.cpl
    2004-07-06 12:31:52   38912   ----a-w-   c:\windows\system32\picn20.dll
    2004-07-06 12:31:51   569344   ----a-w-   c:\windows\system32\imagr5.dll
    2004-07-06 12:31:51   544768   ----a-w-   c:\windows\system32\imagx5.dll
    2004-07-06 12:31:51   283920   ----a-w-   c:\windows\system32\ImagXpr5.dll
    2004-07-06 12:31:51   155648   ----a-w-   c:\windows\system32\NeroCheck.exe
    2004-07-06 12:17:32   384512   ----a-w-   c:\windows\system32\mp4sdmod.dll
    2004-07-06 12:17:32   310272   ----a-w-   c:\windows\system32\mp43dmod.dll
    2004-07-06 12:16:04   --------   d-----w-   c:\program files\Windows Journal Viewer
    2004-07-06 12:15:29   --------   d-----w-   c:\windows\PeerNet
    2004-07-06 12:14:28   483840   ----a-w-   c:\windows\system32\wzcsvc.dll
    2004-07-06 12:14:26   52736   ----a-w-   c:\windows\system32\wzcsapi.dll
    2004-07-06 12:14:26   383488   ----a-w-   c:\windows\system32\wzcdlg.dll
    2004-07-06 12:14:26   1703936   ----a-w-   c:\windows\system32\netshell.dll
    2004-07-06 12:14:07   --------   d-----w-   c:\program files\HighMAT CD Writing Wizard
    2004-07-06 12:14:06   --------   d-----w-   c:\windows\Downloaded Installations
    2004-07-06 12:14:01   713216   ----a-w-   c:\windows\system32\sxs.dll
    2004-07-06 11:58:47   338432   ----a-w-   c:\windows\system32\zipfldr.dll
    2004-07-06 11:57:13   33792   ----a-w-   c:\windows\system32\msgsvc.dll
    2004-07-06 11:57:03   2897920   ------w-   c:\windows\system32\xpsp2res.dll
    2004-07-06 11:57:00   77824   ----a-w-   c:\program files\netmeeting\nmcom.dll
    2004-07-06 11:55:55   326432   ----a-w-   c:\windows\system32\msexcl40.dll
    2004-07-06 11:55:52   518944   ----a-w-   c:\windows\system32\msexch40.dll
    2004-07-06 11:55:49   380445   ----a-w-   c:\windows\system32\expsrv.dll
    2004-07-06 11:55:48   554008   ----a-w-   c:\program files\common files\microsoft shared\dao\dao360.dll
    2004-07-06 11:55:17   26112   ----a-w-   c:\windows\system32\xpsp1hfm.exe
    2004-06-19 14:40:13   10240   ----a-w-   c:\windows\system32\drivers\SiWinAcc.sys
    2004-06-19 14:40:07   97857   ----a-w-   c:\windows\system32\drivers\si3114r.sys
    2004-06-18 13:40:50   33280   ----a-w-   c:\windows\muninst.exe
    2004-05-15 22:42:06   201728   ----a-w-   c:\windows\system32\ati2dvag.dll
    2004-05-15 22:41:40   701440   ----a-w-   c:\windows\system32\drivers\ati2mtag.sys
    2004-05-15 22:01:32   1057760   -c--a-w-   c:\windows\system32\dllcache\ati3d2ag.dll
    2004-05-15 22:01:32   1057760   ----a-w-   c:\windows\system32\ati3d2ag.dll
    2004-05-15 21:49:14   870784   -c--a-w-   c:\windows\system32\dllcache\ati3d1ag.dll
    2004-05-15 21:49:14   870784   ----a-w-   c:\windows\system32\ati3d1ag.dll
    2004-04-14 13:56:46   229888   ----a-w-   c:\windows\system32\dplayx.dll
    2004-04-12 22:11:26   57344   ----a-w-   c:\windows\system32\dpwsockx.dll
    2004-03-04 09:50:40   974848   ----a-w-   c:\windows\system32\mfc70.dll
    2004-03-04 09:50:40   905290   ----a-w-   c:\windows\system32\libmmd.dll
    2004-03-04 09:50:40   487424   ----a-w-   c:\windows\system32\msvcp70.dll
    2004-03-04 09:50:40   344064   ----a-w-   c:\windows\system32\msvcr70.dll
    2004-03-03 14:02:00   737024   ----a-w-   c:\windows\system32\drivers\nvmcp.sys
    2004-03-03 14:02:00   7168   ----a-w-   c:\windows\system32\nvack.dll
    2004-03-03 14:02:00   66688   ----a-w-   c:\windows\system32\drivers\nvarm.sys
    2004-03-03 14:02:00   5120   ----a-w-   c:\windows\system32\ALut.dll
    2004-03-03 14:02:00   47104   ----a-w-   c:\windows\system32\nvopenal.dll
    2004-03-03 14:02:00   40832   ----a-w-   c:\windows\system32\drivers\nvax.sys
    2004-03-03 14:02:00   320640   ----a-w-   c:\windows\system32\drivers\nvapu.sys
    2004-03-03 14:02:00   31744   ----a-w-   c:\windows\system32\NVCOAD.DLL
    2004-03-03 14:02:00   30208   ----a-w-   c:\windows\system32\nvasio.dll
    2004-03-03 14:02:00   21504   ----a-w-   c:\windows\system32\OpenAL32.dll
    2004-03-02 12:18:36   1314816   ----a-w-   c:\program files\outlook express\msoe.dll
    2004-03-02 12:18:32   691712   ----a-w-   c:\windows\system32\inetcomm.dll
    2004-03-02 12:18:28   510976   ----a-w-   c:\program files\common files\system\wab32.dll
    2004-02-06 17:05:06   666112   ----a-w-   c:\windows\system32\wininet.dll
    2004-01-29 17:38:46   9796288   ----a-w-   c:\program files\common files\microsoft shared\office10\MSO.DLL
    2004-01-29 02:22:48   31744   ----a-w-   c:\windows\system32\NVCOE.DLL
    2004-01-29 01:45:50   93764   ----a-w-   c:\windows\system32\drivers\NVENET.sys
    2004-01-21 13:36:14   7334592   ----a-w-   c:\program files\common files\microsoft shared\web components\10\OWC10.DLL
    2004-01-21 13:36:14   506560   ----a-w-   c:\program files\common files\microsoft shared\web components\10\1033\OWCI10.DLL
    2003-12-17 12:33:06   1133256   ----a-w-   c:\program files\common files\microsoft shared\office10\1033\MSOINTL.DLL
    2003-12-17 12:32:50   854728   ----a-w-   c:\program files\common files\system\mapi\1033\MSMAPI32.DLL
    2003-12-17 12:32:44   744128   ----a-w-   c:\program files\common files\system\mapi\1033\OUTEX.DLL
    2003-12-17 12:32:30   535240   ----a-w-   c:\program files\common files\system\mapi\1033\MSPST32.DLL
    2003-12-17 12:32:26   539336   ----a-w-   c:\program files\common files\system\mapi\1033\EMSMDB32.DLL
    2003-12-17 12:32:24   199368   ----a-w-   c:\program files\common files\system\mapi\1033\EMSABP32.DLL
    2003-12-17 12:31:20   56008   ----a-w-   c:\program files\common files\microsoft shared\snapshot viewer\SNAPVIEW.EXE
    2003-12-05 09:58:36   314424   ----a-w-   c:\windows\system32\drivers\KodakCCS.exe
    2003-11-18 19:11:42   1378832   ----a-w-   c:\program files\common files\microsoft shared\web server extensions\50\bin\FP5AWEL.DLL
    2003-10-29 13:02:00   29696   ----a-w-   c:\windows\system32\NVCOG.DLL
    2003-10-29 13:02:00   21120   ----a-w-   c:\windows\system32\drivers\nv_agp.SYS
    2003-10-27 19:13:16   24576   ----a-w-   c:\windows\system32\odbcbcp.dll
    2003-10-27 19:13:06   106496   ----a-w-   c:\windows\system32\odbccp32.dll
    2003-10-27 19:12:44   528384   ----a-w-   c:\program files\common files\system\ole db\sqloledb.dll
    2003-10-27 19:12:44   442368   ----a-w-   c:\windows\system32\sqlsrv32.dll
    2003-10-27 19:12:42   110592   ----a-w-   c:\windows\system32\dbnetlib.dll
