Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: adamslack on June 16, 2012, 11:39:38 AM
-
Hi there, and a massive thank you in advance for any help I am given, whoever you may be you are a legend!
I think my computer has a virus, it started with the internet freezing up & giving me the dreaded egg timer of doom, and unable to click anything / bring up task manager. The only thing to do was turn off at the button and restart. This made me think I might have a virus. This computer used to be solely for making music and was not connected to the net, but my past PC was rubbish so as I'd upgraded my music PC i thought I'd use this for internet browsing. Foolishly I didn't think to update antivirus / antispyware etc, so didn't have a current antivirus installed, so i tried to install AVG, but it stalled near the end of installation and I had to turn off at the button. After this it would not reboot in normal mode so I started safe mode and removed it. I could then get back to normal mode but attempting to install other free antivirus programs i get the same problem - it freezes during installation, have to boot to safe mode, remove & only then get to normal again. This made me think maybe i've got a virus that blocks antivirus? I tried an online scanner but the same problem prevailed after.
I have followed the steps in your sticky but the SUPERAntiSpyware did not make a log! It seems a bit different to the steps you explained to get the log - there is no tab that you specified in Preferences, but there is a View Scan Logs button which I can see but there's nothing in there! (even though it took 3 hours to complete the scan and removed about 466 threats!) so unfortunately I can't post this log. If there is any other way to reach this log then please advise but i presume rescanning wouldn't show the original threats etc. I've had a look in the Program Files folder but no logs saved in there.
Anyway, here are the MBAM & DDS logs below, and thank you once again for any help!!!
Adam
MBAM:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.16.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Adam :: ADAMPC01 [administrator]
02/01/2002 03:40:43
mbam-log-2002-01-02 (03-40-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188165
Time elapsed: 4 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_33
Run by Adam at 4:22:05 on 2002-01-02
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.480 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\MAFWTray.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.908.8472\GoogleToolbarNotifier.exe
uRun: [Google Update] "c:\documents and settings\adam\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvMixerTray] c:\program files\nvidia corporation\nvmixer\NvMixerTray.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [MBM 5] "c:\program files\motherboard monitor 5\MBM5.EXE"
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [POINTER] point32.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MAFWTaskbarApp] c:\windows\system32\MAFWTray.exe
mRun: [HPPQVideo] "c:\program files\hp\scheduledlaunch\hp color laserjet cm1312 mfp series\bin\hppschlnch.exe" -r software\hewlett-packard\scheduledlaunch\CLJ_CM1312_MFP_Series -f PQOptimizerVideo.xml -o remindLater
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38174.1975
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F2FD492D-366B-4857-95F7-2BB84E1F93F8} : DhcpNameServer = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\adam\application data\mozilla\firefox\profiles\nie14n2c.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_GB&apn_uid=d26db9b6-c0dd-42c7-a54d-17822a26fcce&apn_ptnrs=^ABZ&apn_sauid=82DFD54E-D6E7-4E2D-9538-E3578EE848C4&apn_dtid=^YYYYYY^YY^GB&&q=
FF - plugin: c:\documents and settings\adam\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2007-6-24 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2007-6-24 5248]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2004-6-19 10240]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2005-1-15 11264]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-7-6 266328]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2006-1-15 33792]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2007-5-2 54520]
S3 KORGUMDS;KORG USB MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [2005-4-14 12544]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120]
S3 Powercore;PowerCore;c:\windows\system32\drivers\PCore.sys [2007-1-27 76800]
S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys);c:\windows\system32\drivers\ScratchAmp.sys [2005-4-12 22912]
.
=============== Created Last 30 ================
.
2012-06-15 08:43:23 -------- d-----w- c:\program files\Ask.com
2012-06-15 08:43:21 -------- d-----w- c:\documents and settings\adam\local settings\application data\AskToolbar
2012-06-15 08:43:07 -------- d-----w- c:\documents and settings\adam\local settings\application data\APN
2012-06-15 08:42:37 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-06-15 07:42:15 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2012-06-15 07:40:41 -------- d-----w- c:\windows\network diagnostic
2012-06-15 07:40:39 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2012-06-15 07:40:38 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-06-15 07:39:21 19569 ----a-w- c:\windows\003160_.tmp
2012-06-14 08:03:50 -------- d-----w- c:\program files\AVG
2012-06-13 20:22:00 -------- d-----w- c:\documents and settings\all users\AVG Secure Search
2012-06-13 19:30:02 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-06-13 19:16:30 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-06-13 18:01:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 18:01:46 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-06-07 07:42:08 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-07 07:42:08 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-04-27 19:13:34 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-27 19:13:32 157600 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-27 19:13:32 113120 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-19 18:00:57 277776 ----a-w- c:\windows\system\Msvcrt.dll
2012-04-19 18:00:57 25088 ----a-w- c:\windows\ReWire.dll
2012-04-19 18:00:56 -------- d-----w- c:\program files\Propellerhead
2012-04-19 04:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-31 00:03:54 -------- d-----w- c:\documents and settings\adam\application data\PriceGong
2012-03-19 17:20:11 624608 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-19 17:20:11 43488 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-19 05:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 05:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-02 23:09:42 -------- d-----w- c:\documents and settings\adam\application data\DVDVideoSoft
2012-02-02 23:09:38 -------- d-----w- c:\program files\common files\DVDVideoSoft
2012-01-31 04:46:50 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-29 22:14:08 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2012-01-29 21:33:58 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2012-01-28 08:46:03 -------- d-----w- c:\program files\Adobe CS5
2012-01-27 09:06:06 33792 ------w- c:\program files\messenger\custsat.dll
2012-01-27 09:06:01 9728 ------w- c:\windows\system32\rwnh.dll
2012-01-27 09:06:01 9728 ------w- c:\windows\system32\comsdupd.exe
2012-01-27 09:06:01 53248 ------w- c:\windows\system32\vbicodec.ax
2012-01-27 09:06:01 239616 ------w- c:\windows\system32\wstrenderer.ax
