Defender.exe

**scotsking** · 2011-08-15, 23:45

Hi

Rebooted in safe mode with networking and combofix started. txt file below

ComboFix 11-08-15.07 - Shirley King 15/08/2011 22:21:23.6.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.791 [GMT 1:00]
Running from: c:\documents and settings\Shirley King\Desktop\ComboFix.exe
AV: Virgin Media Security Anti-Virus *Enabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Virgin Media Security Firewall *Enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Shirley King\Application Data\Adobe\plugs
c:\documents and settings\Shirley King\Application Data\Adobe\shed
c:\documents and settings\Shirley King\Application Data\Adobe\shed\thr1.chm
c:\documents and settings\Shirley King\Application Data\PriceGong
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Shirley King\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Shirley King\WINDOWS
c:\windows\$NtUninstallKB1802$
c:\windows\$NtUninstallKB1802$\1603512166\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB1802$\1603512166\click.tlb
c:\windows\$NtUninstallKB1802$\1603512166\L\pdmzmplg
c:\windows\$NtUninstallKB1802$\1603512166\loader.tlb
c:\windows\$NtUninstallKB1802$\1603512166\U\@00000001
c:\windows\$NtUninstallKB1802$\1603512166\U\@000000c0
c:\windows\$NtUninstallKB1802$\1603512166\U\@000000cb
c:\windows\$NtUninstallKB1802$\1603512166\U\@000000cf
c:\windows\$NtUninstallKB1802$\1603512166\U\@80000000
c:\windows\$NtUninstallKB1802$\1603512166\U\@800000c0
c:\windows\$NtUninstallKB1802$\1603512166\U\@800000cb
c:\windows\$NtUninstallKB1802$\1603512166\U\@800000cf
c:\windows\$NtUninstallKB1802$\1896645999
c:\windows\system32\c_16845.nls
c:\windows\system32\regobj.dll
c:\windows\system32\rnaph.dll
c:\windows\system32\system
c:\windows\system32\Thumbs.db
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it

Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))
.
.
2011-08-15 17:30 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-14 18:40 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-14 18:40 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-02 20:14 . 2011-08-02 20:14 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-02 19:55 . 2011-08-02 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-31 09:51 . 2011-07-31 09:51 -------- d-----w- c:\program files\ERUNT
2011-07-28 20:27 . 2011-07-28 20:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-28 20:17 . 2011-07-28 20:17 -------- d-----w- c:\documents and settings\Shirley King\Local Settings\Application Data\Threat Expert
2011-07-28 19:55 . 2011-07-28 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-07-28 19:55 . 2011-07-28 19:55 -------- d-----w- c:\program files\IObit
2011-07-28 19:29 . 2011-04-27 14:37 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-28 19:29 . 2011-04-27 14:36 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-28 19:29 . 2011-04-27 14:37 2074576 ----a-w- c:\windows\PCTBDCore.dll
2011-07-28 19:29 . 2011-04-27 14:37 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-07-28 19:27 . 2011-07-28 20:41 -------- d-----w- c:\program files\Spyware Doctor
2011-07-28 19:27 . 2011-07-28 20:41 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-20 08:56 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-07-20 08:56 . 2011-02-18 17:38 39984 ----a-r- c:\windows\system32\drivers\vmwvusb.sys
2011-07-20 08:55 . 2011-07-20 08:55 -------- d-----w- c:\program files\Common Files\VMware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-28 19:04 . 2009-11-05 23:15 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2011-07-28 19:03 . 2009-11-05 23:15 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2011-07-15 13:29 . 2006-02-20 23:01 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2005-08-16 04:18 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 18:52 . 2008-08-03 09:18 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 18:52 . 2008-08-03 09:18 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-24 14:10 . 2005-08-16 04:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2005-08-16 04:18 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2005-08-16 04:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2005-08-16 04:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2005-08-16 04:18 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2005-08-16 04:18 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2005-08-16 04:18 1858944 ----a-w- c:\windows\system32\win32k.sys
2009-11-22 15:34 . 2009-11-22 15:37 85504 ----a-w- c:\program files\Inherit.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoBackuped]
@="{7E5951A0-8683-432A-9483-5F43168D6A8C}"
[HKEY_CLASSES_ROOT\CLSID\{7E5951A0-8683-432A-9483-5F43168D6A8C}]
2011-04-04 09:35 3047088 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoSelected]
@="{15054241-49B4-4FA6-B4C7-A0071F118110}"
[HKEY_CLASSES_ROOT\CLSID\{15054241-49B4-4FA6-B4C7-A0071F118110}]
2011-04-04 09:35 3047088 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Backup & Storage"="c:\program files\VirginMedia\V Stuff Backup\Backup & Storage.exe" [2011-04-04 12273328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
"RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-11-07 172032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-03-16 300992]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"PCTools FGuard"="c:\program files\Spyware Doctor\BDT\FGuard.exe" [2011-04-27 247760]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Shirley King\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-2-21 156784]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2007-10-20 303104]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-3-2 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-3-2 106496]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest wsauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Documents and Settings\\Shirley King\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Elements Organizer 8.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\VMware\\VMware View\\Client\\bin\\vmware-remotemks.exe"=
"c:\\Program Files\\VMware\\VMware View\\Client\\bin\\wswc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [20/06/2010 11:10 25608]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [28/07/2011 20:03 5832712]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [20/06/2010 11:10 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [20/06/2010 11:10 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [20/06/2010 11:10 25736]
R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\drivers\vmwvusb.sys [20/07/2011 09:56 39984]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe --> c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [?]
S2 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe" --> c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [?]
S2 DolphinInterceptorStartup;Dolphin Utility Service;c:\windows\system32\dolserve.exe --> c:\windows\system32\dolserve.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2010 18:10 135664]
S2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 12:17 165408]
S2 ServicepointService;ServicepointService;"c:\program files\Virgin Media\Service Manager\ServicepointService.exe" --> c:\program files\Virgin Media\Service Manager\ServicepointService.exe [?]
S2 wsnm;VMware View Client;"c:\program files\VMware\VMware View\Client\bin\wsnm.exe" -SCMStartup --> c:\program files\VMware\VMware View\Client\bin\wsnm.exe [?]
S2 wsnm_usbctrl;VMware View USB Control;"c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe" -SCMStartup --> c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2010 18:10 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:10]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:10]
.
.
------- Supplementary Scan -------
.
uStart Page = www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Similar Pages
IE: Translate Page into English
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Shirley King\Application Data\Mozilla\Firefox\Profiles\8rr57ers.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\Spyware Doctor\BDT\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{A386D4B0-FDDB-4E1C-AE61-4F014013CD9B} - (no file)
HKCU-Run-V Stuff Backup - c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
AddRemove-AVS4YOU Video Converter 6_is1 - c:\my downloads\AVSVideoConverter6\unins000.exe
AddRemove-MovieJoiner - c:\documents and settings\Nick Parker\My Documents\Palm T3\Power One\Movie Joiner\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-15 22:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\wsauth.dll
.
- - - - - - - > 'lsass.exe'(1008)
c:\windows\system32\wsauth.dll
.
- - - - - - - > 'explorer.exe'(3384)
c:\windows\system32\WININET.dll
c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\docume~1\SHIRLE~1\LOCALS~1\Temp\clclean.0001
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
.
**************************************************************************
.
Completion time: 2011-08-15 22:41:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-15 21:41
.
Pre-Run: 108,939,718,656 bytes free
Post-Run: 108,104,904,704 bytes free
.
- - End Of File - - 1F021F99CCA1828263A40DA708D6BC99

Still not able to run malwarebytes, spybot or Virgin media security.

**shelf life** · 2011-08-16, 00:30

ok good. Progress. So what happens now when you try to run malwarebytes or your AV?

Try running combofix now after a normal boot up.

