Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help a lost soul

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please help a lost soul

Unread postby nineinchheel » April 25th, 2009, 7:31 am

Hi Dan
I wasn't able to follow your instructions as I don't seem to have Norton installed - I can navigate to the quaratine folder and delete the files like that but I await your instructions as to what to do! I can only imagine that once upon a time I had Norton installed and have since uninstalled it My computer is still quite slow, to be honest I have been avoiding using it because of the malware.

Also, I was not able to follow the instruction with Combofix. When I dragged the script as I have done before I get this message:
You cannot rename Combofix as Combo-Fix
Please use another name, preferbaly made up of alphanumeric charecters

Regards
nineinchheel
Regular Member
 
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands
Advertisement
Register to Remove

Re: Please help a lost soul

Unread postby dan12 » April 25th, 2009, 12:26 pm

Well done for asking always best to be sure.

Let's take care of the leftovers.
Remove Norton

Please click HERE and follow the instructions to download and run the norton removal tool

Regarding cf make sure you use notepad no other text editor and the script
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe in your case we renamed it "Combo-Fix"

see how you go.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby nineinchheel » April 25th, 2009, 3:48 pm

I uninstalled Norton using the instructions in the link Dan. Again I tried to drag the CFScript.txt and I got the same error message as before

"You cannot rename Combofix as Combo-Fix
Please use another name, preferbaly made up of alphanumeric charecters"

Should I rename Combo-Fix to something else that doesn't have a hyphen in it, and then repeat the process?

Regards
nineinchheel
Regular Member
 
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Please help a lost soul

Unread postby dan12 » April 25th, 2009, 4:06 pm

You only need to drag "CFScript.txt" into combofix :) try renaming without the hyphen as you suggested if no joy will try something else.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby nineinchheel » April 25th, 2009, 5:33 pm

I renamed Combo-fix.exe to Godiva.exe, the process seemed to work after that. Here is the report it generated:

ComboFix 09-04-25.A3 - George 25/04/2009 21:49.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.382.78 [GMT 1:00]
Running from: c:\documents and settings\George\Desktop\Godiva.exe
Command switches used :: c:\documents and settings\George\Desktop\CFScript.txt
AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
c:\documents and settings\George\My Documents\My Received Files\img.zip
c:\documents and settings\George\My Documents\Real Lives 2007.rar
c:\windows\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\George\My Documents\My Received Files\img.zip
c:\documents and settings\George\My Documents\Real Lives 2007.rar
c:\windows\system32\AVSredirect.dll
c:\windows\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.

2009-04-25 19:41 . 2009-04-25 19:41 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-25 11:40 . 2009-04-25 12:16 -------- d-----w c:\program files\AVIConverter
2009-04-25 11:27 . 2009-04-25 11:28 -------- d-----w C:\Combo-Fix
2009-04-23 08:15 . 2009-04-23 08:15 -------- d-----w c:\documents and settings\George\Application Data\Malwarebytes
2009-04-23 08:14 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 08:14 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 08:14 . 2009-04-23 08:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 08:14 . 2009-04-23 08:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 00:06 . 2009-04-23 00:06 -------- d-s---w c:\windows\system32\config\systemprofile\UserData
2009-04-22 17:49 . 2009-04-22 17:49 -------- d-----w c:\program files\Trend Micro
2009-04-22 09:31 . 2009-04-23 09:17 -------- d-----w c:\documents and settings\George\Application Data\Twain
2009-04-22 00:26 . 2009-04-23 18:34 -------- d-----w C:\ComboFix
2009-04-22 00:23 . 2009-04-22 00:23 0 ----a-w c:\windows\TPTray.INI
2009-04-21 23:48 . 2009-04-21 23:48 577024 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-21 23:45 . 2009-04-21 23:45 -------- d-----w c:\windows\ERUNT
2009-04-21 13:35 . 2009-04-21 13:35 213376 -c--a-w c:\windows\system32\dllcache\ndis.sys
2009-04-21 13:27 . 2009-04-25 20:52 113276 ----a-w c:\windows\system32\drivers\d83568e8.sys
2009-04-18 10:41 . 2003-06-25 15:05 266360 ----a-w c:\windows\system32\TweakUI.exe
2009-04-18 10:41 . 2002-06-21 14:09 160217 ----a-w c:\windows\system32\PowerToysLicense.rtf
2009-04-18 10:33 . 2006-07-13 13:33 8453632 ----a-w c:\windows\system32\shell32.backup
2009-04-18 10:14 . 2009-04-18 10:34 -------- d-----w c:\program files\iColorFolder
2009-04-18 09:58 . 2009-04-18 09:58 -------- d-----w c:\program files\IconXP
2009-04-17 00:19 . 2009-04-19 10:11 -------- d-----w c:\windows\Windows98_icons
2009-04-17 00:17 . 2009-04-17 00:17 -------- d-----w c:\program files\Mystik Media
2009-04-17 00:16 . 2009-04-17 00:17 -------- dc-h--w c:\documents and settings\All Users\Application Data\{E33597A3-E995-4DA4-A3A0-F1775979A8E0}
2009-04-16 23:55 . 2002-10-28 12:23 1662 ----a-w c:\windows\29_ico_5.ico
2009-04-16 23:48 . 2002-10-28 13:33 1662 ----a-w c:\windows\The Internet_ico_5.ico
2009-04-16 23:32 . 2002-10-28 13:17 766 ----a-w c:\windows\Hard Drive_ico_3.ico
2009-04-16 21:41 . 2004-08-04 12:00 1032192 ----a-w c:\windows\explorer.exebackup
2009-04-16 19:02 . 2007-05-17 16:30 318976 ----a-w c:\windows\system32\avisynth.dll
2009-04-16 19:02 . 2004-02-22 09:11 719872 ----a-w c:\windows\system32\devil.dll
2009-04-16 19:02 . 2004-01-24 23:00 70656 ----a-w c:\windows\system32\yv12vfw.dll
2009-04-16 19:02 . 2004-01-24 23:00 70656 ----a-w c:\windows\system32\i420vfw.dll
2009-04-16 19:02 . 2009-04-16 19:02 -------- d-----w c:\program files\AviSynth 2.5
2009-04-16 18:58 . 2009-04-16 18:58 -------- d-----w c:\windows\system32\languages
2009-04-15 23:30 . 2009-04-15 23:30 -------- d-----w c:\program files\XeroBank
2009-04-15 15:13 . 2004-07-29 01:19 175104 ----a-w c:\windows\lame_enc.dll
2009-04-14 22:10 . 2009-04-14 22:10 0 ----a-w c:\windows\nsreg.dat
2009-04-14 22:09 . 2009-04-14 22:11 -------- d-----w c:\documents and settings\George\Local Settings\Application Data\Thunderbird
2009-04-14 22:09 . 2009-04-14 22:10 -------- d-----w c:\documents and settings\George\Application Data\Thunderbird
2009-04-14 22:08 . 2009-04-25 19:37 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-12 16:41 . 2009-04-12 16:41 -------- d-----w c:\documents and settings\George\Bullfrog
2009-04-12 16:41 . 2009-04-12 16:41 -------- d-----w c:\windows\system\KEEPER
2009-04-12 03:42 . 2009-04-12 03:42 -------- d-----w c:\program files\ebrary
2009-04-09 00:10 . 2009-04-09 00:10 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-05 17:48 . 1998-05-29 08:51 274432 ----a-w c:\windows\system32\VCT32150.dll
2009-04-05 17:48 . 1997-09-03 15:58 195584 ----a-w c:\windows\system32\MVoice.vxp
2009-04-05 17:45 . 2009-04-05 17:45 -------- d-----w c:\program files\Red Storm Entertainment
2009-04-01 19:25 . 2009-04-01 19:25 -------- d-----w c:\program files\MySpace Grab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 20:52 . 2006-09-21 12:50 -------- d-----w c:\documents and settings\George\Application Data\Skype
2009-04-25 19:43 . 2006-05-22 13:08 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-21 13:35 . 2006-05-22 07:36 213376 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-17 00:23 . 2008-05-17 10:41 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 21:48 . 2006-09-03 14:31 66648 ----a-w c:\documents and settings\George\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 19:01 . 2009-04-16 19:01 -------- d-----w c:\program files\eRightSoft
2009-03-30 19:01 . 2008-07-05 10:14 557469 ----a-w c:\windows\system32\libmplayer.dll
2009-03-30 19:01 . 2008-07-05 10:14 4426841 ----a-w c:\windows\system32\libavcodec.dll
2009-03-30 19:01 . 2008-07-05 10:13 849136 ----a-w c:\windows\system32\ff_x264.dll
2009-03-30 19:01 . 2008-06-13 10:39 98304 ----a-w c:\windows\system32\ff_wmv9.dll
2009-03-30 19:01 . 2008-06-12 17:36 84480 ----a-w c:\windows\system32\ff_vfw.dll
2009-03-30 19:01 . 2004-12-20 10:03 828029 ----a-w c:\windows\system32\xvidcore.dll
2009-03-08 20:10 . 2008-10-30 00:57 -------- d-----w c:\documents and settings\George\Application Data\U3
2009-02-24 19:35 . 2006-10-03 16:23 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-02-24 19:35 . 2006-10-02 11:36 129784 ------w c:\windows\system32\pxafs.dll
2009-02-24 19:35 . 2006-10-02 11:36 118520 ------w c:\windows\system32\pxinsi64.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2006-12-03 15:35 . 2006-12-03 15:35 0 ----a-w c:\documents and settings\George\Application Data\wklnhst.dat
2006-05-22 12:23 . 2007-02-03 22:50 12328 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\opera\program\plugins\ssldivx.dll
2007-04-17 23:20 . 2007-04-17 23:20 56 --sh--r c:\windows\system32\512601FDB7.sys
2006-05-03 10:06 . 2009-04-16 19:01 163328 --sh--r c:\windows\system32\flvDX.dll
2007-04-17 23:20 . 2007-04-17 23:20 1890 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2009-04-16 19:01 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-04-16 19:01 216064 --sh--r c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2009-04-21 13:35 213376 3D748D850B1C17C357C54BBFD4835F27 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-21 13:35 213376 3D748D850B1C17C357C54BBFD4835F27 c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-23_18.43.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-25 19:36 . 2009-04-25 19:36 16384 c:\windows\Temp\Perflib_Perfdata_4c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-09-18 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-03-16 634880]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 53248]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 262144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-18 16143872]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-18 89541]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-08-11 266240]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\inf\\explorer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22178:TCP"= 22178:TCP:BitComet 22178 TCP
"22178:UDP"= 22178:UDP:BitComet 22178 UDP