2012-01-27 09:06:01 164352 ------w- c:\windows\system32\wstpager.ax
2012-01-27 09:06:01 10752 ------w- c:\windows\system32\smtpapi.dll
2012-01-27 09:00:30 19528 ----a-w- c:\windows\002792_.tmp
2012-01-27 09:00:12 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2012-01-03 07:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-12-29 07:57:37 -------- d-----w- c:\program files\Amazon
2011-12-27 10:06:51 -------- d-----w- c:\documents and settings\adam\local settings\application data\cache
2011-12-27 10:04:55 -------- d-----w- c:\program files\VTech
2011-12-27 10:04:55 -------- d-----w- c:\documents and settings\all users\application data\VTech
2011-12-23 13:32:08 17232 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2011-12-23 13:32:06 24144 ----a-w- c:\windows\system32\drivers\avgidsfilterx.sys
2011-12-23 13:32:00 139856 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2011-12-11 21:45:17 -------- d-----w- c:\documents and settings\adam\local settings\application data\PMB Files
2011-12-11 21:45:13 -------- d-----w- c:\documents and settings\all users\application data\PMB Files
2011-12-11 21:44:41 -------- d-----w- c:\program files\Pando Networks
2011-12-11 12:46:24 -------- d-----w- c:\documents and settings\adam\local settings\application data\WMTools Downloaded Files
2011-10-23 10:16:47 -------- d-----w- c:\documents and settings\adam\local settings\application data\CutePDF Writer
2011-10-23 10:15:45 -------- d-----w- c:\program files\GPLGS
2011-10-23 10:14:46 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-10-23 10:14:34 -------- d-----w- c:\program files\Acro Software
2011-10-11 08:28:59 -------- d-----w- c:\documents and settings\adam\.swt
2011-10-11 08:28:48 -------- d-----w- c:\documents and settings\adam\application data\Azureus
2011-10-11 08:26:59 -------- d-----w- c:\program files\Conduit
2011-10-11 08:26:43 -------- d-----w- c:\program files\Vuze
2011-10-11 08:26:28 -------- d-----w- c:\documents and settings\adam\local settings\application data\Conduit
2011-10-11 08:26:27 -------- d-----w- c:\documents and settings\adam\local settings\application data\Temp
2011-09-30 19:24:03 -------- d-----w- c:\documents and settings\adam\local settings\application data\HP
2011-09-30 19:03:55 -------- d-----w- c:\program files\common files\HP
2011-09-30 19:03:50 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-09-30 19:02:57 241664 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5k4.DLL
2011-09-30 19:02:53 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2011-09-30 19:02:30 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-09-30 19:01:26 331776 ----a-w- c:\windows\system32\hppcpr11.dll
2011-09-30 19:01:25 26136 ----a-w- c:\windows\system32\drivers\hpfxgen.sys
2011-09-30 19:01:25 188416 ----a-w- c:\windows\system32\hppcew11.dll
2011-09-30 19:01:25 17432 ----a-w- c:\windows\system32\drivers\hpfxbulk.sys
2011-09-30 19:01:21 770048 ----a-w- c:\windows\system32\hpptsp04.dll
2011-09-30 19:01:21 729088 ----a-w- c:\windows\system32\hpxp1312.dll
2011-09-30 19:01:21 450560 ----a-w- c:\windows\system32\hppasc11.dll
2011-09-30 19:01:10 -------- d-----w- c:\program files\HP
2011-09-30 18:59:07 -------- d-----w- c:\program files\common files\SWF Studio
2011-09-30 18:56:09 -------- d-----w- C:\HP_CM1312_series_full_solution_v5.0_AM-EMEA
2011-02-18 23:40:50 773968 ----a-w- c:\windows\system32\msvcr100.dll
2009-08-06 19:24:18 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2009-08-06 19:24:12 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-08-06 19:24:06 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-08-06 19:24:00 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-07-12 11:11:20 670016 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll
2009-03-12 14:46:24 12288 ----a-r- c:\windows\Twunk_32.dll
2009-03-12 14:46:24 12288 ----a-r- c:\windows\Twunk_16.dll
2008-05-01 19:09:14 -------- d-----w- c:\program files\East West
2008-04-30 22:32:09 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2008-04-30 22:32:09 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2008-04-30 22:27:36 815104 ----a-w- c:\windows\system32\mafwcpl.exe
2008-04-30 22:27:36 61440 ----a-w- c:\windows\system32\MAFWCoIn.dll
2008-04-30 22:27:36 26624 ----a-w- c:\windows\system32\mafw.cpl
2008-04-30 22:27:36 17920 ----a-w- c:\windows\system32\defwasio.dll
2008-04-30 22:27:36 17408 ----a-w- c:\windows\system32\mafwpnl.dll
2008-04-30 22:27:36 161920 ----a-w- c:\windows\system32\drivers\deltafw.sys
2008-04-30 22:27:36 16128 ----a-w- c:\windows\system32\drivers\mafwboot.sys
2008-04-30 22:27:36 155648 ----a-w- c:\windows\system32\mafwTray.exe
2008-04-30 22:27:16 -------- d-----w- c:\program files\M-Audio Firewire Family
2008-04-30 22:26:34 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2008-04-30 22:26:34 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2008-04-30 22:26:34 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2008-04-30 22:26:34 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2008-04-30 22:26:34 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2008-04-30 22:26:34 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2008-04-30 22:26:34 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2008-04-30 22:24:25 -------- d-----w- c:\program files\CCleaner
2008-04-14 04:39:26 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
2007-09-04 20:01:37 -------- d-----w- C:\temp
2007-08-31 22:34:11 -------- d-----w- c:\program files\InterLok
2007-08-31 22:33:30 -------- d-----w- c:\program files\common files\Sonnox Oxford
2007-06-24 18:59:30 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2007-06-24 18:59:30 160640 ----a-w- c:\windows\system32\drivers\a347bus.sys
2007-06-24 18:59:28 -------- d-----w- c:\program files\Alcohol Soft
2007-05-02 02:31:54 54520 ----a-w- c:\windows\system32\drivers\iLokDrvr.sys
2007-05-02 02:31:20 78648 ----a-w- c:\windows\system32\drivers\TPkd.sys
2007-04-30 07:35:57 -------- d-----w- c:\documents and settings\adam\local settings\application data\Native Instruments
2007-04-30 07:35:37 -------- d-----w- c:\documents and settings\adam\application data\Audio Ease
2007-04-30 07:28:17 -------- d-----w- c:\documents and settings\all users\application data\Audio Ease
2007-04-30 07:28:13 -------- d-----w- c:\program files\Audio Ease
2007-04-30 07:25:38 -------- d-----w- c:\program files\common files\Native Instruments
2007-04-24 09:33:00 114688 ----a-w- c:\windows\system32\hplbdchn.dll
2007-02-23 03:24:12 -------- d-----w- c:\documents and settings\adam\local settings\application data\Help
2007-02-19 22:49:13 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2007-02-19 22:49:13 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2007-02-19 22:49:07 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2007-02-02 14:38:48 7680 ----a-w- c:\windows\system32\hpboidps.dll
2007-02-02 14:38:46 39424 ----a-w- c:\windows\system32\hpbpro.dll
2007-02-02 14:38:46 25600 ----a-w- c:\windows\system32\hpboid.dll
2007-02-02 14:38:44 7680 ----a-w- c:\windows\system32\hpbprops.dll
2007-02-02 14:38:42 24576 ----a-w- c:\windows\system32\hpbmiapi.dll
2007-01-29 20:52:28 -------- d-----w- c:\documents and settings\adam\application data\TC Electronic
2007-01-27 09:24:27 9216 ----a-r- c:\windows\system32\pcore_co.dll
2007-01-27 09:24:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
2007-01-27 09:24:26 348160 ----a-w- c:\windows\system32\msvcr71.dll
2007-01-27 09:24:25 1782077 ----a-r- c:\windows\system32\PCoreMsg.exe