**scotsking** · 2011-08-16, 19:54

Hi Combfix run in normal

ComboFix 11-08-16.02 - Shirley King 16/08/2011 18:29:46.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.577 [GMT 1:00]
Running from: c:\documents and settings\Shirley King\Desktop\ComboFix.exe
AV: Virgin Media Security Anti-Virus *Enabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Virgin Media Security Firewall *Enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\SHIRLE~1\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-15 22:05 . 2011-08-15 22:05 -------- d-----w- c:\program files\Raxco
2011-08-15 22:05 . 2011-08-15 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2011-08-15 17:30 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-14 18:40 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-14 18:40 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-02 20:14 . 2011-08-02 20:14 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-02 19:55 . 2011-08-02 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-31 09:51 . 2011-07-31 09:51 -------- d-----w- c:\program files\ERUNT
2011-07-28 20:27 . 2011-07-28 20:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-28 20:17 . 2011-07-28 20:17 -------- d-----w- c:\documents and settings\Shirley King\Local Settings\Application Data\Threat Expert
2011-07-28 19:55 . 2011-07-28 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-07-28 19:55 . 2011-07-28 19:55 -------- d-----w- c:\program files\IObit
2011-07-28 19:29 . 2011-04-27 14:37 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-28 19:29 . 2011-04-27 14:36 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-28 19:29 . 2011-04-27 14:37 2074576 ----a-w- c:\windows\PCTBDCore.dll
2011-07-28 19:29 . 2011-04-27 14:37 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-07-28 19:27 . 2011-07-28 20:41 -------- d-----w- c:\program files\Spyware Doctor
2011-07-28 19:27 . 2011-07-28 20:41 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-20 08:56 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-07-20 08:56 . 2011-02-18 17:38 39984 ----a-r- c:\windows\system32\drivers\vmwvusb.sys
2011-07-20 08:55 . 2011-07-20 08:55 -------- d-----w- c:\program files\Common Files\VMware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-28 19:04 . 2009-11-05 23:15 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2011-07-28 19:03 . 2009-11-05 23:15 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2011-07-15 13:29 . 2006-02-20 23:01 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2005-08-16 04:18 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 18:52 . 2008-08-03 09:18 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 18:52 . 2008-08-03 09:18 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-24 14:10 . 2005-08-16 04:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2005-08-16 04:18 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2005-08-16 04:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2005-08-16 04:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2005-08-16 04:18 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2005-08-16 04:18 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2005-08-16 04:18 1858944 ----a-w- c:\windows\system32\win32k.sys
2009-11-22 15:34 . 2009-11-22 15:37 85504 ----a-w- c:\program files\Inherit.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-15_21.34.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-16 17:15 . 2011-08-16 17:15 16384 c:\windows\temp\Perflib_Perfdata_79c.dat
+ 2009-06-08 09:00 . 2009-06-08 09:00 71696 c:\windows\system32\drivers\DefragFs.sys
+ 2011-08-15 22:06 . 2011-08-15 22:06 53248 c:\windows\Installer\{7673108D-9DED-4454-9712-FB2771D94446}\ARPPRODUCTICON.exe
+ 2011-08-16 17:40 . 2011-08-16 17:40 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll
- 2011-08-15 17:40 . 2011-08-15 17:40 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll
- 2011-08-15 17:40 . 2011-08-15 17:40 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
+ 2011-08-16 17:39 . 2011-08-16 17:39 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
- 2011-08-15 17:38 . 2011-08-15 17:38 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-15 22:02 . 2011-08-15 22:02 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
+ 2011-08-16 17:38 . 2011-08-16 17:38 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
+ 2009-06-08 11:07 . 2009-06-08 11:07 232200 c:\windows\system32\PDBoot.exe
+ 2011-08-15 22:06 . 2011-08-15 22:06 335360 c:\windows\Installer\1de3e4.msi
+ 2011-08-15 22:05 . 2011-08-15 22:05 371894 c:\windows\Installer\{7B738CD9-D107-48C7-8E65-2E6639A39C8D}\ARPPRODUCTICON.exe
+ 2011-08-16 07:11 . 2011-08-16 07:11 192512 c:\windows\erdnt\AutoBackup\16-08-2011\Users\00000002\UsrClass.dat
+ 2011-08-16 07:11 . 2005-10-20 11:02 163328 c:\windows\erdnt\AutoBackup\16-08-2011\ERDNT.EXE
+ 2011-08-15 21:56 . 2011-08-15 21:56 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
- 2011-08-15 17:37 . 2011-08-15 17:37 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
- 2011-08-15 17:40 . 2011-08-15 17:40 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\946eefb99bc116ee68e0e7c69a5a8a5c\System.Xml.Linq.ni.dll
+ 2011-08-16 17:40 . 2011-08-16 17:40 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\946eefb99bc116ee68e0e7c69a5a8a5c\System.Xml.Linq.ni.dll
+ 2011-08-16 17:39 . 2011-08-16 17:39 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll
+ 2011-08-16 17:40 . 2011-08-16 17:40 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
- 2011-08-15 17:40 . 2011-08-15 17:40 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
+ 2011-08-16 17:39 . 2011-08-16 17:39 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
- 2011-08-15 17:40 . 2011-08-15 17:40 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
+ 2011-08-16 17:39 . 2011-08-16 17:39 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll
- 2011-08-15 17:40 . 2011-08-15 17:40 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll
+ 2011-08-16 17:39 . 2011-08-16 17:39 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll
- 2011-08-15 17:40 . 2011-08-15 17:40 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll
+ 2011-08-16 17:39 . 2011-08-16 17:39 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll
- 2011-08-15 17:40 . 2011-08-15 17:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll
+ 2011-08-16 17:39 . 2011-08-16 17:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
+ 2011-08-16 17:38 . 2011-08-16 17:38 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