S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2007-11-14 101120]
S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2007-11-14 33408]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2007-11-14 69632]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2007-11-28 98304]


--- Other Services/Drivers In Memory ---

*Deregistered* - eeCtrl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-06-27 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2006-05-22 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B98AAA0F-DE81-4AC5-B45A-FACC2E6BC232} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\g3sq6njz.default\
FF - prefs.js: browser.startup.homepage - hxxp://vle.coventry.ac.uk/webct/entryPageIns.dowebct
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 21:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d83568e8]
"ImagePath"="\SystemRoot\System32\drivers\d83568e8.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm
.
Completion time: 2009-04-25 21:55
ComboFix-quarantined-files.txt 2009-04-25 20:54
ComboFix2.txt 2009-04-24 01:17
ComboFix3.txt 2009-04-23 18:46

Pre-Run: 517,914,624 bytes free
Post-Run: 593,297,408 bytes free

213
nineinchheel
Regular Member
 
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Please help a lost soul

Unread postby dan12 » April 25th, 2009, 6:10 pm

What I'm tyrying to do!
You have a couple of sytem files that are infected and I need to find a clean source to copy from, to the bad file location,so we in effect replace the bad files with the good.
Let's see how we go.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
FCOPY::
C:\windows\servicepackfiles\ndis.sys | c:\windows\system32\dllcache\ndis.sys
C:\windows\servicepackfiles\ndis.sys | c:\windows\system32\drivers\ndis.sys

    


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Post combofix report
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby nineinchheel » April 25th, 2009, 7:07 pm

ComboFix 09-04-25.A3 - George 25/04/2009 23:43.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.382.143 [GMT 1:00]
Running from: c:\documents and settings\George\Desktop\Godiva.exe
Command switches used :: c:\documents and settings\George\Desktop\CFScript.txt
AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.

2009-04-25 19:41 . 2009-04-25 19:41 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-25 11:40 . 2009-04-25 12:16 -------- d-----w c:\program files\AVIConverter
2009-04-25 11:27 . 2009-04-25 11:28 -------- d-----w C:\Combo-Fix
2009-04-23 08:15 . 2009-04-23 08:15 -------- d-----w c:\documents and settings\George\Application Data\Malwarebytes
2009-04-23 08:14 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 08:14 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 08:14 . 2009-04-23 08:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 08:14 . 2009-04-23 08:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 00:06 . 2009-04-23 00:06 -------- d-s---w c:\windows\system32\config\systemprofile\UserData
2009-04-22 17:49 . 2009-04-22 17:49 -------- d-----w c:\program files\Trend Micro
2009-04-22 09:31 . 2009-04-23 09:17 -------- d-----w c:\documents and settings\George\Application Data\Twain
2009-04-22 00:26 . 2009-04-23 18:34 -------- d-----w C:\ComboFix
2009-04-22 00:23 . 2009-04-22 00:23 0 ----a-w c:\windows\TPTray.INI
2009-04-21 23:48 . 2009-04-21 23:48 577024 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-21 23:45 . 2009-04-21 23:45 -------- d-----w c:\windows\ERUNT
2009-04-21 13:35 . 2009-04-21 13:35 213376 -c--a-w c:\windows\system32\dllcache\ndis.sys
2009-04-21 13:27 . 2009-04-25 22:46 113276 ----a-w c:\windows\system32\drivers\d83568e8.sys
2009-04-18 10:41 . 2003-06-25 15:05 266360 ----a-w c:\windows\system32\TweakUI.exe
2009-04-18 10:41 . 2002-06-21 14:09 160217 ----a-w c:\windows\system32\PowerToysLicense.rtf
2009-04-18 10:33 . 2006-07-13 13:33 8453632 ----a-w c:\windows\system32\shell32.backup
2009-04-18 10:14 . 2009-04-18 10:34 -------- d-----w c:\program files\iColorFolder
2009-04-18 09:58 . 2009-04-18 09:58 -------- d-----w c:\program files\IconXP
2009-04-17 00:19 . 2009-04-19 10:11 -------- d-----w c:\windows\Windows98_icons
2009-04-17 00:17 . 2009-04-17 00:17 -------- d-----w c:\program files\Mystik Media
2009-04-17 00:16 . 2009-04-17 00:17 -------- dc-h--w c:\documents and settings\All Users\Application Data\{E33597A3-E995-4DA4-A3A0-F1775979A8E0}
2009-04-16 23:55 . 2002-10-28 12:23 1662 ----a-w c:\windows\29_ico_5.ico
2009-04-16 23:48 . 2002-10-28 13:33 1662 ----a-w c:\windows\The Internet_ico_5.ico
2009-04-16 23:32 . 2002-10-28 13:17 766 ----a-w c:\windows\Hard Drive_ico_3.ico
2009-04-16 21:41 . 2004-08-04 12:00 1032192 ----a-w c:\windows\explorer.exebackup
2009-04-16 19:02 . 2007-05-17 16:30 318976 ----a-w c:\windows\system32\avisynth.dll
2009-04-16 19:02 . 2004-02-22 09:11 719872 ----a-w c:\windows\system32\devil.dll
2009-04-16 19:02 . 2004-01-24 23:00 70656 ----a-w c:\windows\system32\yv12vfw.dll
2009-04-16 19:02 . 2004-01-24 23:00 70656 ----a-w c:\windows\system32\i420vfw.dll
2009-04-16 19:02 . 2009-04-16 19:02 -------- d-----w c:\program files\AviSynth 2.5
2009-04-16 18:58 . 2009-04-16 18:58 -------- d-----w c:\windows\system32\languages
2009-04-15 23:30 . 2009-04-15 23:30 -------- d-----w c:\program files\XeroBank
2009-04-15 15:13 . 2004-07-29 01:19 175104 ----a-w c:\windows\lame_enc.dll
2009-04-14 22:10 . 2009-04-14 22:10 0 ----a-w c:\windows\nsreg.dat
2009-04-14 22:09 . 2009-04-14 22:11 -------- d-----w c:\documents and settings\George\Local Settings\Application Data\Thunderbird
2009-04-14 22:09 . 2009-04-14 22:10 -------- d-----w c:\documents and settings\George\Application Data\Thunderbird
2009-04-14 22:08 . 2009-04-25 22:04 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-12 16:41 . 2009-04-12 16:41 -------- d-----w c:\documents and settings\George\Bullfrog
2009-04-12 16:41 . 2009-04-12 16:41 -------- d-----w c:\windows\system\KEEPER
2009-04-12 03:42 . 2009-04-12 03:42 -------- d-----w c:\program files\ebrary
2009-04-09 00:10 . 2009-04-09 00:10 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-05 17:48 . 1998-05-29 08:51 274432 ----a-w c:\windows\system32\VCT32150.dll
2009-04-05 17:48 . 1997-09-03 15:58 195584 ----a-w c:\windows\system32\MVoice.vxp
2009-04-05 17:45 . 2009-04-05 17:45 -------- d-----w c:\program files\Red Storm Entertainment
2009-04-01 19:25 . 2009-04-01 19:25 -------- d-----w c:\program files\MySpace Grab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 22:40 . 2006-09-21 12:50 -------- d-----w c:\documents and settings\George\Application Data\Skype
2009-04-25 19:43 . 2006-05-22 13:08 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-21 13:35 . 2006-05-22 07:36 213376 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-17 00:23 . 2008-05-17 10:41 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 21:48 . 2006-09-03 14:31 66648 ----a-w c:\documents and settings\George\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 19:01 . 2009-04-16 19:01 -------- d-----w c:\program files\eRightSoft
2009-03-30 19:01 . 2008-07-05 10:14 557469 ----a-w c:\windows\system32\libmplayer.dll
2009-03-30 19:01 . 2008-07-05 10:14 4426841 ----a-w c:\windows\system32\libavcodec.dll
2009-03-30 19:01 . 2008-07-05 10:13 849136 ----a-w c:\windows\system32\ff_x264.dll
2009-03-30 19:01 . 2008-06-13 10:39 98304 ----a-w c:\windows\system32\ff_wmv9.dll
2009-03-30 19:01 . 2008-06-12 17:36 84480 ----a-w c:\windows\system32\ff_vfw.dll
2009-03-30 19:01 . 2004-12-20 10:03 828029 ----a-w c:\windows\system32\xvidcore.dll
2009-03-08 20:10 . 2008-10-30 00:57 -------- d-----w c:\documents and settings\George\Application Data\U3
2009-02-24 19:35 . 2006-10-03 16:23 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-02-24 19:35 . 2006-10-02 11:36 129784 ------w c:\windows\system32\pxafs.dll
2009-02-24 19:35 . 2006-10-02 11:36 118520 ------w c:\windows\system32\pxinsi64.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2006-12-03 15:35 . 2006-12-03 15:35 0 ----a-w c:\documents and settings\George\Application Data\wklnhst.dat
2006-05-22 12:23 . 2007-02-03 22:50 12328 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\opera\program\plugins\ssldivx.dll
2007-04-17 23:20 . 2007-04-17 23:20 56 --sh--r c:\windows\system32\512601FDB7.sys
2006-05-03 10:06 . 2009-04-16 19:01 163328 --sh--r c:\windows\system32\flvDX.dll
2007-04-17 23:20 . 2007-04-17 23:20 1890 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2009-04-16 19:01 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-04-16 19:01 216064 --sh--r c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2009-04-21 13:35 213376 3D748D850B1C17C357C54BBFD4835F27 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-21 13:35 213376 3D748D850B1C17C357C54BBFD4835F27 c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-23_18.43.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-25 19:36 . 2009-04-25 19:36 16384 c:\windows\Temp\Perflib_Perfdata_4c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-09-18 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-03-16 634880]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 53248]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 262144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-18 16143872]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-18 89541]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-08-11 266240]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\inf\\explorer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22178:TCP"= 22178:TCP:BitComet 22178 TCP
"22178:UDP"= 22178:UDP:BitComet 22178 UDP