2007-01-27 09:24:21 122880 ----a-r- c:\windows\system32\PCore.cpl
2007-01-27 09:24:20 880640 ----a-r- c:\windows\system32\PCore.exe
2007-01-27 09:24:19 76800 ----a-r- c:\windows\system32\drivers\PCore.sys
2007-01-27 09:24:19 248364 ----a-r- c:\windows\system32\PCore.bin
2007-01-27 09:24:19 163840 ----a-r- c:\windows\system32\PCore.dll
2007-01-26 20:23:59 -------- d-----w- c:\program files\common files\PACE Anti-Piracy
2007-01-26 20:23:59 -------- d-----w- c:\documents and settings\all users\application data\PACE Anti-Piracy
2007-01-26 20:23:59 -------- d-----w- c:\documents and settings\adam\local settings\application data\PACE Anti-Piracy
2007-01-26 20:23:59 -------- d-----w- c:\documents and settings\adam\application data\PACE Anti-Piracy
2007-01-26 20:23:54 -------- d-----w- c:\documents and settings\adam\application data\Waves Audio
2007-01-26 20:19:16 785 ------w- c:\windows\Tpkdboot.reg
2007-01-26 20:19:16 634880 ------w- c:\windows\system32\ilinet.dll
2007-01-26 20:19:16 1060864 ------w- c:\windows\system32\MFC71.dll
2007-01-26 20:19:15 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2007-01-26 20:19:15 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2007-01-26 20:19:15 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2007-01-26 20:19:15 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2007-01-26 20:19:15 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2007-01-26 20:19:14 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2007-01-26 20:19:14 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2007-01-25 17:25:02 208896 ----a-w- c:\windows\system32\nvudisp.exe
2007-01-25 17:25:02 -------- d-----w- c:\windows\nview
2006-11-08 15:35:40 33280 ----a-w- c:\windows\system32\HPZipr12.dll
2006-11-08 15:35:40 29696 ----a-w- c:\windows\system32\hpzipt12.dll
2006-11-08 15:35:40 20480 ----a-w- c:\windows\system32\hpzisn12.dll
2006-11-08 15:35:38 53248 ----a-w- c:\windows\system32\HPZipm12.dll
2006-11-08 15:35:38 49152 ----a-w- c:\windows\system32\HPZidr12.dll
2006-11-08 15:35:36 43520 ----a-w- c:\windows\system32\HPZinw12.dll
2006-05-02 09:28:34 -------- d-----w- c:\program files\SpinAudio
2006-01-15 19:43:48 33792 ----a-w- c:\windows\system32\drivers\cledx.sys
2006-01-15 19:43:42 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2006-01-15 19:43:41 45056 ----a-w- c:\windows\system32\Synsopos.exe
2006-01-15 19:43:40 700416 ----a-w- c:\windows\system32\SYNSOACC.dll
2006-01-15 19:43:40 17784 ----a-w- c:\windows\system32\drivers\NSynas32.sys
2006-01-15 19:43:40 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2006-01-15 19:43:40 -------- d-----w- c:\program files\Syncrosoft
2006-01-15 18:37:26 -------- d-----w- c:\program files\Spin Audio
2005-12-21 16:35:25 -------- d-----w- c:\program files\Sony
2005-12-21 16:35:15 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2005-12-21 16:35:14 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2005-12-21 16:35:14 566272 ----a-w- c:\windows\system32\wmvdmoe.dll
2005-12-21 16:35:14 115200 ----a-w- c:\windows\system32\wmsdmoe.dll
2005-12-21 16:35:13 285184 ----a-w- c:\windows\system32\wmidx2.ocx
2005-12-21 16:33:55 -------- d-----w- c:\program files\Sony Setup
2005-09-23 06:28:56 32768 ----a-w- c:\windows\system32\netfxperf.dll
2005-09-23 06:28:52 74240 ----a-w- c:\windows\system32\mscories.dll
2005-09-23 06:28:52 270848 ----a-w- c:\windows\system32\mscoree.dll
2005-09-23 06:28:52 150016 ----a-w- c:\windows\system32\mscorier.dll
2005-09-23 06:28:52 150016 ----a-w- c:\program files\internet explorer\mui\0409\mscorier.dll
2005-09-23 06:28:38 83456 ----a-w- c:\windows\system32\dfshim.dll
2005-04-25 12:45:46 40648 ----a-w- c:\program files\common files\microsoft shared\dw\DWDCW20.DLL
2005-04-25 12:45:42 36040 ----a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE
2005-04-25 12:44:40 631488 ----a-w- c:\program files\common files\microsoft shared\dw\DW20.EXE
2005-04-20 18:57:35 135168 ------w- c:\windows\system32\l3codecx.acm
2005-04-20 18:56:02 -------- d-----w- c:\program files\Roxio
2005-04-20 18:53:07 53248 ------w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2005-04-20 18:53:07 126976 ------w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2005-04-20 18:53:06 114688 ------w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2005-04-16 16:49:08 -------- d-----w- c:\program files\RazorLame
2005-04-14 22:47:46 47616 ----a-r- c:\windows\system32\KORGUMDD.DRV
2005-04-14 22:47:46 12544 ----a-r- c:\windows\system32\drivers\KORGUMDS.SYS
2005-04-13 08:14:48 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2005-04-12 09:58:21 22912 ----a-w- c:\windows\system32\drivers\ScratchAmp.sys
2005-04-05 15:25:32 -------- d-----w- c:\documents and settings\adam\application data\FabFilter
2005-02-10 01:40:53 -------- d-----w- c:\program files\Sonic Foundry MP3 Plug-In
2005-01-16 02:10:29 1409 ----a-w- c:\windows\system32\tmpAB39D.FOT
2005-01-15 20:49:55 -------- d-----w- c:\program files\Windows Media Components
2005-01-15 20:49:48 -------- d--h--w- c:\windows\msdownld.tmp
2005-01-15 20:47:13 619008 ----a-r- c:\windows\system32\vobhw.dll
2005-01-15 20:47:13 19456 ----a-w- c:\windows\system32\asapi.dll
2005-01-15 20:47:13 11264 ----a-r- c:\windows\system32\drivers\asapi.sys
2005-01-15 20:47:13 -------- d-----w- c:\program files\VOB
2005-01-15 20:44:37 270336 ----a-w- c:\program files\internet explorer\plugins\NPDocBox.dll
2005-01-15 20:44:37 -------- d-----w- c:\windows\Profiles
2004-12-17 14:22:21 -------- d-----w- c:\program files\Edirol
2004-12-01 12:32:07 1777664 ----a-w- c:\windows\system32\GDIplus.dll
2004-11-30 11:35:57 -------- d-----w- c:\documents and settings\adam\local settings\application data\Adobe
2004-11-26 01:37:47 -------- d-----w- c:\program files\Antares
2004-11-20 20:33:07 86016 ----a-w- c:\windows\unvise32qt.exe
2004-11-20 20:33:05 98304 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2004-11-20 20:33:05 98304 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2004-11-20 20:33:05 98304 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2004-11-20 20:33:05 98304 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2004-11-20 20:33:05 98304 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2004-11-20 20:33:05 98304 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2004-11-20 20:33:05 98304 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2004-11-20 20:32:59 -------- d-----w- c:\windows\system32\QuickTime
2004-11-20 20:32:20 -------- d-----w- c:\windows\system32\BWKDLogs
2004-11-20 20:30:11 -------- d-----w- c:\documents and settings\all users\application data\Kodak
2004-11-20 20:29:34 -------- d-----w- c:\program files\Kodak
2004-11-16 18:08:53 -------- d-----w- c:\program files\Spectrasonics
2004-11-01 11:13:48 73 ----a-w- c:\windows\system32\ssprs.dll
2004-11-01 11:13:48 1025 ----a-w- c:\windows\system32\clauth2.dll
2004-11-01 11:13:48 1025 ----a-w- c:\windows\system32\clauth1.dll
2004-11-01 11:13:39 205 ----a-w- c:\windows\system32\lsprst7.dll
2004-11-01 11:13:39 1025 ----a-w- c:\windows\system32\sysprs7.dll
2004-11-01 11:09:05 163840 ----a-w- c:\windows\system32\ArtFfct.dll
2004-11-01 11:09:05 -------- d-----w- c:\program files\Arturia
2004-11-01 10:57:50 -------- d-----w- c:\program files\Sonitus-fx-R3
2004-10-23 18:37:02 -------- d-----w- c:\program files\Waves Transform
2004-10-23 18:33:50 -------- d-----w- c:\program files\Waves
2004-09-20 19:12:48 109256 ----a-w- c:\program files\common files\microsoft shared\dw\1025\DWINTL20.DLL