+ 2011-08-16 17:38 . 2011-08-16 17:38 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-08-15 21:56 . 2011-08-15 21:56 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-08-16 17:38 . 2011-08-16 17:38 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
+ 2011-08-16 17:38 . 2011-08-16 17:38 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
+ 2011-08-16 17:38 . 2011-08-16 17:38 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll
+ 2011-08-16 17:38 . 2011-08-16 17:38 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll
+ 2011-08-15 21:55 . 2011-08-15 21:55 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
- 2011-08-15 17:36 . 2011-08-15 17:36 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
+ 2011-08-15 21:55 . 2011-08-15 21:55 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
- 2011-08-15 17:36 . 2011-08-15 17:36 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
+ 2011-08-16 17:37 . 2011-08-16 17:37 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
+ 2011-08-16 17:37 . 2011-08-16 17:37 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-16 17:37 . 2011-08-16 17:37 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-16 17:37 . 2011-08-16 17:37 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll
+ 2011-08-16 17:37 . 2011-08-16 17:37 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll
+ 2011-08-16 17:37 . 2011-08-16 17:37 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll
+ 2011-08-16 17:37 . 2011-08-16 17:37 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll
- 2011-08-15 17:38 . 2011-08-15 17:38 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll
+ 2011-08-15 22:02 . 2011-08-15 22:02 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
+ 2011-08-15 21:56 . 2011-08-15 21:56 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
+ 2011-08-16 17:38 . 2011-08-16 17:38 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
- 2011-08-15 17:38 . 2011-08-15 17:38 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
+ 2011-08-15 22:02 . 2011-08-15 22:02 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
+ 2011-08-15 21:56 . 2011-08-15 21:56 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
- 2011-08-15 17:37 . 2011-08-15 17:37 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
- 2011-08-15 17:37 . 2011-08-15 17:37 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
+ 2011-08-15 21:56 . 2011-08-15 21:56 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
+ 2011-08-15 21:56 . 2011-08-15 21:56 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
- 2011-08-15 17:37 . 2011-08-15 17:37 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
+ 2011-08-15 21:56 . 2011-08-15 21:56 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
- 2011-08-15 17:37 . 2011-08-15 17:37 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-15 21:56 . 2011-08-15 21:56 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-15 22:02 . 2011-08-15 22:02 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eae2ab662e4b44aacd4cebd3f9b6c34f\Microsoft.PowerShell.Commands.Utility.ni.dll
- 2011-08-15 17:38 . 2011-08-15 17:38 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eae2ab662e4b44aacd4cebd3f9b6c34f\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-08-15 22:02 . 2011-08-15 22:02 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9bcb002ea577b825f7c7872ec21b78a3\Microsoft.PowerShell.Commands.Management.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9bcb002ea577b825f7c7872ec21b78a3\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-08-15 22:02 . 2011-08-15 22:02 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\97869a9a27244319a1bcb5c2d446a1cc\Microsoft.PowerShell.ConsoleHost.ni.dll
- 2011-08-15 17:38 . 2011-08-15 17:38 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\97869a9a27244319a1bcb5c2d446a1cc\Microsoft.PowerShell.ConsoleHost.ni.dll
- 2011-08-15 17:38 . 2011-08-15 17:38 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4d166154a2d5a4497acccfcd08355267\Microsoft.PowerShell.Security.ni.dll
+ 2011-08-15 22:02 . 2011-08-15 22:02 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4d166154a2d5a4497acccfcd08355267\Microsoft.PowerShell.Security.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-08-15 22:02 . 2011-08-15 22:02 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-08-15 22:02 . 2011-08-15 22:02 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-08-15 21:57 . 2011-08-15 21:57 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-08-15 21:57 . 2011-08-15 21:57 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-15 21:56 . 2011-08-15 21:56 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
- 2011-08-15 17:37 . 2011-08-15 17:37 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
+ 2011-08-15 21:55 . 2011-08-15 21:55 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
- 2011-08-15 17:36 . 2011-08-15 17:36 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
+ 2011-08-15 22:05 . 2011-08-15 22:05 1159680 c:\windows\Installer\1de3df.msi
+ 2011-08-16 07:11 . 2011-08-16 07:11 9453568 c:\windows\erdnt\AutoBackup\16-08-2011\Users\00000001\NTUSER.DAT
- 2011-08-15 17:40 . 2011-08-15 17:40 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll
+ 2011-08-16 17:40 . 2011-08-16 17:40 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll
- 2011-08-15 17:40 . 2011-08-15 17:40 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a\System.Workflow.Runtime.ni.dll
+ 2011-08-16 17:40 . 2011-08-16 17:40 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a\System.Workflow.Runtime.ni.dll
- 2011-08-15 17:40 . 2011-08-15 17:40 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e\System.Workflow.ComponentModel.ni.dll
+ 2011-08-16 17:40 . 2011-08-16 17:40 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e\System.Workflow.ComponentModel.ni.dll
- 2011-08-15 17:40 . 2011-08-15 17:40 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8\System.Workflow.Activities.ni.dll
+ 2011-08-16 17:40 . 2011-08-16 17:40 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8\System.Workflow.Activities.ni.dll
+ 2011-08-16 17:40 . 2011-08-16 17:40 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
- 2011-08-15 17:40 . 2011-08-15 17:40 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
+ 2011-08-16 17:39 . 2011-08-16 17:39 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll
- 2011-08-15 17:40 . 2011-08-15 17:40 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
+ 2011-08-16 17:39 . 2011-08-16 17:39 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