S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2007-11-14 101120]
S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2007-11-14 33408]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2007-11-14 69632]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2007-11-28 98304]


--- Other Services/Drivers In Memory ---

*Deregistered* - eeCtrl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-06-27 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2006-05-22 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B98AAA0F-DE81-4AC5-B45A-FACC2E6BC232} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\g3sq6njz.default\
FF - prefs.js: browser.startup.homepage - hxxp://vle.coventry.ac.uk/webct/entryPageIns.dowebct
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 23:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d83568e8]
"ImagePath"="\SystemRoot\System32\drivers\d83568e8.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(2084)
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2009-04-25 23:48
ComboFix-quarantined-files.txt 2009-04-25 22:47
ComboFix2.txt 2009-04-25 20:55
ComboFix3.txt 2009-04-24 01:17
ComboFix4.txt 2009-04-23 18:46

Pre-Run: 606,277,632 bytes free
Post-Run: 593,993,728 bytes free

207
nineinchheel
Regular Member
 
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Please help a lost soul

Unread postby dan12 » April 26th, 2009, 6:03 am

I'm awaiting some information back from colleagues regarding the files were trying to address.
Didn't want you to think I'd forgotten you :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby dan12 » April 26th, 2009, 4:43 pm

While I'm awaiting a mail, you can have a look through this...
Some useful reading here for you. :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby dan12 » April 27th, 2009, 5:55 pm

My apology for delay still awaiting information. This is the last couple of things we need to address. :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby dan12 » April 29th, 2009, 11:42 am

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
SysRst::



Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Post combofix report
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby nineinchheel » April 29th, 2009, 3:06 pm

Hey Dan, ComboFix log:

ComboFix 09-04-29.01 - George 29/04/2009 19:52.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.382.139 [GMT 1:00]
Running from: c:\documents and settings\George\Desktop\Godiva.exe
Command switches used :: c:\documents and settings\George\Desktop\CFScript.txt
AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-25 19:41 . 2009-04-25 19:41 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-25 11:40 . 2009-04-25 12:16 -------- d-----w c:\program files\AVIConverter
2009-04-25 11:27 . 2009-04-25 11:28 -------- d-----w C:\Combo-Fix
2009-04-23 08:15 . 2009-04-23 08:15 -------- d-----w c:\documents and settings\George\Application Data\Malwarebytes
2009-04-23 08:14 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 08:14 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 08:14 . 2009-04-23 08:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 08:14 . 2009-04-23 08:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 00:06 . 2009-04-23 00:06 -------- d-s---w c:\windows\system32\config\systemprofile\UserData
2009-04-22 17:49 . 2009-04-22 17:49 -------- d-----w c:\program files\Trend Micro
2009-04-22 09:31 . 2009-04-23 09:17 -------- d-----w c:\documents and settings\George\Application Data\Twain
2009-04-22 00:26 . 2009-04-23 18:34 -------- d-----w C:\ComboFix
2009-04-21 23:48 . 2009-04-21 23:48 577024 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-21 23:45 . 2009-04-21 23:45 -------- d-----w c:\windows\ERUNT
2009-04-21 13:35 . 2009-04-21 13:35 213376 -c--a-w c:\windows\system32\dllcache\ndis.sys
2009-04-21 13:27 . 2009-04-29 18:55 113276 ----a-w c:\windows\system32\drivers\d83568e8.sys
2009-04-18 10:41 . 2003-06-25 15:05 266360 ----a-w c:\windows\system32\TweakUI.exe
2009-04-18 10:14 . 2009-04-18 10:34 -------- d-----w c:\program files\iColorFolder
2009-04-18 09:58 . 2009-04-18 09:58 -------- d-----w c:\program files\IconXP
2009-04-17 00:19 . 2009-04-19 10:11 -------- d-----w c:\windows\Windows98_icons
2009-04-17 00:17 . 2009-04-17 00:17 -------- d-----w c:\program files\Mystik Media
2009-04-17 00:16 . 2009-04-17 00:17 -------- dc-h--w c:\documents and settings\All Users\Application Data\{E33597A3-E995-4DA4-A3A0-F1775979A8E0}
2009-04-16 19:02 . 2007-05-17 16:30 318976 ----a-w c:\windows\system32\avisynth.dll
2009-04-16 19:02 . 2004-02-22 09:11 719872 ----a-w c:\windows\system32\devil.dll
2009-04-16 19:02 . 2004-01-24 23:00 70656 ----a-w c:\windows\system32\yv12vfw.dll
2009-04-16 19:02 . 2004-01-24 23:00 70656 ----a-w c:\windows\system32\i420vfw.dll
2009-04-16 19:02 . 2009-04-16 19:02 -------- d-----w c:\program files\AviSynth 2.5
2009-04-16 19:01 . 2008-03-16 13:30 216064 --sh--r c:\windows\system32\nbDX.dll
2009-04-16 19:01 . 2007-02-21 11:47 31232 --sh--r c:\windows\system32\msfDX.dll
2009-04-16 19:01 . 2006-05-03 10:06 163328 --sh--r c:\windows\system32\flvDX.dll
2009-04-16 19:01 . 2009-04-16 19:01 -------- d-----w c:\program files\eRightSoft
2009-04-15 23:30 . 2009-04-15 23:30 -------- d-----w c:\program files\XeroBank
2009-04-15 15:13 . 2004-07-29 01:19 175104 ----a-w c:\windows\lame_enc.dll
2009-04-14 22:10 . 2009-04-14 22:10 0 ----a-w c:\windows\nsreg.dat
2009-04-14 22:09 . 2009-04-14 22:10 -------- d-----w c:\documents and settings\George\Application Data\Thunderbird
2009-04-14 22:09 . 2009-04-14 22:11 -------- d-----w c:\documents and settings\George\Local Settings\Application Data\Thunderbird
2009-04-14 22:08 . 2009-04-29 18:47 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-12 16:41 . 2009-04-12 16:41 -------- d-----w c:\documents and settings\George\Bullfrog
2009-04-12 16:41 . 2009-04-12 16:41 -------- d-----w c:\windows\system\KEEPER
2009-04-12 03:42 . 2009-04-12 03:42 -------- d-----w c:\program files\ebrary
2009-04-09 00:10 . 2009-04-09 00:10 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-05 17:48 . 1998-05-29 08:51 274432 ----a-w c:\windows\system32\VCT32150.dll
2009-04-05 17:45 . 2009-04-05 17:45 -------- d-----w c:\program files\Red Storm Entertainment
2009-04-01 19:25 . 2009-04-01 19:25 -------- d-----w c:\program files\MySpace Grab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 20:33 . 2008-07-28 22:59 -------- d-----w c:\program files\StarCraft
2009-04-25 19:43 . 2006-05-22 13:08 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-21 13:35 . 2006-05-22 07:36 213376 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-16 21:48 . 2006-09-03 14:31 66648 ----a-w c:\documents and settings\George\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-30 19:01 . 2008-07-05 10:14 557469 ----a-w c:\windows\system32\libmplayer.dll
2009-03-30 19:01 . 2008-07-05 10:14 4426841 ----a-w c:\windows\system32\libavcodec.dll
2009-03-30 19:01 . 2008-07-05 10:13 849136 ----a-w c:\windows\system32\ff_x264.dll
2009-03-30 19:01 . 2008-06-13 10:39 98304 ----a-w c:\windows\system32\ff_wmv9.dll
2009-03-30 19:01 . 2008-06-12 17:36 84480 ----a-w c:\windows\system32\ff_vfw.dll
2009-03-30 19:01 . 2004-12-20 10:03 828029 ----a-w c:\windows\system32\xvidcore.dll
2009-02-24 19:35 . 2006-10-03 16:23 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-02-24 19:35 . 2006-10-02 11:36 129784 ------w c:\windows\system32\pxafs.dll
2009-02-24 19:35 . 2006-10-02 11:36 118520 ------w c:\windows\system32\pxinsi64.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-23 21:52 . 2009-02-23 21:44 246 ----a-w c:\windows\filelisting.bat
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\opera\program\plugins\ssldivx.dll
2007-04-17 23:20 . 2007-04-17 23:20 56 --sh--r c:\windows\system32\512601FDB7.sys
2006-05-03 10:06 . 2009-04-16 19:01 163328 --sh--r c:\windows\system32\flvDX.dll
2007-04-17 23:20 . 2007-04-17 23:20 1890 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2009-04-16 19:01 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-04-16 19:01 216064 --sh--r c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2009-04-21 13:35 213376 3D748D850B1C17C357C54BBFD4835F27 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-21 13:35 213376 3D748D850B1C17C357C54BBFD4835F27 c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-23_18.43.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-28 21:38 . 2009-04-28 21:38 16384 c:\windows\Temp\Perflib_Perfdata_558.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\combo-fix\Assoc.cmd
23/04/2009 00:12 3284 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000093.cmd
24/04/2009 23:00 3289 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000518.cmd