2004-09-04 15:57:02 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2004-09-04 15:57:02 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2004-09-04 15:56:47 -------- d-----w- c:\program files\Microsoft Hardware
2004-08-04 00:56:58 7680 ----a-w- c:\windows\system32\spdwnwxp.exe
2004-08-04 00:56:58 20992 ------w- c:\windows\system32\spupdwxp.exe
2004-08-04 00:56:58 11264 ------w- c:\windows\system32\spnpinst.exe
2004-07-19 15:56:28 -------- d-----w- c:\program files\Steinberg
2004-07-08 17:04:59 -------- d-----w- c:\program files\Digidesign
2004-07-08 16:51:12 -------- d-----w- c:\program files\common files\Digidesign
2004-07-08 16:41:08 -------- d-----w- c:\documents and settings\adam\application data\Applied Acoustics Systems
2004-07-08 16:40:50 1 ----a-w- c:\windows\system32\ceme20.dll
2004-07-08 16:18:43 -------- d-----w- c:\documents and settings\adam\application data\Sonic Foundry
2004-07-08 16:17:54 -------- d-----w- c:\program files\Sonic Foundry Setup
2004-07-08 16:05:05 69632 ----a-w- c:\windows\system32\NI_DFD_KOMPAKT.dll
2004-07-08 16:05:05 69632 ----a-w- c:\windows\system32\NI_DFD_1_2_9.dll
2004-07-08 16:05:05 69632 ----a-w- c:\windows\system32\NI_DFD_1_2_7.dll
2004-07-08 16:05:05 69632 ----a-w- c:\windows\system32\NI_DFD_1_2_4.dll
2004-07-08 16:05:05 69632 ----a-w- c:\windows\system32\NI_DFD.dll
2004-07-08 16:05:05 -------- d-----w- c:\program files\Native Instruments
2004-07-08 16:04:37 65536 ----a-w- c:\windows\system32\NI_DFD_1_2_8.dll
2004-07-08 15:59:28 -------- d-----w- c:\program files\Recycle
2004-07-08 15:59:02 168450 ----a-w- c:\windows\LOOP.exe
2004-07-08 15:47:16 -------- d-----w- c:\program files\PSP Nitro
2004-07-08 15:38:26 -------- d-----w- c:\program files\coolpro2
2004-07-08 13:55:21 -------- d-----w- c:\documents and settings\adam\WINDOWS
2004-07-08 10:10:44 -------- d-----w- c:\documents and settings\adam\application data\Steinberg
2004-07-06 14:32:52 -------- d-----w- c:\windows\system32\ZoneLabs
2004-07-06 14:32:52 -------- d-----w- c:\program files\Zone Labs
2004-07-06 14:32:26 -------- d-----w- c:\windows\Internet Logs
2004-07-06 14:29:47 -------- d-----w- c:\program files\InterVideo
2004-07-06 14:28:50 -------- d-----w- c:\program files\PowerQuest
2004-07-06 13:54:55 3480 ----a-w- c:\windows\system32\mbmiodrvr.sys
2004-07-06 13:54:53 -------- d-----w- c:\program files\Motherboard Monitor 5
2004-07-06 13:54:11 -------- d-----w- c:\documents and settings\adam\local settings\application data\Google
2004-07-06 13:52:47 -------- d-----w- c:\windows\Cache
2004-07-06 12:53:22 -------- d-----w- c:\program files\Kaspersky Lab
2004-07-06 12:53:22 -------- d-----w- c:\program files\common files\KAV Shared Files
2004-07-06 12:51:29 -------- d-----w- c:\program files\Executive Software
2004-07-06 12:36:51 -------- d-----w- c:\program files\Microsoft ActiveSync
2004-07-06 12:35:51 -------- d-----w- c:\windows\ShellNew
2004-07-06 12:35:50 -------- d-----w- c:\program files\common files\L&H
2004-07-06 12:32:44 240640 ----a-w- c:\windows\system32\mpg4dmod.dll
2004-07-06 12:32:43 2362104 -c--a-w- c:\windows\system32\dllcache\wmvcore.dll
2004-07-06 12:32:43 229376 -c--a-w- c:\windows\system32\dllcache\wmasf.dll
2004-07-06 12:32:42 226816 ----a-w- c:\program files\windows media player\npdrmv2.dll
2004-07-06 12:32:42 10240 ----a-w- c:\program files\windows media player\npwmsdrm.dll
2004-07-06 12:32:03 89184 ------w- c:\windows\system32\drivers\imagedrv.sys
2004-07-06 12:32:03 57344 ------w- c:\windows\system32\ImageDrive.cpl
2004-07-06 12:31:52 38912 ----a-w- c:\windows\system32\picn20.dll
2004-07-06 12:31:51 569344 ----a-w- c:\windows\system32\imagr5.dll
2004-07-06 12:31:51 544768 ----a-w- c:\windows\system32\imagx5.dll
2004-07-06 12:31:51 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2004-07-06 12:31:51 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2004-07-06 12:17:32 384512 ----a-w- c:\windows\system32\mp4sdmod.dll
2004-07-06 12:17:32 310272 ----a-w- c:\windows\system32\mp43dmod.dll
2004-07-06 12:16:04 -------- d-----w- c:\program files\Windows Journal Viewer
2004-07-06 12:15:29 -------- d-----w- c:\windows\PeerNet
2004-07-06 12:14:28 483840 ----a-w- c:\windows\system32\wzcsvc.dll
2004-07-06 12:14:26 52736 ----a-w- c:\windows\system32\wzcsapi.dll
2004-07-06 12:14:26 383488 ----a-w- c:\windows\system32\wzcdlg.dll
2004-07-06 12:14:26 1703936 ----a-w- c:\windows\system32\netshell.dll
2004-07-06 12:14:07 -------- d-----w- c:\program files\HighMAT CD Writing Wizard
2004-07-06 12:14:06 -------- d-----w- c:\windows\Downloaded Installations
2004-07-06 12:14:01 713216 ----a-w- c:\windows\system32\sxs.dll
2004-07-06 11:58:47 338432 ----a-w- c:\windows\system32\zipfldr.dll
2004-07-06 11:57:13 33792 ----a-w- c:\windows\system32\msgsvc.dll
2004-07-06 11:57:03 2897920 ------w- c:\windows\system32\xpsp2res.dll
2004-07-06 11:57:00 77824 ----a-w- c:\program files\netmeeting\nmcom.dll
2004-07-06 11:55:55 326432 ----a-w- c:\windows\system32\msexcl40.dll
2004-07-06 11:55:52 518944 ----a-w- c:\windows\system32\msexch40.dll
2004-07-06 11:55:49 380445 ----a-w- c:\windows\system32\expsrv.dll
2004-07-06 11:55:48 554008 ----a-w- c:\program files\common files\microsoft shared\dao\dao360.dll
2004-07-06 11:55:17 26112 ----a-w- c:\windows\system32\xpsp1hfm.exe
2004-06-19 14:40:13 10240 ----a-w- c:\windows\system32\drivers\SiWinAcc.sys
2004-06-19 14:40:07 97857 ----a-w- c:\windows\system32\drivers\si3114r.sys
2004-06-18 13:40:50 33280 ----a-w- c:\windows\muninst.exe
2004-05-15 22:42:06 201728 ----a-w- c:\windows\system32\ati2dvag.dll
2004-05-15 22:41:40 701440 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2004-05-15 22:01:32 1057760 -c--a-w- c:\windows\system32\dllcache\ati3d2ag.dll
2004-05-15 22:01:32 1057760 ----a-w- c:\windows\system32\ati3d2ag.dll
2004-05-15 21:49:14 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll
2004-05-15 21:49:14 870784 ----a-w- c:\windows\system32\ati3d1ag.dll
2004-04-14 13:56:46 229888 ----a-w- c:\windows\system32\dplayx.dll
2004-04-12 22:11:26 57344 ----a-w- c:\windows\system32\dpwsockx.dll
2004-03-04 09:50:40 974848 ----a-w- c:\windows\system32\mfc70.dll
2004-03-04 09:50:40 905290 ----a-w- c:\windows\system32\libmmd.dll
2004-03-04 09:50:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2004-03-04 09:50:40 344064 ----a-w- c:\windows\system32\msvcr70.dll
2004-03-03 14:02:00 737024 ----a-w- c:\windows\system32\drivers\nvmcp.sys
2004-03-03 14:02:00 7168 ----a-w- c:\windows\system32\nvack.dll
2004-03-03 14:02:00 66688 ----a-w- c:\windows\system32\drivers\nvarm.sys
2004-03-03 14:02:00 5120 ----a-w- c:\windows\system32\ALut.dll
2004-03-03 14:02:00 47104 ----a-w- c:\windows\system32\nvopenal.dll
2004-03-03 14:02:00 40832 ----a-w- c:\windows\system32\drivers\nvax.sys
2004-03-03 14:02:00 320640 ----a-w- c:\windows\system32\drivers\nvapu.sys
2004-03-03 14:02:00 31744 ----a-w- c:\windows\system32\NVCOAD.DLL
2004-03-03 14:02:00 30208 ----a-w- c:\windows\system32\nvasio.dll
2004-03-03 14:02:00 21504 ----a-w- c:\windows\system32\OpenAL32.dll
2004-03-02 12:18:36 1314816 ----a-w- c:\program files\outlook express\msoe.dll
2004-03-02 12:18:32 691712 ----a-w- c:\windows\system32\inetcomm.dll
2004-03-02 12:18:28 510976 ----a-w- c:\program files\common files\system\wab32.dll
2004-02-06 17:05:06 666112 ----a-w- c:\windows\system32\wininet.dll
2004-01-29 17:38:46 9796288 ----a-w- c:\program files\common files\microsoft shared\office10\MSO.DLL
2004-01-29 02:22:48 31744 ----a-w- c:\windows\system32\NVCOE.DLL
2004-01-29 01:45:50 93764 ----a-w- c:\windows\system32\drivers\NVENET.sys