+ 2011-08-16 17:38 . 2011-08-16 17:38 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
+ 2011-08-15 21:56 . 2011-08-15 21:56 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
- 2011-08-15 17:36 . 2011-08-15 17:36 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\8a9589fd87302a1333af22962bb5f1f1\System.Management.Automation.ni.dll
+ 2011-08-16 17:38 . 2011-08-16 17:38 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\8a9589fd87302a1333af22962bb5f1f1\System.Management.Automation.ni.dll
+ 2011-08-15 21:55 . 2011-08-15 21:55 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
- 2011-08-15 17:36 . 2011-08-15 17:36 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-08-16 17:37 . 2011-08-16 17:37 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-08-16 17:37 . 2011-08-16 17:37 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
+ 2011-08-15 21:56 . 2011-08-15 21:56 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
+ 2011-08-16 17:37 . 2011-08-16 17:37 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll
+ 2011-08-16 17:36 . 2011-08-16 17:36 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2b58cc071d6bf0c741e91f86c09de5d7\System.Data.Entity.ni.dll
- 2011-08-15 17:38 . 2011-08-15 17:38 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2b58cc071d6bf0c741e91f86c09de5d7\System.Data.Entity.ni.dll
- 2011-08-15 17:38 . 2011-08-15 17:38 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
+ 2011-08-15 22:02 . 2011-08-15 22:02 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-15 21:56 . 2011-08-15 21:56 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-16 17:38 . 2011-08-16 17:38 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-15 22:02 . 2011-08-15 22:02 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-15 21:57 . 2011-08-15 21:57 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
+ 2011-08-15 21:56 . 2011-08-15 21:56 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
+ 2011-08-16 17:39 . 2011-08-16 17:39 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
- 2011-08-15 17:39 . 2011-08-15 17:39 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
+ 2011-08-15 21:56 . 2011-08-15 21:56 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
- 2011-08-15 17:37 . 2011-08-15 17:37 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
- 2011-06-15 19:22 . 2011-06-15 19:23 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
+ 2011-08-15 21:55 . 2011-08-15 21:55 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoBackuped]
@="{7E5951A0-8683-432A-9483-5F43168D6A8C}"
[HKEY_CLASSES_ROOT\CLSID\{7E5951A0-8683-432A-9483-5F43168D6A8C}]
2011-04-04 09:35 3047088 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoSelected]
@="{15054241-49B4-4FA6-B4C7-A0071F118110}"
[HKEY_CLASSES_ROOT\CLSID\{15054241-49B4-4FA6-B4C7-A0071F118110}]
2011-04-04 09:35 3047088 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Backup & Storage"="c:\program files\VirginMedia\V Stuff Backup\Backup & Storage.exe" [2011-04-04 12273328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
"RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-11-07 172032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-03-16 300992]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"PCTools FGuard"="c:\program files\Spyware Doctor\BDT\FGuard.exe" [2011-04-27 247760]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Shirley King\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-2-21 156784]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2007-10-20 303104]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-3-2 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-3-2 106496]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest wsauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Documents and Settings\\Shirley King\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Elements Organizer 8.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\VMware\\VMware View\\Client\\bin\\vmware-remotemks.exe"=
"c:\\Program Files\\VMware\\VMware View\\Client\\bin\\wswc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [20/06/2010 11:10 25608]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [28/07/2011 20:03 5832712]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [20/06/2010 11:10 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [20/06/2010 11:10 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [20/06/2010 11:10 25736]
R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\drivers\vmwvusb.sys [20/07/2011 09:56 39984]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe --> c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [?]
S2 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe" --> c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [?]
S2 DolphinInterceptorStartup;Dolphin Utility Service;c:\windows\system32\dolserve.exe --> c:\windows\system32\dolserve.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2010 18:10 135664]
S2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 12:17 165408]
S2 ServicepointService;ServicepointService;"c:\program files\Virgin Media\Service Manager\ServicepointService.exe" --> c:\program files\Virgin Media\Service Manager\ServicepointService.exe [?]
S2 wsnm;VMware View Client;"c:\program files\VMware\VMware View\Client\bin\wsnm.exe" -SCMStartup --> c:\program files\VMware\VMware View\Client\bin\wsnm.exe [?]
S2 wsnm_usbctrl;VMware View USB Control;"c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe" -SCMStartup --> c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2010 18:10 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:10]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:10]
.
.
------- Supplementary Scan -------
.
uStart Page = www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Similar Pages
IE: Translate Page into English
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Shirley King\Application Data\Mozilla\Firefox\Profiles\8rr57ers.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\Spyware Doctor\BDT\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-16 18:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\wsauth.dll
.
- - - - - - - > 'lsass.exe'(1012)
c:\windows\system32\wsauth.dll
.
Completion time: 2011-08-16 18:46:28
ComboFix-quarantined-files.txt 2011-08-16 17:46
ComboFix2.txt 2011-08-15 21:41
.
Pre-Run: 107,963,523,072 bytes free
Post-Run: 107,884,527,616 bytes free
.
- - End Of File - - 6CB973757096A25B86ADE65036C0406F