c:\combo-fix\Auto-RC.cmd
23/04/2009 15:16 3099 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000062.cmd
24/04/2009 23:01 3109 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000519.cmd

c:\combo-fix\av.cmd
23/04/2009 00:12 536 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000094.cmd
24/04/2009 22:55 537 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000520.cmd

c:\combo-fix\av.vbs
31/08/2000 08:00 962 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000095.vbs
31/08/2000 08:00 962 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000505.vbs

c:\combo-fix\AWF.cmd
23/04/2009 00:12 623 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000087.cmd
24/04/2009 23:01 629 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000521.cmd

c:\combo-fix\Boot-Rk.cmd
23/04/2009 00:11 1862 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000096.cmd
24/04/2009 23:07 1868 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000522.cmd

c:\combo-fix\Boot.bat
23/04/2009 15:14 7579 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000097.bat
24/04/2009 23:01 7600 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000544.bat

c:\combo-fix\BootSect.dll
31/08/2000 08:00 7680 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000098.dll
31/08/2000 08:00 7680 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000540.dll

c:\combo-fix\c.bat
23/04/2009 21:00 38053 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000082.bat
25/04/2009 16:23 38134 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000545.bat

c:\combo-fix\Catch-sub.cmd
31/08/2000 08:00 663 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000099.cmd
31/08/2000 08:00 663 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000523.cmd

c:\combo-fix\CCS.bat
23/04/2009 19:34 91 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000074.bat
24/04/2009 02:03 91 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000286.bat

c:\combo-fix\CF-Script.cmd
23/04/2009 15:14 20672 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000067.cmd
24/04/2009 23:02 20707 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000524.cmd

c:\combo-fix\CF12328.exe
23/04/2009 19:34 388608 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000100.exe

c:\combo-fix\CF22426.exe
24/04/2009 02:00 388608 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000308.exe

c:\combo-fix\CHCP.bat
23/04/2009 19:34 16 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000101.bat
25/04/2009 12:27 16 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000546.bat

31/08/2000 08:00 1024 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000102.sys
31/08/2000 08:00 1024 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000512.sys

c:\combo-fix\Combobatch.bat
23/04/2009 15:14 7445 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000081.bat
24/04/2009 23:02 7469 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000547.bat

c:\combo-fix\Create.cmd
23/04/2009 16:23 5664 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000084.cmd
24/04/2009 23:03 5679 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000525.cmd

c:\combo-fix\CregC.cmd
23/04/2009 00:16 3307 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000103.cmd
24/04/2009 23:07 3310 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000504.cmd

c:\combo-fix\CSet.cmd
23/04/2009 00:16 1701 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000104.cmd
24/04/2009 22:57 1702 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000526.cmd

c:\combo-fix\DelClsid.bat
23/04/2009 00:18 1769 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000105.bat
24/04/2009 22:57 1770 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000548.bat

c:\combo-fix\Exe.reg
31/08/2000 08:00 7236 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000106.reg
31/08/2000 08:00 7236 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000511.reg

c:\combo-fix\FD-SV.cmd
23/04/2009 15:14 1368 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000085.cmd
24/04/2009 23:07 1370 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000527.cmd

c:\combo-fix\ffdefstr.dll
31/08/2000 08:00 36201 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000107.dll
31/08/2000 08:00 36201 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000541.dll

25/04/2009 16:23 2183 c:\combo-fix\files.pif
23/04/2009 21:01 2183 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000108.pif
23/04/2009 21:01 2183 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000453.pif

c:\combo-fix\FIND3M.bat
23/04/2009 19:40 26112 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000109.bat
24/04/2009 23:07 26187 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000549.bat

c:\combo-fix\FIXLSP.bat
23/04/2009 15:14 3942 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000110.bat
24/04/2009 23:07 3946 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000550.bat

c:\combo-fix\FKMGen.cmd
23/04/2009 00:16 1024 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000111.cmd
24/04/2009 23:04 1023 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000528.cmd

c:\combo-fix\FProps.vbs
31/08/2000 08:00 15388 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000112.vbs
31/08/2000 08:00 15388 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000506.vbs

c:\combo-fix\GetHive.cmd
23/04/2009 00:16 4736 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000091.cmd
24/04/2009 23:04 4746 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000529.cmd

c:\combo-fix\hidec.exe
16/08/2005 01:54 1536 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000114.exe
16/08/2005 01:54 1536 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000542.exe

c:\combo-fix\history.bat
23/04/2009 14:17 822 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000115.bat
24/04/2009 22:57 823 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000551.bat

c:\combo-fix\Install-RC.cmd
23/04/2009 15:22 5669 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000063.cmd
24/04/2009 23:07 5676 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000530.cmd

c:\combo-fix\katch.cmd
31/08/2000 08:00 754 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000116.cmd
31/08/2000 08:00 754 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000531.cmd

c:\combo-fix\Kill-All.cmd
23/04/2009 15:14 1586 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000068.cmd
24/04/2009 23:05 1589 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000532.cmd

c:\combo-fix\Kollect.bat
23/04/2009 17:57 3248 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000117.bat
24/04/2009 23:07 3253 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000552.bat

c:\combo-fix\Lang.bat
23/04/2009 00:18 157644 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000118.bat
24/04/2009 23:07 157648 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000553.bat

c:\combo-fix\List-B.bat
19/04/2009 10:47 28379 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000075.bat
25/04/2009 03:55 28773 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000554.bat

c:\combo-fix\List-C.bat
23/04/2009 20:59 199022 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000079.bat
25/04/2009 15:45 202047 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000555.bat

c:\combo-fix\List-D.bat
23/04/2009 18:17 91481 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000065.bat
24/04/2009 23:07 91483 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000556.bat

c:\combo-fix\List.bat
23/04/2009 19:23 538859 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000066.bat
25/04/2009 16:18 539828 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000557.bat

c:\combo-fix\lnkread.vbs
31/08/2000 08:00 2428 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000119.vbs
31/08/2000 08:00 2428 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000507.vbs

c:\combo-fix\LspFixed.reg
24/04/2009 02:07 133857 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000329.reg