2004-01-21 13:36:14 7334592 ----a-w- c:\program files\common files\microsoft shared\web components\10\OWC10.DLL
2004-01-21 13:36:14 506560 ----a-w- c:\program files\common files\microsoft shared\web components\10\1033\OWCI10.DLL
2003-12-17 12:33:06 1133256 ----a-w- c:\program files\common files\microsoft shared\office10\1033\MSOINTL.DLL
2003-12-17 12:32:50 854728 ----a-w- c:\program files\common files\system\mapi\1033\MSMAPI32.DLL
2003-12-17 12:32:44 744128 ----a-w- c:\program files\common files\system\mapi\1033\OUTEX.DLL
2003-12-17 12:32:30 535240 ----a-w- c:\program files\common files\system\mapi\1033\MSPST32.DLL
2003-12-17 12:32:26 539336 ----a-w- c:\program files\common files\system\mapi\1033\EMSMDB32.DLL
2003-12-17 12:32:24 199368 ----a-w- c:\program files\common files\system\mapi\1033\EMSABP32.DLL
2003-12-17 12:31:20 56008 ----a-w- c:\program files\common files\microsoft shared\snapshot viewer\SNAPVIEW.EXE
2003-12-05 09:58:36 314424 ----a-w- c:\windows\system32\drivers\KodakCCS.exe
2003-11-18 19:11:42 1378832 ----a-w- c:\program files\common files\microsoft shared\web server extensions\50\bin\FP5AWEL.DLL
2003-10-29 13:02:00 29696 ----a-w- c:\windows\system32\NVCOG.DLL
2003-10-29 13:02:00 21120 ----a-w- c:\windows\system32\drivers\nv_agp.SYS
2003-10-27 19:13:16 24576 ----a-w- c:\windows\system32\odbcbcp.dll
2003-10-27 19:13:06 106496 ----a-w- c:\windows\system32\odbccp32.dll
2003-10-27 19:12:44 528384 ----a-w- c:\program files\common files\system\ole db\sqloledb.dll
2003-10-27 19:12:44 442368 ----a-w- c:\windows\system32\sqlsrv32.dll
2003-10-27 19:12:42 110592 ----a-w- c:\windows\system32\dbnetlib.dll
2003-10-27 19:10:24 487424 ----a-w- c:\program files\common files\system\ole db\oledb32.dll
2003-10-27 19:09:50 151552 ----a-w- c:\windows\system32\msdart.dll
2003-10-27 19:09:44 249856 ----a-w- c:\windows\system32\odbc32.dll
2003-10-17 16:28:18 39488 ----a-w- c:\program files\common files\system\mapi\1033\DUMPSTER.DLL
2003-10-13 13:10:02 944696 ----a-w- c:\program files\common files\microsoft shared\web server extensions\50\bin\FP5AUTL.DLL
2003-10-13 13:08:26 608824 ----a-w- c:\program files\common files\microsoft shared\web server extensions\50\bin\FP5AWEC.DLL
2003-10-13 13:04:58 399928 ----a-w- c:\program files\common files\microsoft shared\web server extensions\50\bin\FPMMC.DLL
2003-10-13 13:04:26 338496 ----a-w- c:\program files\common files\system\mapi\1033\PSTPRX32.DLL
2003-10-13 13:04:24 289336 ----a-w- c:\program files\common files\microsoft shared\smart tag\FPERSON.DLL
2003-10-13 13:04:04 223800 ----a-w- c:\program files\common files\microsoft shared\smart tag\FPLACE.DLL
2003-10-13 13:04:04 207416 ----a-w- c:\program files\common files\microsoft shared\smart tag\FSTOCK.DLL
2003-10-13 13:04:02 252472 ----a-w- c:\program files\common files\microsoft shared\smart tag\MOFL.DLL
2003-10-13 13:03:58 166456 ----a-w- c:\program files\common files\microsoft shared\smart tag\FDATE.DLL
2003-10-13 13:03:56 154168 ----a-w- c:\program files\common files\microsoft shared\smart tag\FNAME.DLL
2003-10-13 13:03:52 141888 ----a-w- c:\program files\common files\microsoft shared\web server extensions\50\servsupp\FP5AMSFT.DLL
2003-10-13 13:03:38 129592 ----a-w- c:\program files\common files\system\mapi\1033\EMSUI32.DLL
2003-10-13 13:03:32 105016 ----a-w- c:\program files\common files\microsoft shared\web server extensions\50\bin\CFGWIZ.EXE
2003-10-13 13:03:06 47672 ----a-w- c:\program files\common files\microsoft shared\web server extensions\50\bots\vinavbar\FP5AVNB.DLL
2003-10-13 13:02:56 27192 ----a-w- c:\program files\common files\microsoft shared\web server extensions\50\isapi\SHTML.DLL
2003-10-13 13:02:56 27192 ----a-w- c:\program files\common files\microsoft shared\web server extensions\50\isapi\_vti_aut\AUTHOR.DLL
2003-10-13 13:02:54 27192 ----a-w- c:\program files\common files\microsoft shared\web server extensions\50\isapi\_vti_adm\ADMIN.DLL
2003-10-13 13:02:54 27192 ----a-w- c:\program files\common files\microsoft shared\web server extensions\50\bin\OWSADM.EXE
2003-10-07 19:20:48 399928 ----a-w- c:\program files\common files\microsoft shared\msclientdatamgr\MSCDM.DLL
2003-10-07 17:29:16 102400 ----a-w- c:\windows\system32\KodakCoI.dll
2003-10-03 15:14:30 57856 ----a-w- c:\windows\system32\QuickTimeCheck.ocx
2003-10-03 15:14:29 747008 ----a-w- c:\windows\system32\Indeo4.qtx
2003-10-03 15:14:29 2017280 ----a-w- c:\windows\system32\QuickTimeMusicalInstruments.qtx
2003-10-03 15:14:28 409600 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2003-10-03 15:14:28 314880 ----a-w- c:\windows\system32\QuickTime.cpl
2003-10-03 15:14:26 4719104 ----a-w- c:\windows\system32\QuickTime.qts
2003-09-25 11:07:00 1139472 ----a-w- c:\windows\system32\FM20.DLL
2003-09-17 10:01:28 844314 ----a-w- c:\windows\system32\msdxm.ocx
2003-09-15 10:32:14 512051 ----a-w- c:\program files\common files\microsoft shared\office10\RICHED20.DLL
2003-09-05 14:28:38 180224 ----a-w- c:\program files\common files\microsoft shared\office10\UCS20.DLL
2003-08-28 08:57:04 155136 ----a-w- c:\windows\system32\itircl.dll
2003-08-25 18:06:50 191488 ----a-w- c:\windows\system32\iuengine.dll
2003-08-18 13:26:32 25872 ----a-w- c:\windows\system32\FM20ENU.DLL
2003-08-11 14:27:36 236117 ----a-w- c:\windows\system32\AutoFAT.exe
2003-08-11 13:57:06 185344 ----a-w- c:\windows\system32\AutoNTFS.exe
2003-08-08 14:44:48 111192 ----a-w- c:\program files\common files\microsoft shared\dw\3082\DWINTL20.DLL
2003-08-08 13:35:44 112216 ----a-w- c:\program files\common files\microsoft shared\dw\1036\DWINTL20.DLL
2003-08-08 13:34:08 111704 ----a-w- c:\program files\common files\microsoft shared\dw\1040\DWINTL20.DLL
2003-07-24 15:40:22 512512 ----a-w- c:\windows\system32\cryptui.dll
2003-07-22 19:23:34 2502656 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL
2003-07-16 06:12:00 307279 ----a-w- c:\program files\common files\microsoft shared\proof\MSSP3FR.DLL
2003-07-15 01:18:52 376888 ----a-w- c:\program files\common files\microsoft shared\msorun\MSORUN.DLL
2003-07-14 21:54:00 109120 ----a-w- c:\program files\common files\microsoft shared\dw\1042\DWINTL20.DLL
2003-07-14 21:53:46 109120 ----a-w- c:\program files\common files\microsoft shared\dw\1028\DWINTL20.DLL
2003-07-14 21:53:28 112704 ----a-w- c:\program files\common files\microsoft shared\dw\1031\DWINTL20.DLL
2003-07-14 21:53:22 109120 ----a-w- c:\program files\common files\microsoft shared\dw\1041\DWINTL20.DLL
2003-07-14 21:53:12 109120 ----a-w- c:\program files\common files\microsoft shared\dw\2052\DWINTL20.DLL
2003-07-14 21:53:12 109120 ----a-w- c:\program files\common files\microsoft shared\dw\1033\DWINTL20.DLL
2003-07-14 20:51:50 116288 ----a-w- c:\program files\common files\microsoft shared\textconv\MSCONV97.DLL
2003-07-10 11:19:10 82432 ----a-w- c:\windows\system32\ws2_32.dll
2003-07-10 11:19:08 59904 ----a-w- c:\windows\system32\ipv6mon.dll
2003-07-10 11:19:06 32768 ----a-w- c:\windows\system32\inetmib1.dll
2003-07-10 11:19:06 14336 ----a-w- c:\windows\system32\wship6.dll
2003-07-10 11:19:02 100352 ----a-w- c:\windows\system32\6to4svc.dll
2003-07-07 11:41:08 33792 ----a-w- c:\windows\oeuninst.exe
2003-07-03 16:53:26 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2003-07-03 16:50:12 7168 ------w- c:\windows\system32\hccoin.dll
2003-07-02 13:02:46 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2003-06-30 15:38:22 554496 ------w- c:\windows\system32\p2psvc.dll
2003-06-30 15:38:22 115712 ------w- c:\windows\system32\p2pnetsh.dll