    2003-10-27 19:10:24   487424   ----a-w-   c:\program files\common files\system\ole db\oledb32.dll
    2003-10-27 19:09:50   151552   ----a-w-   c:\windows\system32\msdart.dll
    2003-10-27 19:09:44   249856   ----a-w-   c:\windows\system32\odbc32.dll
    2003-10-17 16:28:18   39488   ----a-w-   c:\program files\common files\system\mapi\1033\DUMPSTER.DLL
    2003-10-13 13:10:02   944696   ----a-w-   c:\program files\common files\microsoft shared\web server extensions\50\bin\FP5AUTL.DLL
    2003-10-13 13:08:26   608824   ----a-w-   c:\program files\common files\microsoft shared\web server extensions\50\bin\FP5AWEC.DLL
    2003-10-13 13:04:58   399928   ----a-w-   c:\program files\common files\microsoft shared\web server extensions\50\bin\FPMMC.DLL
    2003-10-13 13:04:26   338496   ----a-w-   c:\program files\common files\system\mapi\1033\PSTPRX32.DLL
    2003-10-13 13:04:24   289336   ----a-w-   c:\program files\common files\microsoft shared\smart tag\FPERSON.DLL
    2003-10-13 13:04:04   223800   ----a-w-   c:\program files\common files\microsoft shared\smart tag\FPLACE.DLL
    2003-10-13 13:04:04   207416   ----a-w-   c:\program files\common files\microsoft shared\smart tag\FSTOCK.DLL
    2003-10-13 13:04:02   252472   ----a-w-   c:\program files\common files\microsoft shared\smart tag\MOFL.DLL
    2003-10-13 13:03:58   166456   ----a-w-   c:\program files\common files\microsoft shared\smart tag\FDATE.DLL
    2003-10-13 13:03:56   154168   ----a-w-   c:\program files\common files\microsoft shared\smart tag\FNAME.DLL
    2003-10-13 13:03:52   141888   ----a-w-   c:\program files\common files\microsoft shared\web server extensions\50\servsupp\FP5AMSFT.DLL
    2003-10-13 13:03:38   129592   ----a-w-   c:\program files\common files\system\mapi\1033\EMSUI32.DLL
    2003-10-13 13:03:32   105016   ----a-w-   c:\program files\common files\microsoft shared\web server extensions\50\bin\CFGWIZ.EXE
    2003-10-13 13:03:06   47672   ----a-w-   c:\program files\common files\microsoft shared\web server extensions\50\bots\vinavbar\FP5AVNB.DLL
    2003-10-13 13:02:56   27192   ----a-w-   c:\program files\common files\microsoft shared\web server extensions\50\isapi\SHTML.DLL
    2003-10-13 13:02:56   27192   ----a-w-   c:\program files\common files\microsoft shared\web server extensions\50\isapi\_vti_aut\AUTHOR.DLL
    2003-10-13 13:02:54   27192   ----a-w-   c:\program files\common files\microsoft shared\web server extensions\50\isapi\_vti_adm\ADMIN.DLL
    2003-10-13 13:02:54   27192   ----a-w-   c:\program files\common files\microsoft shared\web server extensions\50\bin\OWSADM.EXE
    2003-10-07 19:20:48   399928   ----a-w-   c:\program files\common files\microsoft shared\msclientdatamgr\MSCDM.DLL
    2003-10-07 17:29:16   102400   ----a-w-   c:\windows\system32\KodakCoI.dll
    2003-10-03 15:14:30   57856   ----a-w-   c:\windows\system32\QuickTimeCheck.ocx
    2003-10-03 15:14:29   747008   ----a-w-   c:\windows\system32\Indeo4.qtx
    2003-10-03 15:14:29   2017280   ----a-w-   c:\windows\system32\QuickTimeMusicalInstruments.qtx
    2003-10-03 15:14:28   409600   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
    2003-10-03 15:14:28   314880   ----a-w-   c:\windows\system32\QuickTime.cpl
    2003-10-03 15:14:26   4719104   ----a-w-   c:\windows\system32\QuickTime.qts
    2003-09-25 11:07:00   1139472   ----a-w-   c:\windows\system32\FM20.DLL
    2003-09-17 10:01:28   844314   ----a-w-   c:\windows\system32\msdxm.ocx
    2003-09-15 10:32:14   512051   ----a-w-   c:\program files\common files\microsoft shared\office10\RICHED20.DLL
    2003-09-05 14:28:38   180224   ----a-w-   c:\program files\common files\microsoft shared\office10\UCS20.DLL
    2003-08-28 08:57:04   155136   ----a-w-   c:\windows\system32\itircl.dll
    2003-08-25 18:06:50   191488   ----a-w-   c:\windows\system32\iuengine.dll
    2003-08-18 13:26:32   25872   ----a-w-   c:\windows\system32\FM20ENU.DLL
    2003-08-11 14:27:36   236117   ----a-w-   c:\windows\system32\AutoFAT.exe
    2003-08-11 13:57:06   185344   ----a-w-   c:\windows\system32\AutoNTFS.exe
    2003-08-08 14:44:48   111192   ----a-w-   c:\program files\common files\microsoft shared\dw\3082\DWINTL20.DLL
    2003-08-08 13:35:44   112216   ----a-w-   c:\program files\common files\microsoft shared\dw\1036\DWINTL20.DLL
    2003-08-08 13:34:08   111704   ----a-w-   c:\program files\common files\microsoft shared\dw\1040\DWINTL20.DLL
    2003-07-24 15:40:22   512512   ----a-w-   c:\windows\system32\cryptui.dll
    2003-07-22 19:23:34   2502656   ----a-w-   c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL
    2003-07-16 06:12:00   307279   ----a-w-   c:\program files\common files\microsoft shared\proof\MSSP3FR.DLL
    2003-07-15 01:18:52   376888   ----a-w-   c:\program files\common files\microsoft shared\msorun\MSORUN.DLL
    2003-07-14 21:54:00   109120   ----a-w-   c:\program files\common files\microsoft shared\dw\1042\DWINTL20.DLL
    2003-07-14 21:53:46   109120   ----a-w-   c:\program files\common files\microsoft shared\dw\1028\DWINTL20.DLL
    2003-07-14 21:53:28   112704   ----a-w-   c:\program files\common files\microsoft shared\dw\1031\DWINTL20.DLL
    2003-07-14 21:53:22   109120   ----a-w-   c:\program files\common files\microsoft shared\dw\1041\DWINTL20.DLL
    2003-07-14 21:53:12   109120   ----a-w-   c:\program files\common files\microsoft shared\dw\2052\DWINTL20.DLL
    2003-07-14 21:53:12   109120   ----a-w-   c:\program files\common files\microsoft shared\dw\1033\DWINTL20.DLL
    2003-07-14 20:51:50   116288   ----a-w-   c:\program files\common files\microsoft shared\textconv\MSCONV97.DLL
    2003-07-10 11:19:10   82432   ----a-w-   c:\windows\system32\ws2_32.dll
    2003-07-10 11:19:08   59904   ----a-w-   c:\windows\system32\ipv6mon.dll
    2003-07-10 11:19:06   32768   ----a-w-   c:\windows\system32\inetmib1.dll
    2003-07-10 11:19:06   14336   ----a-w-   c:\windows\system32\wship6.dll
    2003-07-10 11:19:02   100352   ----a-w-   c:\windows\system32\6to4svc.dll
    2003-07-07 11:41:08   33792   ----a-w-   c:\windows\oeuninst.exe
    2003-07-03 16:53:26   32128   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
    2003-07-03 16:50:12   7168   ------w-   c:\windows\system32\hccoin.dll
    2003-07-02 13:02:46   233472   ----a-w-   c:\windows\system32\REX Shared Library.dll
    2003-06-30 15:38:22   554496   ------w-   c:\windows\system32\p2psvc.dll
    2003-06-30 15:38:22   115712   ------w-   c:\windows\system32\p2pnetsh.dll