25/04/2009 16:23 4658 c:\combo-fix\md5sum.pif
23/04/2009 21:01 4658 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000064.pif
23/04/2009 21:01 4658 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000471.pif

c:\combo-fix\MoveIt.bat
31/08/2000 08:00 2328 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000120.bat
31/08/2000 08:00 2328 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000558.bat

c:\combo-fix\n.com
31/08/2000 08:00 29696 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000121.com
31/08/2000 08:00 29696 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000516.com

c:\combo-fix\ND_.bat
23/04/2009 00:17 6008 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000122.bat
24/04/2009 23:07 6029 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000559.bat

c:\combo-fix\Nircmd.com
31/08/2000 08:00 29696 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000123.com
31/08/2000 08:00 29696 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000517.com

c:\combo-fix\NT-OS.cmd
23/04/2009 15:14 10500 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000124.cmd
24/04/2009 23:07 10517 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000533.cmd

c:\combo-fix\OSid.vbs
31/08/2000 08:00 977 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000125.vbs
31/08/2000 08:00 977 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000508.vbs

c:\combo-fix\pev.exe
21/04/2009 09:58 109568 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000126.exe
21/04/2009 09:58 109568 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000543.exe

c:\combo-fix\RegScan.cmd
23/04/2009 15:14 49939 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000089.cmd
24/04/2009 23:07 50028 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000534.cmd

c:\combo-fix\restore_pt.vbs
31/08/2000 08:00 232 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000069.vbs
31/08/2000 08:00 232 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000509.vbs

c:\combo-fix\RestoreO4.bat
23/04/2009 00:17 1766 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000128.bat
24/04/2009 23:07 1773 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000560.bat

c:\combo-fix\Rkey.cmd
31/08/2000 08:00 241 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000129.cmd
31/08/2000 08:00 241 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000535.cmd

c:\combo-fix\SafeBootRepair.bat
23/04/2009 00:20 15354 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000130.bat
24/04/2009 23:07 15360 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000561.bat

c:\combo-fix\SetEnvmt.bat
23/04/2009 13:58 12648 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000131.bat
24/04/2009 23:07 12666 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000562.bat

c:\combo-fix\SetPath.bat
24/04/2009 02:07 10931 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000343.bat

c:\combo-fix\SF.exe
10/06/2006 14:42 49152 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000132.exe
10/06/2006 14:42 49152 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000514.exe

c:\combo-fix\sfx.cmd
23/04/2009 19:34 14 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000133.cmd
25/04/2009 12:27 69 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000536.cmd

c:\combo-fix\SnapShot.cmd
23/04/2009 15:14 3124 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000086.cmd
24/04/2009 23:07 3133 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000537.cmd

c:\combo-fix\SRestore.cmd
23/04/2009 00:13 2136 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000088.cmd
24/04/2009 23:07 2140 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000538.cmd

c:\combo-fix\SuppScan.cmd
23/04/2009 00:13 17731 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000090.cmd
24/04/2009 23:07 17752 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000539.cmd

c:\combo-fix\SvcDrv.vbs
31/08/2000 08:00 2176 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000134.vbs
31/08/2000 08:00 2176 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000510.vbs

c:\combo-fix\Update-CF.cmd
23/04/2009 00:12 2735 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000168.cmd
24/04/2009 23:07 2743 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000494.cmd

C:\Delapp.bat
18/04/2009 11:18 195 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000183.bat

c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F7E788C.exe
13/10/2006 17:17 42919 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000747.exe

c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53EC35CF.exe
17/01/2007 19:52 213894 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000748.exe

c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E117B68.exe
17/11/2006 21:02 43904 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000749.exe

28/04/2009 15:01 1 c:\documents and settings\George\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
24/04/2009 15:29 1 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001114.sys
16/04/2009 22:30 1 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000362.sys

c:\documents and settings\George\Application Data\pidle\pidle.exe
21/04/2009 14:27 56832 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP1\A0000050.exe

c:\documents and settings\George\Application Data\Twain\Twain.exe
22/04/2009 10:31 61952 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP1\A0000051.exe

23/04/2009 09:07 50688 c:\documents and settings\George\Desktop\ATF-Cleaner.exe
23/04/2009 09:07 50688 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0001018.exe

c:\documents and settings\George\Desktop\Combo-Fix.exe
23/04/2009 19:33 2999148 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP4\A0000431.exe

29/04/2009 19:50 3010965 c:\documents and settings\George\Desktop\Godiva.exe
25/04/2009 21:46 3006230 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001133.exe
25/04/2009 12:27 3005109 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000751.exe

c:\documents and settings\George\Desktop\Norton_Removal_Tool.exe
25/04/2009 20:41 3063218 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0001017.exe

24/04/2009 23:00 3289 c:\godiva\Assoc.cmd
24/04/2009 23:00 3289 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001134.cmd
24/04/2009 23:00 3289 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000925.cmd

c:\godiva\Auto-RC.cmd
24/04/2009 23:01 3109 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001135.cmd
24/04/2009 23:01 3109 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000903.cmd

24/04/2009 22:55 537 c:\godiva\av.cmd
24/04/2009 22:55 537 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001136.cmd
24/04/2009 22:55 537 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000926.cmd

31/08/2000 08:00 962 c:\godiva\av.vbs
31/08/2000 08:00 962 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001137.vbs
31/08/2000 08:00 962 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000927.vbs

c:\godiva\AWF.cmd
24/04/2009 23:01 629 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001138.cmd
24/04/2009 23:01 629 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000920.cmd

24/04/2009 23:07 1868 c:\godiva\Boot-Rk.cmd
24/04/2009 23:07 1868 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001139.cmd
24/04/2009 23:07 1868 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000928.cmd

24/04/2009 23:01 7600 c:\godiva\Boot.bat
24/04/2009 23:01 7600 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001140.bat
24/04/2009 23:01 7600 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000929.bat

31/08/2000 08:00 7680 c:\godiva\BootSect.dll
31/08/2000 08:00 7680 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001141.dll
31/08/2000 08:00 7680 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000930.dll

c:\godiva\c.bat
26/04/2009 03:23 37663 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001142.bat
26/04/2009 03:23 37663 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000916.bat

31/08/2000 08:00 663 c:\godiva\Catch-sub.cmd
31/08/2000 08:00 663 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001143.cmd
31/08/2000 08:00 663 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000931.cmd

29/04/2009 19:52 91 c:\godiva\CCS.bat
29/04/2009 19:50 91 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP11\A0001212.bat
25/04/2009 23:41 91 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000911.bat

c:\godiva\CF-Script.cmd
24/04/2009 23:02 20707 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001144.cmd
24/04/2009 23:02 20707 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000908.cmd

c:\godiva\CF12852.exe
25/04/2009 21:47 388608 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP7\A0000858.exe

c:\godiva\CF2440.exe
25/04/2009 23:41 388608 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000932.exe

29/04/2009 19:50 16 c:\godiva\CHCP.bat
29/04/2009 19:48 16 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001145.bat
25/04/2009 23:41 16 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000933.bat

31/08/2000 08:00 1024 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001146.sys
31/08/2000 08:00 1024 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000934.sys

c:\godiva\Combobatch.bat
24/04/2009 23:02 7469 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001147.bat
24/04/2009 23:02 7469 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000915.bat

c:\godiva\Create.cmd
26/04/2009 03:57 5680 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001148.cmd
26/04/2009 03:57 5680 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000917.cmd

24/04/2009 23:07 3310 c:\godiva\CregC.cmd
24/04/2009 23:07 3310 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001149.cmd
24/04/2009 23:07 3310 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000935.cmd

24/04/2009 22:57 1702 c:\godiva\CSet.cmd
24/04/2009 22:57 1702 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001150.cmd
24/04/2009 22:57 1702 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000936.cmd

24/04/2009 22:57 1770 c:\godiva\DelClsid.bat
24/04/2009 22:57 1770 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001151.bat
24/04/2009 22:57 1770 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000937.bat

31/08/2000 08:00 7236 c:\godiva\Exe.reg
31/08/2000 08:00 7236 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001152.reg
31/08/2000 08:00 7236 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000938.reg

c:\godiva\FD-SV.cmd
24/04/2009 23:07 1370 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001153.cmd
24/04/2009 23:07 1370 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000918.cmd

31/08/2000 08:00 36201 c:\godiva\ffdefstr.dll
31/08/2000 08:00 36201 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001154.dll
31/08/2000 08:00 36201 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000939.dll

30/04/2009 00:05 2183 c:\godiva\files.pif
26/04/2009 03:57 2183 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001155.pif
26/04/2009 03:57 2183 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000940.pif

29/04/2009 00:11 26608 c:\godiva\FIND3M.bat
24/04/2009 23:07 26187 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001156.bat
24/04/2009 23:07 26187 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000941.bat

24/04/2009 23:07 3946 c:\godiva\FIXLSP.bat
24/04/2009 23:07 3946 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001157.bat
24/04/2009 23:07 3946 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000942.bat

24/04/2009 23:04 1023 c:\godiva\FKMGen.cmd
24/04/2009 23:04 1023 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001158.cmd
24/04/2009 23:04 1023 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000943.cmd

31/08/2000 08:00 15388 c:\godiva\FProps.vbs
31/08/2000 08:00 15388 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001159.vbs
31/08/2000 08:00 15388 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000944.vbs

28/04/2009 00:11 4896 c:\godiva\GetHive.cmd
24/04/2009 23:04 4746 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001160.cmd
24/04/2009 23:04 4746 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000924.cmd

16/08/2005 01:54 1536 c:\godiva\hidec.exe
16/08/2005 01:54 1536 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001161.exe
16/08/2005 01:54 1536 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000946.exe

24/04/2009 22:57 823 c:\godiva\history.bat
24/04/2009 22:57 823 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001162.bat
24/04/2009 22:57 823 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000947.bat

c:\godiva\Install-RC.cmd
24/04/2009 23:07 5676 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001163.cmd
24/04/2009 23:07 5676 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000904.cmd

31/08/2000 08:00 754 c:\godiva\katch.cmd
31/08/2000 08:00 754 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001164.cmd
31/08/2000 08:00 754 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000948.cmd

c:\godiva\Kill-All.cmd
24/04/2009 23:05 1589 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001165.cmd
24/04/2009 23:05 1589 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000909.cmd

24/04/2009 23:07 3253 c:\godiva\Kollect.bat
24/04/2009 23:07 3253 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001166.bat
24/04/2009 23:07 3253 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000949.bat