2003-06-30 15:38:20 153600 ------w- c:\windows\system32\p2p.dll
2003-06-30 15:38:16 58880 ------w- c:\windows\system32\pnrpnsp.dll
2003-06-30 15:38:16 105472 ------w- c:\windows\system32\p2pgasvc.dll
2003-06-30 15:38:14 313856 ------w- c:\windows\system32\p2pgraph.dll
2003-06-30 15:35:52 36608 ------w- c:\windows\system32\drivers\ip6fw.sys
2003-06-30 15:35:10 12288 ------w- c:\windows\system32\drivers\tunmp.sys
2003-06-30 15:33:20 86016 ----a-w- c:\windows\system32\netsh.exe
2003-06-30 15:30:58 53248 ----a-w- c:\windows\system32\ipv6.exe
2003-06-30 15:30:56 225664 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2003-06-30 12:49:14 438784 ----a-w- c:\windows\system32\xpob2res.dll
2003-06-19 14:58:56 133696 ----a-w- c:\program files\common files\system\mapi\1033\CONTAB32.DLL
2003-06-09 15:10:58 80384 ----a-w- c:\windows\system32\faultrep.dll
2003-06-09 13:06:08 180224 ----a-w- c:\windows\system32\dwwin.exe
2003-05-30 15:17:20 549888 ----a-w- c:\windows\system32\appwiz.cpl
2003-05-11 20:13:52 45056 ----a-w- c:\windows\system32\shmgrate.exe
2003-05-11 20:12:10 1033728 ----a-w- c:\windows\explorer.exe
2003-04-29 12:41:44 29184 ----a-w- c:\windows\system32\popup.ocx
2003-04-14 19:05:20 1695232 ----a-w- c:\program files\messenger\msmsgs.exe
2003-04-14 19:01:28 180224 ----a-w- c:\program files\messenger\msgslang.dll
2003-04-14 19:00:16 82944 ----a-w- c:\program files\messenger\msgsc.dll
2003-04-01 12:19:10 32768 ----a-w- c:\program files\common files\installshield\driver\8\intel 32\objps8.dll
2003-04-01 12:18:50 188416 ----a-w- c:\program files\common files\installshield\driver\8\intel 32\IUser8.dll
2003-04-01 12:18:30 327680 ----a-w- c:\program files\common files\installshield\driver\8\intel 32\ISRT.dll
2003-04-01 12:18:10 237568 ----a-w- c:\program files\common files\installshield\driver\8\intel 32\IScript8.dll
2003-03-28 18:21:36 647168 ----a-w- c:\program files\common files\installshield\driver\8\intel 32\IDriver2.exe
2003-03-28 18:21:36 647168 ----a-w- c:\program files\common files\installshield\driver\8\intel 32\IDriver.exe
2003-03-25 17:38:40 1327104 ----a-w- c:\program files\common files\microsoft shared\web folders\MSONSEXT.DLL
2003-03-18 18:05:50 89088 ----a-w- c:\windows\system32\atl71.dll
2003-03-14 12:20:40 1358432 ----a-w- c:\windows\system32\XMNT2002.exe
2003-03-14 12:18:30 4228 ----a-w- c:\windows\system32\drivers\PQNTDRV.sys
2003-03-06 16:26:04 113224 ----a-w- c:\program files\common files\system\mapi\1033\EMABLT32.DLL
2003-03-05 18:45:24 290816 ----a-w- c:\program files\common files\installshield\driver\8\intel 32\_ISRES1033.dll
2003-03-03 14:57:20 86528 ----a-w- c:\program files\common files\system\directdb.dll
2003-03-03 14:57:20 85504 ----a-w- c:\program files\outlook express\wabimp.dll
2003-03-03 14:57:20 51712 ----a-w- c:\windows\system32\msident.dll
2003-03-03 14:57:20 46080 ----a-w- c:\program files\outlook express\wab.exe
2003-03-03 14:57:20 252928 ----a-w- c:\windows\system32\msoeacct.dll
2003-03-03 14:57:20 104448 ----a-w- c:\program files\outlook express\oeimport.dll
2003-03-03 14:57:18 60416 ----a-w- c:\program files\outlook express\oemig50.exe
2003-03-03 14:57:18 60416 ----a-w- c:\program files\outlook express\msimn.exe
2003-03-03 14:57:18 32768 ----a-w- c:\program files\outlook express\wabfind.dll
2003-03-03 14:57:18 30208 ----a-w- c:\program files\outlook express\wabmig.exe
2003-03-03 14:57:18 105984 ----a-w- c:\windows\system32\msoert2.dll
2003-03-03 14:57:16 35328 ----a-w- c:\program files\outlook express\oemiglib.dll
2003-03-03 08:24:32 33792 ----a-w- c:\windows\ieuninst.exe
2003-02-11 03:51:24 1187840 ----a-w- c:\program files\common files\system\ole db\MSDAIPP.DLL
2003-01-29 20:12:16 2071752 ----a-w- c:\program files\common files\system\ole db\MSOLAP80.DLL
2003-01-29 20:12:14 1383592 ----a-w- c:\program files\common files\system\ole db\MSDMINE.DLL
2003-01-29 20:12:14 1031336 ----a-w- c:\program files\common files\system\ole db\MSMDGD80.DLL
2003-01-29 20:12:12 359600 ----a-w- c:\program files\common files\system\ole db\MSDMENG.DLL
2003-01-29 20:12:12 224416 ----a-w- c:\program files\common files\system\ole db\MSMDCB80.DLL
2003-01-15 10:08:10 325632 ----a-w- c:\program files\movie maker\wmm2fxb.dll
2003-01-13 13:24:04 94208 ----a-w- c:\windows\system32\lmpgvd.ax
2003-01-13 13:24:04 48640 ----a-w- c:\windows\system32\lmpgad.ax
2003-01-13 13:24:04 106496 ----a-w- c:\windows\system32\lmpgspl.ax
2003-01-13 13:22:02 1581056 ----a-w- c:\windows\system32\mplvw7.dll
2003-01-13 13:22:02 1552384 ----a-w- c:\windows\system32\mplvm6.dll
2003-01-13 13:22:02 1122304 ----a-w- c:\windows\system32\mplvpx.dll
2003-01-13 13:22:00 1650688 ----a-w- c:\windows\system32\mplva6.dll
2003-01-13 13:21:58 77824 ----a-w- c:\windows\system32\mplaw7.dll
2003-01-13 13:21:58 77824 ----a-w- c:\windows\system32\mplaa6.dll
2003-01-13 13:21:58 65536 ----a-w- c:\windows\system32\mplapx.dll
2003-01-13 13:21:58 65536 ----a-w- c:\windows\system32\mplam6.dll
2003-01-13 13:21:58 19968 ----a-w- c:\windows\system32\cpuinf32.dll
2003-01-13 13:06:40 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2003-01-13 09:19:26 64208 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2003-01-13 09:19:26 61440 ----a-w- c:\windows\system32\cdrtc.dll
2003-01-13 09:19:26 45056 ----a-w- c:\windows\system32\cdral.dll
2003-01-13 09:19:26 249344 ----a-w- c:\windows\system32\drivers\Cdudf_xp.sys
2003-01-13 09:19:26 24839 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2003-01-13 09:19:26 22758 ----a-w- c:\windows\system32\drivers\Mmc_2k.sys
2003-01-13 09:19:26 21654 ----a-w- c:\windows\system32\drivers\Dvd_2k.sys
2003-01-13 09:19:26 206464 ----a-w- c:\windows\system32\drivers\UdfReadr_xp.sys
2003-01-13 09:19:26 118422 ----a-w- c:\windows\system32\drivers\pwd_2K.sys
2002-12-20 12:06:00 3558912 ----a-w- c:\program files\movie maker\moviemk.exe
2002-12-20 12:05:06 4096 ----a-w- c:\program files\movie maker\1033\wmm2eres.dll
2002-12-20 12:05:04 7680 ----a-w- c:\program files\movie maker\wmm2ext.dll
2002-12-20 12:05:00 502272 ----a-w- c:\program files\movie maker\wmm2fxa.dll
2002-12-20 12:04:58 402432 ----a-w- c:\program files\movie maker\wmm2filt.dll
2002-12-20 12:04:58 167936 ----a-w- c:\program files\movie maker\wmm2ae.dll
2002-12-20 12:04:50 4256768 ----a-w- c:\program files\movie maker\1033\wmm2res.dll
2002-12-17 17:16:18 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
2002-12-01 18:10:02 -------- d-----w- c:\program files\Prime95
2002-11-26 14:15:52 186880 ------w- c:\windows\system32\encdec.dll
2002-11-26 14:15:50 270848 ------w- c:\windows\system32\sbe.dll
2002-11-14 11:58:06 154624 ----a-w- c:\windows\system32\ivfsrc.ax
2002-11-14 11:58:04 200192 ----a-w- c:\windows\system32\ir50_qc.dll
2002-11-14 11:58:04 183808 ----a-w- c:\windows\system32\ir50_qcx.dll
2002-11-14 11:58:02 755200 ----a-w- c:\windows\system32\ir50_32.dll
2002-11-14 11:58:02 338432 ----a-w- c:\windows\system32\ir41_qcx.dll
2002-11-14 11:58:02 120320 ----a-w- c:\windows\system32\ir41_qc.dll
2002-11-14 11:58:00 848384 ----a-w- c:\windows\system32\ir41_32.ax
2002-11-14 11:58:00 199680 ----a-w- c:\windows\system32\iac25_32.ax
2002-11-09 12:44:40 -------- d-s---w- c:\documents and settings\adam\UserData
2002-11-09 11:27:40 607325 ----a-r- c:\windows\system32\drivers\MA111nd5.sys
2002-11-07 23:28:19 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2002-11-07 23:28:13 -------- d-----w- C:\ATI
2002-11-07 23:24:50 -------- d-----w- c:\windows\RegisteredPackages
.
==================== Find3M ====================
.