Still not able to run Malwarebytes, Spybot or AV

**shelf life** · 2011-08-16, 22:47

Still not able to run Malwarebytes, Spybot or AV

So what happens when you click on them? Can you run PCtools Spyware Doctor?

**scotsking** · 2011-08-16, 23:16

Tried to run Spyware doctor setup and get Runtime error at 503:633 could not call proc.

Malwarebytes error with windows cannot access the specified devise,path or file. You may not have the appropriate permissions to access the item
Same message with spybot
Tried to re-download spybot but would not install (exe read only file)
Virgin media security onoly showing the firewall, ad blocker, Identify Theft Protection & privacy Manager no AV showing

Used Inherit on Malwarebytes folder and now running full scan. Did not take option to update.
This will prob take a while will post results when finished

**scotsking** · 2011-08-17, 00:38

malwarebytes found 2 infections
Spyware.Passwords.XGen & Heuristics.Resevered.Word.Exploit.

deleted both & rebooted. have now updated Malwarebytes.

Also used inherit on spybot and this is also now working.

Still no joy with Virgin AV. Running diagnostis to see if can find the problem.
Loathed to uninstall and install as prog licenced to 3 PCs only and have running on 3Pcs. Forums for Virgin mention problems when re-installing with licence issues. But may have to restore to trying if all else fails.

malware scan took over 1hour so will run again tomorrow when back from work.

will let you know the results.

Thanks
Shirl
Ps should i be worried about either of the 2 items found?

**shelf life** · 2011-08-17, 03:06

thanks for the info. Is Virgin AV a package from your ISP? There are several free AV solutions if you cant get it resolved. I assume its free but you mention a license, so maybe its not?
I wouldnt worry to much about what Malwarebytes found, combofix removed most of the malware.

looks like it is from your ISP:

Radialpoint Security Services is provided exclusively through Internet or Broadband Service Providers. Contact your service provider to find out if they offer Radialpoint Security Services.

Looks like your ISP purchases it from Radialpoint security who in turn lease's the technology from AVG, who happen to have a free AV verison

RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe

Thread: Defender.exe

Thread Tools

Display

Posting Permissions