24/04/2009 23:07 157648 c:\godiva\Lang.bat
24/04/2009 23:07 157648 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001167.bat
24/04/2009 23:07 157648 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000950.bat

c:\godiva\List-B.bat
25/04/2009 03:55 28773 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001168.bat
25/04/2009 03:55 28773 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000912.bat

c:\godiva\List-C.bat
26/04/2009 03:54 202013 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001169.bat
26/04/2009 03:54 202013 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000914.bat

c:\godiva\List-D.bat
24/04/2009 23:07 91483 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001170.bat
24/04/2009 23:07 91483 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000906.bat

c:\godiva\List.bat
26/04/2009 03:23 540086 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001171.bat
26/04/2009 03:23 540086 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000907.bat

31/08/2000 08:00 2428 c:\godiva\lnkread.vbs
31/08/2000 08:00 2428 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001172.vbs
31/08/2000 08:00 2428 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000951.vbs

29/04/2009 19:52 4828 c:\godiva\md5sum.pif
26/04/2009 03:57 4658 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001173.pif
26/04/2009 03:57 4658 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000905.pif

31/08/2000 08:00 2328 c:\godiva\MoveIt.bat
31/08/2000 08:00 2328 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001174.bat
31/08/2000 08:00 2328 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000952.bat

31/08/2000 08:00 29696 c:\godiva\n.com
31/08/2000 08:00 29696 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001175.com
31/08/2000 08:00 29696 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000953.com

29/04/2009 23:58 6035 c:\godiva\ND_.bat
24/04/2009 23:07 6029 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001176.bat
24/04/2009 23:07 6029 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000954.bat

31/08/2000 08:00 29696 c:\godiva\Nircmd.com
31/08/2000 08:00 29696 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001177.com
31/08/2000 08:00 29696 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000955.com

29/04/2009 05:00 10637 c:\godiva\NT-OS.cmd
24/04/2009 23:07 10517 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001178.cmd
24/04/2009 23:07 10517 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000956.cmd

31/08/2000 08:00 977 c:\godiva\OSid.vbs
31/08/2000 08:00 977 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001179.vbs
31/08/2000 08:00 977 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000957.vbs

29/04/2009 12:29 115712 c:\godiva\pev.exe
25/04/2009 13:59 111104 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001180.exe
25/04/2009 13:59 111104 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000958.exe

28/04/2009 16:21 49906 c:\godiva\RegScan.cmd
24/04/2009 23:07 50028 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001182.cmd
24/04/2009 23:07 50028 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000922.cmd

c:\godiva\restore_pt.vbs
31/08/2000 08:00 232 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001184.vbs
31/08/2000 08:00 232 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000910.vbs

24/04/2009 23:07 1773 c:\godiva\RestoreO4.bat
24/04/2009 23:07 1773 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001183.bat
24/04/2009 23:07 1773 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000960.bat

31/08/2000 08:00 241 c:\godiva\Rkey.cmd
31/08/2000 08:00 241 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001185.cmd
31/08/2000 08:00 241 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000961.cmd

24/04/2009 23:07 15360 c:\godiva\SafeBootRepair.bat
24/04/2009 23:07 15360 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001186.bat
24/04/2009 23:07 15360 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000962.bat

29/04/2009 20:01 12661 c:\godiva\SetEnvmt.bat
24/04/2009 23:07 12666 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001187.bat
24/04/2009 23:07 12666 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000963.bat

10/06/2006 14:42 49152 c:\godiva\SF.exe
10/06/2006 14:42 49152 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001188.exe
10/06/2006 14:42 49152 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000964.exe

29/04/2009 19:50 69 c:\godiva\sfx.cmd
29/04/2009 19:48 69 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001189.cmd
25/04/2009 23:41 69 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000965.cmd

c:\godiva\SnapShot.cmd
24/04/2009 23:07 3133 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001190.cmd
24/04/2009 23:07 3133 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000919.cmd

24/04/2009 23:07 2140 c:\godiva\SRestore.cmd
24/04/2009 23:07 2140 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001191.cmd
24/04/2009 23:07 2140 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000921.cmd

24/04/2009 23:07 17752 c:\godiva\SuppScan.cmd
24/04/2009 23:07 17752 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001192.cmd
24/04/2009 23:07 17752 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000923.cmd

31/08/2000 08:00 2176 c:\godiva\SvcDrv.vbs
31/08/2000 08:00 2176 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001193.vbs
31/08/2000 08:00 2176 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000966.vbs

c:\godiva\Update-CF.cmd
24/04/2009 23:07 2743 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001195.cmd
24/04/2009 23:07 2743 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP7\A0000897.cmd

C:\jjomgvxe.exe
21/04/2009 14:27 7680 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP1\A0000052.exe

C:\kvjkpsbk.exe
21/04/2009 14:27 159744 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP1\A0000055.exe

C:\mxntwq.exe
21/04/2009 14:27 23040 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP1\A0000056.exe

09/12/2002 20:20 73766 c:\program files\AVIConverter\atrc3260.dll
09/12/2002 20:20 73766 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000648.dll

10/08/2006 09:08 1994752 c:\program files\AVIConverter\AVIConverter.exe
10/08/2006 09:08 1994752 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000647.exe

03/05/2001 07:30 69632 c:\program files\AVIConverter\avimszh.dll
03/05/2001 07:30 69632 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000646.dll

03/05/2001 07:30 114688 c:\program files\AVIConverter\avizlib.dll
03/05/2001 07:30 114688 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000645.dll

20/04/2002 17:58 312832 c:\program files\AVIConverter\CLRVIDDC.DLL
20/04/2002 17:58 312832 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000644.DLL

09/12/2002 20:20 65575 c:\program files\AVIConverter\cook3260.dll
09/12/2002 20:20 65575 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000643.dll

03/07/2005 01:30 1295582 c:\program files\AVIConverter\cygwin1.dll
03/07/2005 01:30 1295582 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000642.dll

28/08/2001 14:26 520192 c:\program files\AVIConverter\divx.dll
28/08/2001 14:26 520192 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000641.dll

24/01/2001 02:28 412160 c:\program files\AVIConverter\divxc32.dll
24/01/2001 02:28 412160 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000640.dll

09/12/2002 19:22 176165 c:\program files\AVIConverter\drv23260.dll
09/12/2002 19:22 176165 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000637.dll

09/12/2002 19:24 208935 c:\program files\AVIConverter\drv33260.dll
09/12/2002 19:24 208935 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000636.dll

09/12/2002 19:27 217127 c:\program files\AVIConverter\drv43260.dll
09/12/2002 19:27 217127 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000635.dll

11/09/2004 08:38 1976615 c:\program files\AVIConverter\ffdshow.exe
11/09/2004 08:38 1976615 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000634.exe

01/08/2000 15:41 391680 c:\program files\AVIConverter\i263_32.drv
01/08/2000 15:41 391680 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000633.drv

13/07/2000 22:52 199168 c:\program files\AVIConverter\ir32_32.dll
13/07/2000 22:52 199168 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000632.dll

07/07/1997 04:32 739328 c:\program files\AVIConverter\ir41_32.dll
07/07/1997 04:32 739328 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000631.dll

09/03/2000 13:17 755200 c:\program files\AVIConverter\ir50_32.dll
09/03/2000 13:17 755200 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000630.dll

27/02/2004 14:26 1785856 c:\program files\AVIConverter\libavcodec.dll
27/02/2004 14:26 1785856 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000628.dll

12/03/2006 09:37 10311680 c:\program files\AVIConverter\mencoder.exe
12/03/2006 09:37 10311680 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000626.exe

26/06/1999 08:31 254272 c:\program files\AVIConverter\mpg4c32.dll
26/06/1999 08:31 254272 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000625.dll

26/06/2001 09:53 167696 c:\program files\AVIConverter\msh261.drv
26/06/2001 09:53 167696 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000623.drv

05/05/1999 15:22 28672 c:\program files\AVIConverter\msrle32.dll
05/05/1999 15:22 28672 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000621.dll

23/03/2001 12:30 30208 c:\program files\AVIConverter\msvidc32.dll
23/03/2001 12:30 30208 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000619.dll

16/11/2001 13:10 45056 c:\program files\AVIConverter\pclepim1.dll
16/11/2001 13:10 45056 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000617.dll

12/09/2003 12:20 278528 c:\program files\AVIConverter\pncrt.dll
12/09/2003 12:20 278528 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000616.dll

29/01/2001 02:08 225552 c:\program files\AVIConverter\qdv.dll
29/01/2001 02:08 225552 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000615.dll

09/12/2002 19:20 102439 c:\program files\AVIConverter\sipr3260.dll
09/12/2002 19:20 102439 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000614.dll

09/06/2002 11:34 49152 c:\program files\AVIConverter\tokr3260.dll
09/06/2002 11:34 49152 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000612.dll

15/11/2005 02:53 61542 c:\program files\AVIConverter\toolame.dll
15/11/2005 02:53 61542 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000611.dll

19/12/2004 10:51 573440 c:\program files\AVIConverter\tvqdec.dll
19/12/2004 10:51 573440 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000610.dll

29/10/2003 09:40 28672 c:\program files\AVIConverter\ultimo.dll
29/10/2003 09:40 28672 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000609.dll

25/04/2009 13:16 63014 c:\program files\AVIConverter\uninst.exe
25/04/2009 12:40 63014 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000597.exe