2012-04-04 15:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-29 08:25:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-03-05 10:13:40 947472 ----a-w- c:\windows\system32\msjava.dll
2009-08-06 19:24:10 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2008-04-14 04:55:28 1804 ----a-w- c:\windows\system32\dcache.bin
2008-04-14 04:46:52 329728 ----a-w- c:\windows\system32\netsetup.exe
2008-04-14 04:43:24 92424 ----a-w- c:\windows\system32\rdpdd.dll
2008-04-14 04:43:24 87176 ----a-w- c:\windows\system32\rdpwsx.dll
2008-04-14 04:43:24 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-04-14 04:43:22 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2008-04-14 04:43:22 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2008-04-14 04:43:22 12168 ----a-w- c:\windows\system32\tsddd.dll
2008-04-14 04:43:22 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2008-04-14 04:41:58 97280 ----a-w- c:\windows\system32\loadperf.dll
2008-04-14 04:40:58 218624 ----a-w- c:\windows\system32\sysmon.ocx
2008-04-14 04:40:52 86016 ----a-w- c:\windows\system32\sl_anet.acm
2008-04-14 04:40:46 102912 ----a-w- c:\windows\system32\dpcdll.dll
2008-04-14 04:40:36 81920 ----a-w- c:\windows\system32\proctexe.ocx
2008-04-14 04:40:32 53279 ----a-w- c:\windows\system32\odbcji32.dll
2008-04-14 04:40:22 110592 ----a-w- c:\windows\system32\msscript.ocx
2008-04-14 04:40:10 4126 ----a-w- c:\windows\system32\msdxmlc.dll
2008-04-14 04:40:08 3584 ----a-w- c:\windows\system32\msafd.dll
2008-04-14 04:40:08 294912 ----a-w- c:\windows\system32\msaud32.acm
2008-04-14 04:40:08 177152 ------w- c:\windows\system32\msctfime.ime
2008-04-14 04:40:08 14848 ----a-w- c:\windows\system32\msadp32.acm
2008-04-14 00:00:12 1845632 ----a-w- c:\windows\system32\win32k.sys
2008-04-13 23:58:40 175744 ----a-w- c:\windows\system32\drivers\rdbss.sys
2008-04-13 23:57:54 2188928 ----a-w- c:\windows\system32\ntoskrnl.exe
2008-04-13 23:51:02 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2008-04-13 23:50:44 91520 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2008-04-13 23:50:38 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2008-04-13 23:50:18 361344 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-04-13 23:49:50 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys
2008-04-13 23:49:44 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2008-04-13 23:49:44 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys
2008-04-13 23:49:24 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2008-04-13 23:47:20 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2008-04-13 23:47:06 105344 ----a-w- c:\windows\system32\drivers\mup.sys
2008-04-13 23:47:02 456576 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-04-13 23:46:38 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2008-04-13 23:46:24 49536 ----a-w- c:\windows\system32\drivers\classpnp.sys
2008-04-13 23:45:56 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2008-04-13 23:45:54 574976 ----a-w- c:\windows\system32\drivers\ntfs.sys
2008-04-13 23:45:46 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2008-04-13 23:45:12 334848 ----a-w- c:\windows\system32\drivers\srv.sys
2008-04-13 23:44:30 143744 ----a-w- c:\windows\system32\drivers\fastfat.sys
2008-04-13 23:44:22 63744 ----a-w- c:\windows\system32\drivers\cdfs.sys
2008-04-13 23:30:20 30080 ----a-w- c:\windows\system32\drivers\modem.sys
2008-04-13 23:30:06 19072 ----a-w- c:\windows\system32\drivers\tdi.sys
2008-04-13 23:27:34 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2008-04-13 23:27:30 40576 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2008-04-13 23:27:28 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2008-04-13 23:27:28 10112 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2008-04-13 23:27:22 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys
2008-04-13 23:27:16 152832 ----a-w- c:\windows\system32\drivers\ipnat.sys
2008-04-13 23:27
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
You can look in Program Files, SuperAntiSpyware and look for a txt file.
It would appear from the logs that you indeed have AVG installled.
I strongly recommend that you remove Ask from your computer because it;
•Promotes its toolbars on sites targeted to kids.
•Promotes its toolbars through ads that appear to be part of other companies' sites.
•Promotes its toolbars through other companies' spyware.
•Installs without any disclosure whatsoever and without any consent whatsoever.
•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See Here (http://www.benedelman.org/spyware/ask-toolbars/) for more info.
If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.
•AskBarDis or anything related to Ask
Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
*****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
Hi there SuperDave, thank you so much for your help!
I looked again in the program files folder for SuperAntiSpyware for a .txt file but i promise you there is none in there! Do you want me to scan again with this & post the log even though it removed a whole load of stuff in the unsaved scan?
I removed Ask, which was an add on from Avira only recently.
Also, I have removed AVG from add/remove and it shouldn't be installed - after you said it was still there I checked and there is no entry to remove on add/remove, so the only thing left was a folder in program files so I deleted it then emptied the bin & ran a CCleaner, but I can see on the Security Check log it is still showing up as on my system.
Anyway, here are the 2 logs:
Checkup
Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java(TM) 6 Update 33
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.0.1.152
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0)
````````Process Check: objlist.exe by Laurent````````[/u]
Zone Labs ZoneAlarm zlclient.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 39% Defragment your hard drive soon!
````````````````````End of Log``````````````````````[/u]
ComboFix
ComboFix 12-06-16.02 - Adam 18/06/2012 23:07:30.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.642 [GMT 1:00]
Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Adam\Application Data\PriceGong
c:\documents and settings\Adam\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Adam\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Adam\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Adam\Application Data\Propellerhead Software\ReCycle
c:\documents and settings\Adam\Application Data\Propellerhead Software\ReCycle\ReCycle Preferences File.prf
c:\documents and settings\Adam\WINDOWS
c:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle
c:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle\ReCycle210.dat
c:\windows\help\wmplayer.bak
c:\windows\iun6002.exe
c:\windows\system32\dllcache\dlimport.exe
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-15 08:43 . 2012-06-15 08:43 -------- d-----w- c:\documents and settings\Adam\Local Settings\Application Data\APN
2012-06-15 08:42 . 2002-01-01 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-06-15 07:42 . 2008-04-14 04:41 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2012-06-15 07:40 . 2008-04-13 21:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2012-06-15 07:40 . 2008-04-13 23:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-06-15 07:39 . 2006-12-28 23:31 19569 ----a-w- c:\windows\003160_.tmp
2012-06-13 20:22 . 2012-06-13 20:22 -------- d-----w- c:\documents and settings\All Users\AVG Secure Search
2012-06-13 19:30 . 2012-06-13 19:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-06-13 19:16 . 2002-01-01 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-06-13 18:01 . 2012-06-13 18:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 18:01 . 2002-01-02 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-06-07 07:42 . 2012-06-07 07:42 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-07 07:42 . 2012-06-07 07:42 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-23 08:30 . 2012-04-23 08:30 722 ----a-w- c:\windows\Fonts\BraNBIEa.PFM
2012-04-19 04:50 . 2012-04-19 04:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-04 15:56 . 2002-01-02 03:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 07:42 . 2002-01-01 00:06 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 23:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe" [2007-01-25 165304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 131072]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MBM 5"="c:\program files\Motherboard Monitor 5\MBM5.EXE" [2004-02-19 594432]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-06-16 697624]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-05-29 520192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-20 77824]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-06-01 86016]
"MAFWTaskbarApp"="c:\windows\System32\MAFWTray.exe" [2005-02-04 155648]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2009-06-17 40960]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-11-30 393640]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2000-11-30 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-7-6 86016]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=KORGUMDD.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [6/24/2007 7:59 PM 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [6/24/2007 7:59 PM 5248]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 5:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 5:46 AM 31952]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [6/19/2004 3:40 PM 10240]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [1/15/2005 9:47 PM 11264]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 6:17 AM 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 5:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 10:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 12:38 AM 116608]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [1/15/2006 8:43 PM 33792]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 6:25 AM 235216]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 2:32 PM 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 2:32 PM 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 2:32 PM 17232]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [5/2/2007 3:31 AM 54520]
S3 KORGUMDS;KORG USB MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [4/14/2005 11:47 PM 12544]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 8:13 PM 113120]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 Powercore;PowerCore;c:\windows\system32\drivers\PCore.sys [1/27/2007 10:24 AM 76800]
S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys);c:\windows\system32\drivers\ScratchAmp.sys [4/12/2005 10:58 AM 22912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-ADAMPC01-Adam.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-29 03:44]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-839522115-1003Core.job
- c:\documents and settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-16 19:45]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-839522115-1003UA.job
- c:\documents and settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-16 19:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Adam\Application Data\Mozilla\Firefox\Profiles\nie14n2c.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B410d974b-a2d1-4d4e-9fdd-e1d55a2fffc7%7D&mid=79dcd48eeb9447d0b2a5d1486fc32f2f-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2002-01-01%2004%3A31%3A32&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-POINTER - point32.exe
HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM1312_MFP_Series -f PQOptimizerVideo.xml
Notify-AtiExtEvent - (no file)
AddRemove-3DDelays_1.1_Build_230 - c:\windows\iun6002.exe
AddRemove-PSP_Nitro - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-18 23:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0a\02\0b\08\1c\1c?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-18 23:59:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 22:58
.