    2003-06-30 15:38:20   153600   ------w-   c:\windows\system32\p2p.dll
    2003-06-30 15:38:16   58880   ------w-   c:\windows\system32\pnrpnsp.dll
    2003-06-30 15:38:16   105472   ------w-   c:\windows\system32\p2pgasvc.dll
    2003-06-30 15:38:14   313856   ------w-   c:\windows\system32\p2pgraph.dll
    2003-06-30 15:35:52   36608   ------w-   c:\windows\system32\drivers\ip6fw.sys
    2003-06-30 15:35:10   12288   ------w-   c:\windows\system32\drivers\tunmp.sys
    2003-06-30 15:33:20   86016   ----a-w-   c:\windows\system32\netsh.exe
    2003-06-30 15:30:58   53248   ----a-w-   c:\windows\system32\ipv6.exe
    2003-06-30 15:30:56   225664   ----a-w-   c:\windows\system32\drivers\tcpip6.sys
    2003-06-30 12:49:14   438784   ----a-w-   c:\windows\system32\xpob2res.dll
    2003-06-19 14:58:56   133696   ----a-w-   c:\program files\common files\system\mapi\1033\CONTAB32.DLL
    2003-06-09 15:10:58   80384   ----a-w-   c:\windows\system32\faultrep.dll
    2003-06-09 13:06:08   180224   ----a-w-   c:\windows\system32\dwwin.exe
    2003-05-30 15:17:20   549888   ----a-w-   c:\windows\system32\appwiz.cpl
    2003-05-11 20:13:52   45056   ----a-w-   c:\windows\system32\shmgrate.exe
    2003-05-11 20:12:10   1033728   ----a-w-   c:\windows\explorer.exe
    2003-04-29 12:41:44   29184   ----a-w-   c:\windows\system32\popup.ocx
    2003-04-14 19:05:20   1695232   ----a-w-   c:\program files\messenger\msmsgs.exe
    2003-04-14 19:01:28   180224   ----a-w-   c:\program files\messenger\msgslang.dll
    2003-04-14 19:00:16   82944   ----a-w-   c:\program files\messenger\msgsc.dll
    2003-04-01 12:19:10   32768   ----a-w-   c:\program files\common files\installshield\driver\8\intel 32\objps8.dll
    2003-04-01 12:18:50   188416   ----a-w-   c:\program files\common files\installshield\driver\8\intel 32\IUser8.dll
    2003-04-01 12:18:30   327680   ----a-w-   c:\program files\common files\installshield\driver\8\intel 32\ISRT.dll
    2003-04-01 12:18:10   237568   ----a-w-   c:\program files\common files\installshield\driver\8\intel 32\IScript8.dll
    2003-03-28 18:21:36   647168   ----a-w-   c:\program files\common files\installshield\driver\8\intel 32\IDriver2.exe
    2003-03-28 18:21:36   647168   ----a-w-   c:\program files\common files\installshield\driver\8\intel 32\IDriver.exe
    2003-03-25 17:38:40   1327104   ----a-w-   c:\program files\common files\microsoft shared\web folders\MSONSEXT.DLL
    2003-03-18 18:05:50   89088   ----a-w-   c:\windows\system32\atl71.dll
    2003-03-14 12:20:40   1358432   ----a-w-   c:\windows\system32\XMNT2002.exe
    2003-03-14 12:18:30   4228   ----a-w-   c:\windows\system32\drivers\PQNTDRV.sys
    2003-03-06 16:26:04   113224   ----a-w-   c:\program files\common files\system\mapi\1033\EMABLT32.DLL
    2003-03-05 18:45:24   290816   ----a-w-   c:\program files\common files\installshield\driver\8\intel 32\_ISRES1033.dll
    2003-03-03 14:57:20   86528   ----a-w-   c:\program files\common files\system\directdb.dll
    2003-03-03 14:57:20   85504   ----a-w-   c:\program files\outlook express\wabimp.dll
    2003-03-03 14:57:20   51712   ----a-w-   c:\windows\system32\msident.dll
    2003-03-03 14:57:20   46080   ----a-w-   c:\program files\outlook express\wab.exe
    2003-03-03 14:57:20   252928   ----a-w-   c:\windows\system32\msoeacct.dll
    2003-03-03 14:57:20   104448   ----a-w-   c:\program files\outlook express\oeimport.dll
    2003-03-03 14:57:18   60416   ----a-w-   c:\program files\outlook express\oemig50.exe
    2003-03-03 14:57:18   60416   ----a-w-   c:\program files\outlook express\msimn.exe
    2003-03-03 14:57:18   32768   ----a-w-   c:\program files\outlook express\wabfind.dll
    2003-03-03 14:57:18   30208   ----a-w-   c:\program files\outlook express\wabmig.exe
    2003-03-03 14:57:18   105984   ----a-w-   c:\windows\system32\msoert2.dll
    2003-03-03 14:57:16   35328   ----a-w-   c:\program files\outlook express\oemiglib.dll
    2003-03-03 08:24:32   33792   ----a-w-   c:\windows\ieuninst.exe
    2003-02-11 03:51:24   1187840   ----a-w-   c:\program files\common files\system\ole db\MSDAIPP.DLL
    2003-01-29 20:12:16   2071752   ----a-w-   c:\program files\common files\system\ole db\MSOLAP80.DLL
    2003-01-29 20:12:14   1383592   ----a-w-   c:\program files\common files\system\ole db\MSDMINE.DLL
    2003-01-29 20:12:14   1031336   ----a-w-   c:\program files\common files\system\ole db\MSMDGD80.DLL
    2003-01-29 20:12:12   359600   ----a-w-   c:\program files\common files\system\ole db\MSDMENG.DLL
    2003-01-29 20:12:12   224416   ----a-w-   c:\program files\common files\system\ole db\MSMDCB80.DLL
    2003-01-15 10:08:10   325632   ----a-w-   c:\program files\movie maker\wmm2fxb.dll
    2003-01-13 13:24:04   94208   ----a-w-   c:\windows\system32\lmpgvd.ax
    2003-01-13 13:24:04   48640   ----a-w-   c:\windows\system32\lmpgad.ax
    2003-01-13 13:24:04   106496   ----a-w-   c:\windows\system32\lmpgspl.ax
    2003-01-13 13:22:02   1581056   ----a-w-   c:\windows\system32\mplvw7.dll
    2003-01-13 13:22:02   1552384   ----a-w-   c:\windows\system32\mplvm6.dll
    2003-01-13 13:22:02   1122304   ----a-w-   c:\windows\system32\mplvpx.dll
    2003-01-13 13:22:00   1650688   ----a-w-   c:\windows\system32\mplva6.dll
    2003-01-13 13:21:58   77824   ----a-w-   c:\windows\system32\mplaw7.dll
    2003-01-13 13:21:58   77824   ----a-w-   c:\windows\system32\mplaa6.dll
    2003-01-13 13:21:58   65536   ----a-w-   c:\windows\system32\mplapx.dll
    2003-01-13 13:21:58   65536   ----a-w-   c:\windows\system32\mplam6.dll
    2003-01-13 13:21:58   19968   ----a-w-   c:\windows\system32\cpuinf32.dll
    2003-01-13 13:06:40   203976   ----a-w-   c:\windows\system32\RICHTX32.OCX
    2003-01-13 09:19:26   64208   ----a-w-   c:\windows\system32\drivers\cdr4_xp.sys
    2003-01-13 09:19:26   61440   ----a-w-   c:\windows\system32\cdrtc.dll
    2003-01-13 09:19:26   45056   ----a-w-   c:\windows\system32\cdral.dll
    2003-01-13 09:19:26   249344   ----a-w-   c:\windows\system32\drivers\Cdudf_xp.sys
    2003-01-13 09:19:26   24839   ----a-w-   c:\windows\system32\drivers\cdralw2k.sys
    2003-01-13 09:19:26   22758   ----a-w-   c:\windows\system32\drivers\Mmc_2k.sys
    2003-01-13 09:19:26   21654   ----a-w-   c:\windows\system32\drivers\Dvd_2k.sys
    2003-01-13 09:19:26   206464   ----a-w-   c:\windows\system32\drivers\UdfReadr_xp.sys
    2003-01-13 09:19:26   118422   ----a-w-   c:\windows\system32\drivers\pwd_2K.sys