18/08/2003 11:52 82432 c:\program files\AVIConverter\vdowave.drv
18/08/2003 11:52 82432 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000608.drv

29/10/2002 10:03 409720 c:\program files\AVIConverter\wma9dmod.dll
29/10/2002 10:03 409720 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000606.dll

28/10/2002 07:11 410216 c:\program files\AVIConverter\wmadmod.dll
28/10/2002 07:11 410216 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000605.dll

10/08/2004 17:44 773368 c:\program files\AVIConverter\wmsdmod.dll
10/08/2004 17:44 773368 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000604.dll

28/10/2002 07:12 486504 c:\program files\AVIConverter\wmspdmod.dll
28/10/2002 07:12 486504 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000603.dll

20/11/2002 14:03 807032 c:\program files\AVIConverter\wmv9dmod.dll
20/11/2002 14:03 807032 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000601.dll

18/10/2004 01:33 1181944 c:\program files\AVIConverter\wmvadvd.dll
18/10/2004 01:33 1181944 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000600.dll

28/10/2002 07:12 807528 c:\program files\AVIConverter\wmvdmod.dll
28/10/2002 07:12 807528 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000599.dll

c:\program files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
30/11/2006 10:00 387384 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000694.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\20061224.008\CCERASER.DLL
01/12/2006 10:00 2406200 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000696.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20061224.008\ECMSVR32.DLL
06/11/2006 18:21 272040 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000698.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20061224.008\EECTRL.SYS
01/12/2006 10:00 387384 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000699.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20061224.008\ERASER.SYS
01/12/2006 10:00 102712 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000701.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20061224.008\NAVENG.SYS
15/12/2006 10:00 80408 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000702.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20061224.008\NAVENG32.DLL
06/11/2006 18:21 124584 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000704.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20061224.008\NAVEX15.SYS
15/12/2006 10:00 833048 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000705.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20061224.008\NAVEX32A.DLL
06/11/2006 18:21 882344 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000707.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20061225.006\CCERASER.DLL
01/12/2006 10:00 2406200 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000713.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20061225.006\ECMSVR32.DLL
06/11/2006 18:21 272040 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000715.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20061225.006\EECTRL.SYS
01/12/2006 10:00 387384 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000716.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20061225.006\ERASER.SYS
01/12/2006 10:00 102712 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000718.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20061225.006\NAVENG.SYS
15/12/2006 10:00 80408 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000719.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20061225.006\NAVENG32.DLL
06/11/2006 18:21 124584 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000721.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20061225.006\NAVEX15.SYS
15/12/2006 10:00 833048 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000722.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20061225.006\NAVEX32A.DLL
06/11/2006 18:21 882344 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000724.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\cceraser.dll
06/11/2006 18:21 2410856 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000730.dll

c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\ecmsvr32.dll
06/11/2006 18:21 272040 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000732.dll

c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\eeCtrl.sys
06/11/2006 18:21 387432 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000733.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\eraser.sys
06/11/2006 18:21 102760 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000735.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.sys
06/11/2006 18:21 79240 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000736.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng32.dll
06/11/2006 18:21 124584 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000738.dll

c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.sys
06/11/2006 18:21 831880 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000739.sys

c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\navex32a.dll
06/11/2006 18:21 882344 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000741.dll

c:\program files\DOSBox-0.65\DOSBox.exe
29/03/2006 15:16 2364416 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000136.exe

c:\program files\DOSBox-0.65\SDL.dll
09/02/2006 16:10 405884 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000137.dll

c:\program files\DOSBox-0.65\SDL_net.dll
09/02/2006 16:10 27195 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000138.dll

c:\program files\DOSBox-0.65\uninstall.exe
06/11/2006 02:03 34402 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000141.exe

c:\program files\DOSBox-0.65\zmbv\zmbv.dll
13/02/2006 09:43 94208 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000139.dll

c:\program files\DOSBox-0.71\dosbox.exe
27/07/2007 21:48 3120640 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000149.exe

c:\program files\DOSBox-0.71\SDL.dll
17/06/2007 20:03 326656 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000150.dll

c:\program files\DOSBox-0.71\SDL_net.dll
02/03/2007 10:18 13312 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000151.dll

c:\program files\DOSBox-0.71\uninstall.exe
05/08/2007 01:11 35296 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000154.exe

c:\program files\DOSBox-0.71\zmbv\zmbv.dll
02/03/2007 11:44 94208 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000152.dll

26/04/2009 00:07 17400 c:\program files\Mozilla Firefox\AccessibleMarshal.dll
15/04/2009 17:13 17400 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000970.dll

26/04/2009 00:07 23032 c:\program files\Mozilla Firefox\components\browserdirprovider.dll
15/04/2009 17:13 23032 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000972.dll

26/04/2009 00:07 134648 c:\program files\Mozilla Firefox\components\brwsrcmp.dll
15/04/2009 17:13 134648 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000973.dll

26/04/2009 00:07 185848 c:\program files\Mozilla Firefox\crashreporter.exe
15/04/2009 17:13 185848 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000974.exe

26/04/2009 00:07 307704 c:\program files\Mozilla Firefox\firefox.exe
15/04/2009 17:13 307704 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000975.exe

26/04/2009 00:07 233472 c:\program files\Mozilla Firefox\freebl3.dll
15/04/2009 17:13 233472 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000976.dll

26/04/2009 00:07 697848 c:\program files\Mozilla Firefox\js3250.dll
15/04/2009 17:13 697848 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000977.dll

26/04/2009 00:07 710136 c:\program files\Mozilla Firefox\mozcrt19.dll
15/04/2009 17:13 710136 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000978.dll

26/04/2009 00:07 198136 c:\program files\Mozilla Firefox\nspr4.dll
15/04/2009 17:13 198136 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000979.dll

26/04/2009 00:07 718328 c:\program files\Mozilla Firefox\nss3.dll
15/04/2009 17:13 718328 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000980.dll

26/04/2009 00:07 292344 c:\program files\Mozilla Firefox\nssckbi.dll
15/04/2009 17:13 292344 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000981.dll

26/04/2009 00:07 103928 c:\program files\Mozilla Firefox\nssdbm3.dll
15/04/2009 17:13 103928 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000982.dll

26/04/2009 00:07 87544 c:\program files\Mozilla Firefox\nssutil3.dll
15/04/2009 17:13 87544 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000983.dll

26/04/2009 00:07 20472 c:\program files\Mozilla Firefox\plc4.dll
15/04/2009 17:13 20472 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000985.dll

26/04/2009 00:07 17400 c:\program files\Mozilla Firefox\plds4.dll
15/04/2009 17:13 17400 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000986.dll

26/04/2009 00:07 65528 c:\program files\Mozilla Firefox\plugins\npnul32.dll
15/04/2009 17:13 65528 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000987.dll

26/04/2009 00:07 103928 c:\program files\Mozilla Firefox\smime3.dll
15/04/2009 17:13 103928 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000988.dll

26/04/2009 00:07 151552 c:\program files\Mozilla Firefox\softokn3.dll
15/04/2009 17:13 151552 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000989.dll

26/04/2009 00:07 395768 c:\program files\Mozilla Firefox\sqlite3.dll
15/04/2009 17:14 395768 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000990.dll

26/04/2009 00:07 136696 c:\program files\Mozilla Firefox\ssl3.dll
15/04/2009 17:14 136696 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000991.dll

26/04/2009 00:07 509528 c:\program files\Mozilla Firefox\uninstall\helper.exe
15/04/2009 17:14 509528 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000992.exe

26/04/2009 00:07 242168 c:\program files\Mozilla Firefox\updater.exe
15/04/2009 17:14 242168 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000993.exe

26/04/2009 00:07 17912 c:\program files\Mozilla Firefox\xpcom.dll
15/04/2009 17:14 17912 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000994.dll

26/04/2009 00:08 9758200 c:\program files\Mozilla Firefox\xul.dll
15/04/2009 17:14 9732600 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP8\A0000995.dll