Pre-Run: 12,192,997,376 bytes free
Post-Run: 12,147,789,824 bytes free
.
- - End Of File - - B7511252AD87F8B404C7FADEEB7EF355
Thanks again!
-
Do you want me to scan again with this & post the log even though it removed a whole load of stuff in the unsaved scan?
You can run it again for your own satisfaction but I don't need to see the log.
Why haven't you upgraded to IE? You really should because malware just loves out-of-date programs.
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***********************************************
Update your Adobe Reader. get.adobe.com/reader (http://get.adobe.com/reader/).
Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
********************************************************
Total Fragmentation on Drive C:: 39% Defragment your hard drive soon!
You really should defrag your hard drive.
Go to Start, All Programs, Accessories, System Tools and select Disk Defragmenter.
**************************************************
Are you sure that you have Avira on your computer? I only see AVG.
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
Hi SuperDave
I will do these in a moment but wanted you to answer me a couple of questions first:
I do not have Avira installed, it was one of the many antivirus programs i tried to install but installation didn't work, which is the main 'visible' problem with the computer currently. The reason I mentioned Avira was because it installed a toolbar which was where Ask.com came from.
You say that you see AVG, but here's the thing - i tried to install AVG just like Avira and had to uninstall it in safe mode to get back to normal. As far as I can see it is uninstalled. It is not in the 'add/remove programs' list, it is not in the 'all programs' start menu list and I even deleted the surplus folder it left in 'program files', so I don't really understand how it is still showing up as installed? Is there any other way to fully remove a program beyond the obvious because it shouldn't be there - i have no antivirus program on my computer.
Regarding Java, i did install to the latest version as the sticky instructs, i don't know why this wouldn't have happened, but will install again.
I will install/update Java, update IE, update adobe reader, defrag, and run sysprot as instructed - i will post the results when done, but if you could answer the above in the meantime i'd be very grateful!
Adam
-
Below is the SysProt log.
After defragmentation I also created about 35gb extra space on my C drive as it was a bit too full. Java, Adobe reader & IE updated fine (although Adobe didn't give an option to deselect McAfee, so i just removed the McAfee again after installation).
What is the next step then? Or am I barking up the wrong tree in the first place and don't have a virus at all?? Also, any help with the previously mentioned AVG issue is greatly appreciated!
Thanks again, Adam
SysProt log:
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name:
Service Name: ---
Module Base: F770A000
Module End: F7722000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: F50A4000
Module End: F50A8000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_si3114r.sys
Service Name: ---
Module Base: EB43C000
Module End: EB453000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: F77B4028
Driver Base: F77A6000
Driver End: F77CE000
Driver Name: a347bus.sys
Function Name: ZwConnectPort
Address: EB626B9D
Driver Base: EB618000
Driver End: EB658000
Driver Name: \SystemRoot\System32\vsdatant.sys
Function Name: ZwCreateKey
Address: F77B3FE0
Driver Base: F77A6000
Driver End: F77CE000
Driver Name: a347bus.sys
Function Name: ZwCreatePagingFile
Address: F77A7B00
Driver Base: F77A6000
Driver End: F77CE000
Driver Name: a347bus.sys
Function Name: ZwDeleteKey
Address: EB639B10
Driver Base: EB618000
Driver End: EB658000
Driver Name: \SystemRoot\System32\vsdatant.sys
Function Name: ZwDeleteValueKey
Address: EB639A70
Driver Base: EB618000
Driver End: EB658000
Driver Name: \SystemRoot\System32\vsdatant.sys
Function Name: ZwEnumerateKey
Address: F77A85DC
Driver Base: F77A6000
Driver End: F77CE000
Driver Name: a347bus.sys
Function Name: ZwEnumerateValueKey
Address: F77B4120
Driver Base: F77A6000
Driver End: F77CE000
Driver Name: a347bus.sys
Function Name: ZwLoadKey
Address: EB639B90
Driver Base: EB618000
Driver End: EB658000
Driver Name: \SystemRoot\System32\vsdatant.sys
Function Name: ZwOpenFile
Address: F77A7B40
Driver Base: F77A6000
Driver End: F77CE000
Driver Name: a347bus.sys
Function Name: ZwOpenKey
Address: F77B3FA4
Driver Base: F77A6000
Driver End: F77CE000
Driver Name: a347bus.sys
Function Name: ZwOpenProcess
Address: EB6394C0
Driver Base: EB618000
Driver End: EB658000
Driver Name: \SystemRoot\System32\vsdatant.sys
Function Name: ZwQueryKey
Address: F77A85FC
Driver Base: F77A6000
Driver End: F77CE000
Driver Name: a347bus.sys
Function Name: ZwQueryValueKey
Address: F77B4076
Driver Base: F77A6000
Driver End: F77CE000
Driver Name: a347bus.sys
Function Name: ZwReplaceKey
Address: EB639C40
Driver Base: EB618000
Driver End: EB658000
Driver Name: \SystemRoot\System32\vsdatant.sys
Function Name: ZwRestoreKey
Address: EB639CC0
Driver Base: EB618000
Driver End: EB658000
Driver Name: \SystemRoot\System32\vsdatant.sys
Function Name: ZwSetSystemPowerState
Address: F77B3550
Driver Base: F77A6000
Driver End: F77CE000
Driver Name: a347bus.sys
Function Name: ZwSetValueKey
Address: EB6399C0
Driver Base: EB618000
Driver End: EB658000
Driver Name: \SystemRoot\System32\vsdatant.sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
-
Please install MSE from one of the links below. Be sure to pick the correct one for your computer
Microsoft Security Essentials for Windows Vista\Windows 7 (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_VistaWindows_7_d6242.html) - 64 bit Download (http://majorgeeks.com/downloadget.php?id=6242&file=5&evp=9112d44b71f157fc5d7fcd7724b088ca)
Microsoft Security Essentials for Windows XP (http://www.microsoft.com/security_essentials/)
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Hi
I tried to install MSE but it told me it could not verify my copy of windows which is a bit wierd.
ESET Scan completed:
ESET Scan:
C:\System Volume Information\_restore{74AA36B0-1A0C-4F27-A020-A9580E8A622D}\RP615\A0229386.exe a variant of Win32/Adware.iBryte.B application cleaned by deleting - quarantined
ESET Log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=70ed7569835cc74ca05771b2284e191e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-22 11:43:54
# local_time=2012-06-23 12:43:54 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1280 16777215 100 0 251275390 251275390 0 0
# compatibility_mode=8192 67108863 100 0 1237 1237 0 0
# compatibility_mode=9217 16777214 75 59 252907636 364779707 0 0
# scanned=179350
# found=1
# cleaned=1
# scan_time=14843
C:\System Volume Information\_restore{74AA36B0-1A0C-4F27-A020-A9580E8A622D}\RP615\A0229386.exe a variant of Win32/Adware.iBryte.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
What's next?
Thanks, Adam
-
It's possible that your OS was not validated. You can do this:
I highly recommend to validate Windows. You can do this one of three ways.
- Use the Start Menu and navigate to the Activate Windows link. Through this, it will allow you to enter your product key, and to properly register Windows, so it will be licensed/genuine.
- Contact Microsoft for a replacement product key. You can do this by having your proof of purchase ready, and be prepared to fax the information. You can find out more information about contacting them by at this link (http://support.microsoft.com/kb/326246)
- Buy a new, retail version of Windows. You can either find them in home electronics in department stores, or online at Buy on-line. (http://www.microsoft.com/windows/buy/default.aspx)
Keep in mind, Microsoft requires your copy of Windows to be genuine. Lastly, we are not responsible for any issues that arise, because of your non-genuine copy of Windows.
***************************************************
If you still can't install MSE, you can try another one of these AV's
Looking over your log it seems you don't have any antivirus software.
Before we continue download and install a free antivirus.
Remember to only install one antivirus!
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) Microsoft Security Essentials for Windows Vista\Windows 7 (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_VistaWindows_7_d6242.html) - 64 bit Download (http://majorgeeks.com/downloadget.php?id=6242&file=5&evp=9112d44b71f157fc5d7fcd7724b088ca)
4-a) Microsoft Security Essentials for Windows XP (http://www.microsoft.com/security_essentials/)
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition (http://www.majorgeeks.com/PC_Tools_AntiVirus_Free_Edition_d5469.html)
7) ThreatFire (http://www.threatfire.com/)
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
**********************************************
Please let me know when that's done and we'll do some cleanup.