    2002-12-20 12:06:00   3558912   ----a-w-   c:\program files\movie maker\moviemk.exe
    2002-12-20 12:05:06   4096   ----a-w-   c:\program files\movie maker\1033\wmm2eres.dll
    2002-12-20 12:05:04   7680   ----a-w-   c:\program files\movie maker\wmm2ext.dll
    2002-12-20 12:05:00   502272   ----a-w-   c:\program files\movie maker\wmm2fxa.dll
    2002-12-20 12:04:58   402432   ----a-w-   c:\program files\movie maker\wmm2filt.dll
    2002-12-20 12:04:58   167936   ----a-w-   c:\program files\movie maker\wmm2ae.dll
    2002-12-20 12:04:50   4256768   ----a-w-   c:\program files\movie maker\1033\wmm2res.dll
    2002-12-17 17:16:18   37760   ----a-w-   c:\windows\system32\drivers\amdk7.sys
    2002-12-01 18:10:02   --------   d-----w-   c:\program files\Prime95
    2002-11-26 14:15:52   186880   ------w-   c:\windows\system32\encdec.dll
    2002-11-26 14:15:50   270848   ------w-   c:\windows\system32\sbe.dll
    2002-11-14 11:58:06   154624   ----a-w-   c:\windows\system32\ivfsrc.ax
    2002-11-14 11:58:04   200192   ----a-w-   c:\windows\system32\ir50_qc.dll
    2002-11-14 11:58:04   183808   ----a-w-   c:\windows\system32\ir50_qcx.dll
    2002-11-14 11:58:02   755200   ----a-w-   c:\windows\system32\ir50_32.dll
    2002-11-14 11:58:02   338432   ----a-w-   c:\windows\system32\ir41_qcx.dll
    2002-11-14 11:58:02   120320   ----a-w-   c:\windows\system32\ir41_qc.dll
    2002-11-14 11:58:00   848384   ----a-w-   c:\windows\system32\ir41_32.ax
    2002-11-14 11:58:00   199680   ----a-w-   c:\windows\system32\iac25_32.ax
    2002-11-09 12:44:40   --------   d-s---w-   c:\documents and settings\adam\UserData
    2002-11-09 11:27:40   607325   ----a-r-   c:\windows\system32\drivers\MA111nd5.sys
    2002-11-07 23:28:19   212992   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
    2002-11-07 23:28:13   --------   d-----w-   C:\ATI
    2002-11-07 23:24:50   --------   d-----w-   c:\windows\RegisteredPackages
    .
    ==================== Find3M  ====================
    .
    2012-04-04 15:56:40   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2011-10-29 08:25:39   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
    2010-03-05 10:13:40   947472   ----a-w-   c:\windows\system32\msjava.dll
    2009-08-06 19:24:10   217816   ----a-w-   c:\windows\system32\wuaucpl.cpl
    2008-04-14 04:55:28   1804   ----a-w-   c:\windows\system32\dcache.bin
    2008-04-14 04:46:52   329728   ----a-w-   c:\windows\system32\netsetup.exe
    2008-04-14 04:43:24   92424   ----a-w-   c:\windows\system32\rdpdd.dll
    2008-04-14 04:43:24   87176   ----a-w-   c:\windows\system32\rdpwsx.dll
    2008-04-14 04:43:24   139656   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
    2008-04-14 04:43:22   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys
    2008-04-14 04:43:22   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
    2008-04-14 04:43:22   12168   ----a-w-   c:\windows\system32\tsddd.dll
    2008-04-14 04:43:22   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys
    2008-04-14 04:41:58   97280   ----a-w-   c:\windows\system32\loadperf.dll
    2008-04-14 04:40:58   218624   ----a-w-   c:\windows\system32\sysmon.ocx
    2008-04-14 04:40:52   86016   ----a-w-   c:\windows\system32\sl_anet.acm
    2008-04-14 04:40:46   102912   ----a-w-   c:\windows\system32\dpcdll.dll
    2008-04-14 04:40:36   81920   ----a-w-   c:\windows\system32\proctexe.ocx
    2008-04-14 04:40:32   53279   ----a-w-   c:\windows\system32\odbcji32.dll
    2008-04-14 04:40:22   110592   ----a-w-   c:\windows\system32\msscript.ocx
    2008-04-14 04:40:10   4126   ----a-w-   c:\windows\system32\msdxmlc.dll
    2008-04-14 04:40:08   3584   ----a-w-   c:\windows\system32\msafd.dll
    2008-04-14 04:40:08   294912   ----a-w-   c:\windows\system32\msaud32.acm
    2008-04-14 04:40:08   177152   ------w-   c:\windows\system32\msctfime.ime
    2008-04-14 04:40:08   14848   ----a-w-   c:\windows\system32\msadp32.acm
    2008-04-14 00:00:12   1845632   ----a-w-   c:\windows\system32\win32k.sys
    2008-04-13 23:58:40   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys
    2008-04-13 23:57:54   2188928   ----a-w-   c:\windows\system32\ntoskrnl.exe
    2008-04-13 23:51:02   162816   ----a-w-   c:\windows\system32\drivers\netbt.sys
    2008-04-13 23:50:44   91520   ----a-w-   c:\windows\system32\drivers\ndiswan.sys
    2008-04-13 23:50:38   182656   ----a-w-   c:\windows\system32\drivers\ndis.sys
    2008-04-13 23:50:18   361344   ----a-w-   c:\windows\system32\drivers\tcpip.sys
    2008-04-13 23:49:50   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys
    2008-04-13 23:49:44   75264   ----a-w-   c:\windows\system32\drivers\ipsec.sys
    2008-04-13 23:49:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys
    2008-04-13 23:49:24   138112   ----a-w-   c:\windows\system32\drivers\afd.sys
    2008-04-13 23:47:20   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys
    2008-04-13 23:47:06   105344   ----a-w-   c:\windows\system32\drivers\mup.sys
    2008-04-13 23:47:02   456576   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
    2008-04-13 23:46:38   141056   ----a-w-   c:\windows\system32\drivers\ks.sys
    2008-04-13 23:46:24   49536   ----a-w-   c:\windows\system32\drivers\classpnp.sys
    2008-04-13 23:45:56   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys
    2008-04-13 23:45:54   574976   ----a-w-   c:\windows\system32\drivers\ntfs.sys
    2008-04-13 23:45:46   64512   ----a-w-   c:\windows\system32\drivers\serial.sys
    2008-04-13 23:45:12   334848   ----a-w-   c:\windows\system32\drivers\srv.sys
    2008-04-13 23:44:30   143744   ----a-w-   c:\windows\system32\drivers\fastfat.sys
    2008-04-13 23:44:22   63744   ----a-w-   c:\windows\system32\drivers\cdfs.sys
    2008-04-13 23:30:20   30080   ----a-w-   c:\windows\system32\drivers\modem.sys
    2008-04-13 23:30:06   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys
    2008-04-13 23:27:34   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys
    2008-04-13 23:27:30   40576   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
    2008-04-13 23:27:28   14336   ----a-w-   c:\windows\system32\drivers\asyncmac.sys
    2008-04-13 23:27:28   10112   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
    2008-04-13 23:27:22   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys
    2008-04-13 23:27:16   152832   ----a-w-   c:\windows\system32\drivers\ipnat.sys
    2008-04-13 23:27

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Have I got a virus? (Can't install any antivirus)
    « Reply #1 on: June 16, 2012, 04:23:50 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    You can look in Program Files, SuperAntiSpyware and look for a txt file.
    It would appear from the logs that you indeed have AVG installled.


    I strongly recommend that you remove Ask from your computer because it;

    •Promotes its toolbars on sites targeted to kids.

    •Promotes its toolbars through ads that appear to be part of other companies' sites.

    •Promotes its toolbars through other companies' spyware.

    •Installs without any disclosure whatsoever and without any consent whatsoever.

    •Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

    •Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

    See Here for more info.

    If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

    AskBarDis or anything related to Ask

    Then please find and delete this folder in bold (if present):
    C:\Program Files\AskBarDis. or anything related to Ask.
    *****************************************************
    Download Security Check by screen317 from one of the following links and save it to your desktop.

    Link 1
    Link 2

    * Double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.

    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
    *************************************************
    Download Combofix from any of the links below, and save it to your DESKTOP

    Link 1
    Link 2
    Link 3

    To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click ComboFix.exe to run it.

      You will see the following image:


    Click I Agree to start the program.

    ComboFix will then extract the necessary files and you will see this:



    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

    It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

    If you did not have it installed, you will see the prompt below. Choose YES.



    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    Windows 8 and Windows 10 dual boot with two SSD's

    adamslack

      Topic Starter


      Greenhorn

      • Experience: Beginner
      • OS: Unknown
      Re: Have I got a virus? (Can't install any antivirus)
      « Reply #2 on: June 18, 2012, 04:53:16 PM »
      Hi there SuperDave, thank you so much for your help!

      I looked again in the program files folder for SuperAntiSpyware for a .txt file but i promise you there is none in there! Do you want me to scan again with this & post the log even though it removed a whole load of stuff in the unsaved scan?

      I removed Ask, which was an add on from Avira only recently.

      Also, I have removed AVG from add/remove and it shouldn't be installed - after you said it was still there I checked and there is no entry to remove on add/remove, so the only thing left was a folder in program files so I deleted it then emptied the bin & ran a CCleaner, but I can see on the Security Check log it is still showing up as on my system.

      Anyway, here are the 2 logs:

      Checkup

      Quote
      Results of screen317's Security Check version 0.99.42 
       Windows XP Service Pack 3 x86   
       Internet Explorer 6 Out of date!
      ``````````````Antivirus/Firewall Check:``````````````[/u]
       Windows Firewall Enabled! 
      AVG Anti-Virus Free Edition 2012   
       Antivirus up to date! (On Access scanning disabled!)
      `````````Anti-malware/Other Utilities Check:`````````[/u]
       Spybot - Search & Destroy
       SUPERAntiSpyware     
       Malwarebytes Anti-Malware version 1.61.0.1400 
       CCleaner     
       Java(TM) 6 Update 33 
       Java version out of Date!
       Adobe Flash Player 10 Flash Player out of Date!
       Adobe Flash Player    11.0.1.152 
       Adobe Reader 9 Adobe Reader out of Date!
       Mozilla Firefox (13.0)
      ````````Process Check: objlist.exe by Laurent````````[/u] 
       Zone Labs ZoneAlarm zlclient.exe 
      `````````````````System Health check`````````````````[/u]
       Total Fragmentation on Drive C:: 39% Defragment your hard drive soon!
      ````````````````````End of Log``````````````````````[/u]

      ComboFix

      Quote
      ComboFix 12-06-16.02 - Adam 18/06/2012  23:07:30.1.1 - x86
      Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1023.642 [GMT 1:00]
      Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe
      AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
      .
      .
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\documents and settings\Adam\Application Data\PriceGong
      c:\documents and settings\Adam\Application Data\PriceGong\Data\1.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\a.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\b.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\c.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\d.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\e.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\f.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\g.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\h.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\i.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\j.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\k.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\l.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\m.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\mru.xml
      c:\documents and settings\Adam\Application Data\PriceGong\Data\n.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\o.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\p.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\q.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\r.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\s.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\t.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\u.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\v.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\w.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\wlu.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\x.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\y.txt
      c:\documents and settings\Adam\Application Data\PriceGong\Data\z.txt
      c:\documents and settings\Adam\Application Data\Propellerhead Software\ReCycle
      c:\documents and settings\Adam\Application Data\Propellerhead Software\ReCycle\ReCycle Preferences File.prf
      c:\documents and settings\Adam\WINDOWS
      c:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle
      c:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle\ReCycle210.dat
      c:\windows\help\wmplayer.bak
      c:\windows\iun6002.exe
      c:\windows\system32\dllcache\dlimport.exe
      .
      Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
      Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
      .
      .
      (((((((((((((((((((((((((   Files Created from 2012-05-18 to 2012-06-18  )))))))))))))))))))))))))))))))
      .
      .
      2012-06-15 08:43 . 2012-06-15 08:43   --------   d-----w-   c:\documents and settings\Adam\Local Settings\Application Data\APN
      2012-06-15 08:42 . 2002-01-01 23:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
      2012-06-15 07:42 . 2008-04-14 04:41   33792   -c----w-   c:\windows\system32\dllcache\custsat.dll
      2012-06-15 07:40 . 2008-04-13 21:06   144384   ------w-   c:\windows\system32\drivers\hdaudbus.sys
      2012-06-15 07:40 . 2008-04-13 23:10   10240   ------w-   c:\windows\system32\drivers\sffp_mmc.sys
      2012-06-15 07:39 . 2006-12-28 23:31   19569   ----a-w-   c:\windows\003160_.tmp
      2012-06-13 20:22 . 2012-06-13 20:22   --------   d-----w-   c:\documents and settings\All Users\AVG Secure Search
      2012-06-13 19:30 . 2012-06-13 19:30   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
      2012-06-13 19:16 . 2002-01-01 02:01   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
      2012-06-13 18:01 . 2012-06-13 18:01   --------   d-----w-   c:\program files\Spybot - Search & Destroy
      2012-06-13 18:01 . 2002-01-02 03:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2012-06-07 07:42 . 2012-06-07 07:42   770384   ----a-w-   c:\program files\Mozilla Firefox\msvcr100.dll
      2012-06-07 07:42 . 2012-06-07 07:42   421200   ----a-w-   c:\program files\Mozilla Firefox\msvcp100.dll
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-04-23 08:30 . 2012-04-23 08:30   722   ----a-w-   c:\windows\Fonts\BraNBIEa.PFM
      2012-04-19 04:50 . 2012-04-19 04:50   24896   ----a-w-   c:\windows\system32\drivers\avgidshx.sys
      2012-04-04 15:56 . 2002-01-02 03:38   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2012-06-07 07:42 . 2002-01-01 00:06   85472   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
      .
      .
      ------- Sigcheck -------
      Note: Unsigned files aren't necessarily malware.
      .
      [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
      [-] 2008-04-13 23:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
      [7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
      .
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe" [2007-01-25 165304]
      "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 131072]
      "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
      "MBM 5"="c:\program files\Motherboard Monitor 5\MBM5.EXE" [2004-02-19 594432]
      "Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-06-16 697624]
      "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-05-29 520192]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-20 77824]
      "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
      "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760]
      "RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
      "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
      "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560]
      "nwiz"="nwiz.exe" [2006-06-01 1519616]
      "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-06-01 86016]
      "MAFWTaskbarApp"="c:\windows\System32\MAFWTray.exe" [2005-02-04 155648]
      "ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2009-06-17 40960]
      "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
      "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
      "AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-11-30 393640]
      "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
      "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
      .
      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2000-11-30 110592]
      HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
      InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-7-6 86016]
      Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
      .
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "Midi1"=KORGUMDD.DRV
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=
      .
      R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [6/24/2007 7:59 PM 160640]
      R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [6/24/2007 7:59 PM 5248]
      R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 5:50 AM 24896]
      R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 5:46 AM 31952]
      R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [6/19/2004 3:40 PM 10240]
      R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [1/15/2005 9:47 PM 11264]
      R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 6:17 AM 301248]
      R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 5:27 PM 12880]
      R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 10:55 PM 67664]
      R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 12:38 AM 116608]
      R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [1/15/2006 8:43 PM 33792]
      S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 6:25 AM 235216]
      S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 2:32 PM 139856]
      S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 2:32 PM 24144]
      S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 2:32 PM 17232]
      S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [5/2/2007 3:31 AM 54520]
      S3 KORGUMDS;KORG USB MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [4/14/2005 11:47 PM 12544]
      S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 8:13 PM 113120]
      S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
      S3 Powercore;PowerCore;c:\windows\system32\drivers\PCore.sys [1/27/2007 10:24 AM 76800]
      S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys);c:\windows\system32\drivers\ScratchAmp.sys [4/12/2005 10:58 AM 22912]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-06-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-ADAMPC01-Adam.job
      - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-29 03:44]
      .
      2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-839522115-1003Core.job
      - c:\documents and settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-16 19:45]
      .
      2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-839522115-1003UA.job
      - c:\documents and settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-16 19:45]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.co.uk/
      uSearch Page = hxxp://www.google.com
      uSearch Bar = hxxp://www.google.com/ie
      uInternet Settings,ProxyOverride = localhost
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
      IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
      IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
      TCP: DhcpNameServer = 192.168.0.1
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      FF - ProfilePath - c:\documents and settings\Adam\Application Data\Mozilla\Firefox\Profiles\nie14n2c.default\
      FF - prefs.js: browser.search.selectedEngine - Ask.com
      FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
      FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B410d974b-a2d1-4d4e-9fdd-e1d55a2fffc7%7D&mid=79dcd48eeb9447d0b2a5d1486fc32f2f-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2002-01-01%2004%3A31%3A32&sap=ku&q=
      .
      - - - - ORPHANS REMOVED - - - -
      .
      BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
      WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      HKLM-Run-POINTER - point32.exe
      HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM1312_MFP_Series -f PQOptimizerVideo.xml
      Notify-AtiExtEvent - (no file)
      AddRemove-3DDelays_1.1_Build_230 - c:\windows\iun6002.exe
      AddRemove-PSP_Nitro - c:\windows\iun6002.exe
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2012-06-18 23:19
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ... 
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ... 
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
      "value"="?\0a\02\0b\08\1c\1c?"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'winlogon.exe'(768)
      c:\program files\SUPERAntiSpyware\SASWINLO.DLL
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Executive Software\Diskeeper\DkService.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      c:\windows\System32\nvsvc32.exe
      c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
      c:\windows\System32\wdfmgr.exe
      c:\windows\system32\ZoneLabs\vsmon.exe
      c:\windows\System32\MsPMSPSv.exe
      c:\windows\system32\wscntfy.exe
      .
      **************************************************************************
      .
      Completion time: 2012-06-18  23:59:13 - machine was rebooted
      ComboFix-quarantined-files.txt  2012-06-18 22:58
      .
      Pre-Run: 12,192,997,376 bytes free
      Post-Run: 12,147,789,824 bytes free
      .
      - - End Of File - - B7511252AD87F8B404C7FADEEB7EF355

      Thanks again!

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Have I got a virus? (Can't install any antivirus)
      « Reply #3 on: June 19, 2012, 04:27:07 PM »
      Quote
      Do you want me to scan again with this & post the log even though it removed a whole load of stuff in the unsaved scan?
      You can run it again for your own satisfaction but I don't need to see the log.
      Why haven't you upgraded to IE? You really should because malware just loves out-of-date programs.


      Update Your Java (JRE)

      Old versions of Java have vulnerabilities that malware can use to infect your system.


      First Verify your Java Version

      If there are any other version(s) installed then update now.

      Get the new version (if needed)

      If your version is out of date install the newest version of the Sun Java Runtime Environment.

      Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

      Be sure to close ALL open web browsers before starting the installation.

      Remove any old versions

      1. Download JavaRa and unzip the file to your Desktop.
      2. Open JavaRA.exe and choose Remove Older Versions
      3. Once complete exit JavaRA.

      Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
      ***********************************************
      Update your Adobe Reader. get.adobe.com/reader.

      Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
      ********************************************************
      Quote
      Total Fragmentation on Drive C:: 39% Defragment your hard drive soon!
      You really should defrag your hard drive.
      Go to Start, All Programs, Accessories, System Tools and select Disk Defragmenter.

      **************************************************
      Are you sure that you have Avira on your computer? I only see AVG.

      SysProt Antirootkit

      Download
      SysProt Antirootkit from the link below (you will find it at the bottom
      of the page under attachments, or you can get it from one of the
      mirrors).

      http://sites.google.com/site/sysprotantirootkit/

      Unzip it into a folder on your desktop.
      • Double click Sysprot.exe to start the program.
      • Click on the Log tab.
      • In the Write to log box select the following items.
        • Process << Selected
        • Kernel Modules << Selected
        • SSDT << Selected
        • Kernel Hooks << Selected
        • IRP Hooks << NOT Selected
        • Ports << NOT Selected
        • Hidden Files << Selected
      • At the bottom of the page
        • Hidden Objects Only << Selected
      • Click on the Create Log button on the bottom right.
      • After a few seconds a new window should appear.
      • Select Scan Root Drive. Click on the Start button.
      • When it is complete a new window will appear to indicate that the scan is finished.
      • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
      Windows 8 and Windows 10 dual boot with two SSD's

      adamslack

        Topic Starter


        Greenhorn

        • Experience: Beginner
        • OS: Unknown
        Re: Have I got a virus? (Can't install any antivirus)
        « Reply #4 on: June 20, 2012, 01:50:28 PM »
        Hi SuperDave

        I will do these in a moment but wanted you to answer me a couple of questions first:

        I do not have Avira installed, it was one of the many antivirus programs i tried to install but installation didn't work, which is the main 'visible' problem with the computer currently. The reason I mentioned Avira was because it installed a toolbar which was where Ask.com came from.

        You say that you see AVG, but here's the thing - i tried to install AVG just like Avira and had to uninstall it in safe mode to get back to normal. As far as I can see it is uninstalled. It is not in the 'add/remove programs' list, it is not in the 'all programs' start menu list and I even deleted the surplus folder it left in 'program files', so I don't really understand how it is still showing up as installed? Is there any other way to fully remove a program beyond the obvious because it shouldn't be there - i have no antivirus program on my computer.

        Regarding Java, i did install to the latest version as the sticky instructs, i don't know why this wouldn't have happened, but will install again.

        I will install/update Java, update IE, update adobe reader, defrag, and run sysprot as instructed - i will post the results when done, but if you could answer the above in the meantime i'd be very grateful!

        Adam

        adamslack

          Topic Starter


          Greenhorn

          • Experience: Beginner
          • OS: Unknown
          Re: Have I got a virus? (Can't install any antivirus)
          « Reply #5 on: June 20, 2012, 04:09:48 PM »
          Below is the SysProt log.

          After defragmentation I also created about 35gb extra space on my C drive as it was a bit too full. Java, Adobe reader & IE updated fine (although Adobe didn't give an option to deselect McAfee, so i just removed the McAfee again after installation).

          What is the next step then? Or am I barking up the wrong tree in the first place and don't have a virus at all?? Also, any help with the previously mentioned AVG issue is greatly appreciated!

          Thanks again, Adam

          SysProt log:

          Quote
          SysProt AntiRootkit v1.0.1.0
          by swatkat

          ******************************************************************************************
          ******************************************************************************************

          No Hidden Processes found

          ******************************************************************************************
          ******************************************************************************************
          Kernel Modules:
          Module Name:         
          Service Name: ---
          Module Base: F770A000
          Module End: F7722000
          Hidden: Yes

          Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
          Service Name: ---
          Module Base: F50A4000
          Module End: F50A8000
          Hidden: Yes

          Module Name: \SystemRoot\System32\Drivers\dump_si3114r.sys
          Service Name: ---
          Module Base: EB43C000
          Module End: EB453000
          Hidden: Yes

          ******************************************************************************************
          ******************************************************************************************
          SSDT:
          Function Name: ZwClose
          Address: F77B4028
          Driver Base: F77A6000
          Driver End: F77CE000
          Driver Name: a347bus.sys

          Function Name: ZwConnectPort
          Address: EB626B9D
          Driver Base: EB618000
          Driver End: EB658000
          Driver Name: \SystemRoot\System32\vsdatant.sys

          Function Name: ZwCreateKey
          Address: F77B3FE0
          Driver Base: F77A6000
          Driver End: F77CE000
          Driver Name: a347bus.sys

          Function Name: ZwCreatePagingFile
          Address: F77A7B00
          Driver Base: F77A6000
          Driver End: F77CE000
          Driver Name: a347bus.sys

          Function Name: ZwDeleteKey
          Address: EB639B10
          Driver Base: EB618000
          Driver End: EB658000
          Driver Name: \SystemRoot\System32\vsdatant.sys

          Function Name: ZwDeleteValueKey
          Address: EB639A70
          Driver Base: EB618000
          Driver End: EB658000
          Driver Name: \SystemRoot\System32\vsdatant.sys

          Function Name: ZwEnumerateKey
          Address: F77A85DC
          Driver Base: F77A6000
          Driver End: F77CE000
          Driver Name: a347bus.sys

          Function Name: ZwEnumerateValueKey
          Address: F77B4120
          Driver Base: F77A6000
          Driver End: F77CE000
          Driver Name: a347bus.sys

          Function Name: ZwLoadKey
          Address: EB639B90
          Driver Base: EB618000
          Driver End: EB658000
          Driver Name: \SystemRoot\System32\vsdatant.sys

          Function Name: ZwOpenFile
          Address: F77A7B40
          Driver Base: F77A6000
          Driver End: F77CE000
          Driver Name: a347bus.sys

          Function Name: ZwOpenKey
          Address: F77B3FA4
          Driver Base: F77A6000
          Driver End: F77CE000
          Driver Name: a347bus.sys

          Function Name: ZwOpenProcess
          Address: EB6394C0
          Driver Base: EB618000
          Driver End: EB658000
          Driver Name: \SystemRoot\System32\vsdatant.sys

          Function Name: ZwQueryKey
          Address: F77A85FC
          Driver Base: F77A6000
          Driver End: F77CE000
          Driver Name: a347bus.sys

          Function Name: ZwQueryValueKey
          Address: F77B4076
          Driver Base: F77A6000
          Driver End: F77CE000
          Driver Name: a347bus.sys

          Function Name: ZwReplaceKey
          Address: EB639C40
          Driver Base: EB618000
          Driver End: EB658000
          Driver Name: \SystemRoot\System32\vsdatant.sys

          Function Name: ZwRestoreKey
          Address: EB639CC0
          Driver Base: EB618000
          Driver End: EB658000
          Driver Name: \SystemRoot\System32\vsdatant.sys

          Function Name: ZwSetSystemPowerState
          Address: F77B3550
          Driver Base: F77A6000
          Driver End: F77CE000
          Driver Name: a347bus.sys

          Function Name: ZwSetValueKey
          Address: EB6399C0
          Driver Base: EB618000
          Driver End: EB658000
          Driver Name: \SystemRoot\System32\vsdatant.sys

          ******************************************************************************************
          ******************************************************************************************
          No Kernel Hooks found

          ******************************************************************************************
          ******************************************************************************************
          Hidden files/folders:
          Object: C:\Qoobox\BackEnv\AppData.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Cache.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Cookies.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Desktop.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Favorites.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\History.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Music.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\NetHood.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Personal.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Pictures.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Programs.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Recent.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\SendTo.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\SetPath.bat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\StartUp.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\SysPath.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\Templates.folder.dat
          Status: Access denied

          Object: C:\Qoobox\BackEnv\VikPev00
          Status: Access denied


          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Have I got a virus? (Can't install any antivirus)
          « Reply #6 on: June 21, 2012, 12:53:27 PM »
          Please install MSE from one of the links below. Be sure to pick the correct one for your computer

          Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
          Microsoft Security Essentials for Windows XP

          I'd like to scan your machine with ESET OnlineScan

          •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
          ESET OnlineScan
          •Click the button.
          •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
          • Click on to download the ESET Smart Installer. Save it to your desktop.
          • Double click on the icon on your desktop.
          •Check
          •Click the button.
          •Accept any security warnings from your browser.
          •Check
          •Push the Start button.
          •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
          •When the scan completes, push
          •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
          •Push the button.
          •Push
          A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
          Windows 8 and Windows 10 dual boot with two SSD's

          adamslack

            Topic Starter


            Greenhorn

            • Experience: Beginner
            • OS: Unknown
            Re: Have I got a virus? (Can't install any antivirus)
            « Reply #7 on: June 23, 2012, 01:47:14 AM »
            Hi

            I tried to install MSE but it told me it could not verify my copy of windows which is a bit wierd.

            ESET Scan completed:

            ESET Scan:

            Quote
            C:\System Volume Information\_restore{74AA36B0-1A0C-4F27-A020-A9580E8A622D}\RP615\A0229386.exe   a variant of Win32/Adware.iBryte.B application   cleaned by deleting - quarantined

            ESET Log:

            Quote
            ESETSmartInstaller@High as CAB hook log:
            OnlineScanner.ocx - registred OK
            # version=7
            # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
            # OnlineScanner.ocx=1.0.0.6583
            # api_version=3.0.2
            # EOSSerial=70ed7569835cc74ca05771b2284e191e
            # end=finished
            # remove_checked=true
            # archives_checked=true
            # unwanted_checked=true
            # unsafe_checked=false
            # antistealth_checked=true
            # utc_time=2012-06-22 11:43:54
            # local_time=2012-06-23 12:43:54 (+0000, GMT Daylight Time)
            # country="United Kingdom"
            # lang=1033
            # osver=5.1.2600 NT Service Pack 3
            # compatibility_mode=1280 16777215 100 0 251275390 251275390 0 0
            # compatibility_mode=8192 67108863 100 0 1237 1237 0 0
            # compatibility_mode=9217 16777214 75 59 252907636 364779707 0 0
            # scanned=179350
            # found=1
            # cleaned=1
            # scan_time=14843
            C:\System Volume Information\_restore{74AA36B0-1A0C-4F27-A020-A9580E8A622D}\RP615\A0229386.exe   a variant of Win32/Adware.iBryte.B application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

            What's next?

            Thanks, Adam

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Have I got a virus? (Can't install any antivirus)
            « Reply #8 on: June 23, 2012, 01:27:52 PM »
            It's possible that your OS was not validated. You can do this:

            I highly recommend to validate Windows. You can do this one of three ways.
            • Use the Start Menu and navigate to the Activate Windows link. Through this, it will allow you to enter your product key, and to properly register Windows, so it will be licensed/genuine.
            • Contact Microsoft for a replacement product key. You can do this by having your proof of purchase ready, and be prepared to fax the information. You can find out more information about contacting them by at this link
            • Buy a new, retail version of Windows. You can either find them in home electronics in department stores, or online at Buy on-line.
            Keep in mind, Microsoft requires your copy of Windows to be genuine. Lastly, we are not responsible for any issues that arise, because of your non-genuine copy of Windows.
            ***************************************************
            If you still can't install MSE, you can try another one of these AV's

            Looking over your log it seems you don't have any antivirus software.

            Before we continue download and install a free antivirus.

            Remember to only install one antivirus!
             
            1) Avast! Home Edition
            2) AVG Free Edition
            3) Avira AntiVir Personal
            4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
            4-a) Microsoft Security Essentials for Windows XP
            5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
            6) PC Tools AntiVirus Free Edition
            7) ThreatFire

            It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
            **********************************************
            Please let me know when that's done and we'll do some cleanup.
            Windows 8 and Windows 10 dual boot with two SSD's