28/04/2009 15:01 1 c:\program files\OpenOffice.org 3\share\uno_packages\cache\stamp.sys
24/04/2009 15:29 1 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP10\A0001115.sys
16/04/2009 22:30 1 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000363.sys

c:\program files\uTorrent\uTorrent.exe
09/02/2009 13:53 270128 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP2\A0000164.exe

c:\program files\WinMX\OLEDLG.DLL
07/06/2006 17:49 61440 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000394.DLL

c:\program files\WinMX\uninstallmx.exe
05/06/2007 12:22 48033 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000395.exe

c:\program files\WinMX\WinMX.exe
10/03/2006 11:24 1069056 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000396.exe

c:\sdfix\apps\assosfix.reg
25/10/2008 20:37 1214 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000195.reg

c:\sdfix\apps\Cghtme.exe
07/08/2008 15:27 145920 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000196.exe

c:\sdfix\apps\cliptext.exe
07/08/2008 15:26 10240 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000197.exe

c:\sdfix\apps\download.exe
07/08/2008 15:27 61440 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000199.exe

c:\sdfix\apps\dummy.sys
07/08/2008 15:27 1024 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000200.sys

c:\sdfix\apps\Enable_Command_Prompt.reg
07/08/2008 15:27 344 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000202.reg

c:\sdfix\apps\ERUNT.EXE
07/08/2008 15:27 157696 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000203.EXE

c:\sdfix\apps\fix.reg
07/08/2008 15:27 4538 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000204.reg

c:\sdfix\apps\FixBeep.reg
12/08/2008 23:15 748 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000205.reg

c:\sdfix\apps\FixBH.reg
06/11/2008 00:57 306649 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000206.reg

c:\sdfix\apps\FixComponents.reg
07/08/2008 15:27 2010 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000207.reg

c:\sdfix\apps\FIXCU.reg
04/11/2008 02:17 45016 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000208.reg

c:\sdfix\apps\FIXLM.reg
05/11/2008 13:14 88390 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000209.reg

c:\sdfix\apps\FixPath.exe
07/08/2008 15:27 27136 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000210.exe

c:\sdfix\apps\FixRedir.reg
07/08/2008 15:27 619 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000211.reg

c:\sdfix\apps\FixSchedule.reg
07/08/2008 15:27 826 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000212.reg

c:\sdfix\apps\FixWebCheck.reg
07/08/2008 15:27 932 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000213.reg

c:\sdfix\apps\fixXP.reg
07/08/2008 15:27 1610 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000214.reg

c:\sdfix\apps\FixXPsp2.reg
07/08/2008 15:27 404 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000215.reg

c:\sdfix\apps\grep.exe
07/08/2008 15:27 80412 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000216.exe

c:\sdfix\apps\HaxdFix.reg
07/08/2008 15:27 1069 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000217.reg

c:\sdfix\apps\HPFix.reg
30/09/2008 20:22 828 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000218.reg

c:\sdfix\apps\HPFix2.reg
30/09/2008 20:18 164 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000219.reg

c:\sdfix\apps\HPFix3.reg
30/09/2008 20:19 1744 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000220.reg

c:\sdfix\apps\HPFix4.reg
07/08/2008 15:27 1400 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000221.reg

c:\sdfix\apps\HPFix5.reg
07/08/2008 15:27 690 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000222.reg

c:\sdfix\apps\HPFix6.reg
30/09/2008 20:19 1116 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000223.reg

c:\sdfix\apps\HPFix7.reg
30/09/2008 20:20 2232 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000224.reg

c:\sdfix\apps\HPFix8.reg
07/08/2008 15:27 1360 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000225.reg

c:\sdfix\apps\HPFix9.reg
26/10/2008 16:10 4134 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000226.reg

c:\sdfix\apps\isadmin.exe
07/08/2008 15:27 33280 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000227.exe

c:\sdfix\apps\locate.com
09/12/2003 00:31 11254 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000228.com

c:\sdfix\apps\LS.exe
07/08/2008 15:27 49152 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000229.exe

c:\sdfix\apps\MD5File.exe
07/08/2008 15:27 6656 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000230.exe

c:\sdfix\apps\moveex.exe
07/08/2008 15:27 38400 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000231.exe

c:\sdfix\apps\MyGcpvFix.reg
07/08/2008 15:27 402 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000232.reg

c:\sdfix\apps\MyGkFix2.reg
07/08/2008 15:27 2286 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000233.reg

c:\sdfix\apps\Process.exe
07/08/2008 15:27 53248 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000234.exe

c:\sdfix\apps\procs.exe
07/08/2008 15:27 16414 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000235.exe

c:\sdfix\apps\psservice.exe
07/08/2008 15:27 61440 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000236.exe

c:\sdfix\apps\Replace\regedit.exe
07/08/2008 15:27 146432 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000237.exe

c:\sdfix\apps\Replace\w2k\beep.sys
07/08/2008 15:27 4080 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000238.sys

c:\sdfix\apps\Replace\w2k\command.com
19/06/2003 11:05 50620 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000239.com

c:\sdfix\apps\Replace\w2k\command.PIF
21/08/2008 09:45 2855 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000240.PIF

c:\sdfix\apps\Replace\w2k\null.sys
07/08/2008 15:27 2800 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000241.sys

c:\sdfix\apps\Replace\xp\beep.sys
07/08/2008 15:27 4224 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000242.sys

c:\sdfix\apps\Replace\xp\command.com
18/08/2001 12:00 50620 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000243.com

c:\sdfix\apps\Replace\xp\command.PIF
21/08/2008 09:45 2855 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000244.PIF

c:\sdfix\apps\Replace\xp\null.sys
07/08/2008 15:27 2944 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000245.sys

c:\sdfix\apps\Reset_AppInit_DLLs.reg
07/08/2008 15:27 134 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000246.reg

c:\sdfix\apps\RestartIt!.exe
07/08/2008 15:27 8192 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000247.exe

c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
08/12/2007 10:50 24098 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000248.reg

c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
14/09/2008 00:11 25528 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000249.reg

c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
18/02/2007 23:21 27054 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000250.reg

c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
29/07/2008 23:06 27144 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000251.reg

c:\sdfix\apps\Restore_SecurityCenter.reg
07/08/2008 15:27 3654 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000252.reg

c:\sdfix\apps\Restore_SharedAccess.reg
07/08/2008 15:27 5768 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000253.reg

c:\sdfix\apps\sc.exe
07/08/2008 15:27 31232 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000254.exe

c:\sdfix\apps\sed.exe
07/08/2008 15:27 98816 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000255.exe

c:\sdfix\apps\SF.exe
07/08/2008 15:27 49152 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000256.exe

c:\sdfix\apps\shutdown.exe
07/08/2008 15:27 19456 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000257.exe

c:\sdfix\apps\UnRAR.exe
16/09/2008 19:17 204800 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000260.exe

c:\sdfix\apps\unzip.exe
07/08/2008 15:27 167936 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000261.exe

c:\sdfix\apps\WINMSG.EXE
07/08/2008 15:27 41472 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000263.EXE

c:\sdfix\apps\winsec.reg
07/08/2008 15:27 304 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000264.reg

c:\sdfix\apps\zip.exe
07/08/2008 15:27 126976 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000265.exe

c:\sdfix\catchme.exe
07/08/2008 15:27 145920 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000266.exe

c:\sdfix\DBFix.bat
08/10/2008 23:41 11932 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000267.bat

c:\sdfix\dummy.sys
07/08/2008 15:27 1024 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000268.sys

c:\sdfix\RunThis.bat
06/11/2008 00:58 964661 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000269.bat

c:\windows\Installer\{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}\ARPPRODUCTICON.exe
25/04/2009 12:52 10134 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000583.exe

c:\windows\Installer\{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}\Consumer.exe_7C6999B21A354F2C8DB73CB46B640CC9.exe
25/04/2009 12:52 40960 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP6\A0000584.exe

c:\windows\system32\ak1.exe
21/04/2009 14:42 21504 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP1\A0000053.exe

c:\windows\system32\AVSredirect.dll
14/07/2005 12:31 27648 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP7\A0000834.dll

c:\windows\system32\hf873uwndf.dll
21/04/2009 14:26 15000 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP1\A0000054.dll

c:\windows\system32\nonoleve.exe
21/04/2009 14:32 50688 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP3\A0000272.exe

c:\windows\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe
01/08/2005 08:35 704512 {DD64BBA6-607D-4062-BDDD-5D50BBD1E35B}\RP7\A0000828.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-03-16 634880]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 53248]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 262144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-18 16143872]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-18 89541]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-08-11 266240]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\inf\\explorer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22178:TCP"= 22178:TCP:BitComet 22178 TCP
"22178:UDP"= 22178:UDP:BitComet 22178 UDP

S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2007-11-14 101120]
S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2007-11-14 33408]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2007-11-14 69632]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2007-11-28 98304]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2006-04-18 98816]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-06-27 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2006-05-22 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B98AAA0F-DE81-4AC5-B45A-FACC2E6BC232} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\g3sq6njz.default\
FF - prefs.js: browser.startup.homepage - hxxp://vle.coventry.ac.uk/webct/entryPageIns.dowebct
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 19:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(940)
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2009-04-29 19:58
ComboFix-quarantined-files.txt 2009-04-29 18:57
ComboFix2.txt 2009-04-25 22:48
ComboFix3.txt 2009-04-25 20:55
ComboFix4.txt 2009-04-24 01:17
ComboFix5.txt 2009-04-29 18:50

Pre-Run: 177,676,288 bytes free
Post-Run: 184,799,232 bytes free

966
nineinchheel
Regular Member
 
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Please help a lost soul

Unread postby dan12 » April 30th, 2009, 5:05 am

Ok, sorry for delays but I'm mailing to others also regarding this issue as your machine doesn't have a clean copy of the file I need.
Are you able to get access to another xp machine which is the same as yours? If yes just let me know, then I will give you further Instruction before you proceed as it needs to be carried out in order.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby nineinchheel » April 30th, 2009, 5:37 am

I suspect I can get to another machine which is windows XP SP 2, is that what you mean? Or do they need to have other common features?
nineinchheel
Regular Member
 
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Please help a lost soul

Unread postby dan12 » April 30th, 2009, 2:57 pm

If it was home edition that would be good as that's the same as yours if not I will need to check if xp pro or media centre would be just as good :)
Other than this issue hope things are keeping ok, trying to keep you up to date :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware