Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help to get rid of ohtgnoenriga redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help to get rid of ohtgnoenriga redirects

Unread postby kayakman » June 28th, 2010, 2:52 pm

Hello,
I am seeking assistance in getting rid of the ohtgnoenriga redirects. Whenever I search for something on google, it always takes me to and ad site and to the ohtgnoenriga site. This is getting really frustrating. Can someone PLEASE help me? Thank You!

Here is my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:44:32 PM, on 6/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\wuauclts.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetinfo.exe
C:\WINDOWS\system32\wbem\Winmgnt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Power Video Converter\msdxm.ocx
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOCUME~1\CHRISH~1\LOCALS~1\Temp\Xjx.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: COM+ Application System (CCProxy) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: System Help and Support (help service) - Unknown owner - C:\WINDOWS\system32\comine.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Network_Server - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\inetinfo.exe
O23 - Service: Windows Event Notification (Winmgnt) - Unknown owner - C:\WINDOWS\system32\wbem\Winmgnt.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 10462 bytes



and my Uninstall_List:


32 Bit HP CIO Components Installer
7-Zip 4.65
abgx360 v1.0.2
AC3Filter 1.61b
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG Free 9.0
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
BlackBerry Smartphone Simulators 4.7.0.76 (9530)
BlackBerry Smartphone Simulators 5.0.0.252 (9500)
BlackBerry® Media Sync
Broadcom 802.11 Wireless LAN Adapter
CDDRV_Installer
Conexant HD Audio
ConvertHelper 2.2
ConvertXtoDVD 4.0.9.322
DivX Setup
DivX Web Player
erLT
Fast AVI MPEG Joiner 1.2.0812
ffdshow [rev 2265] [2008-10-28]
FlashGet 1.9.6.1073
Free Video to MP3 Converter version 3.2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP BatteryCheck 1.00 A7
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Product Assistant
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HP Webcam
HP Wireless Assistant
HPSSupply
ImgBurn
iTunes
Java(TM) 6 Update 15
JDownloader
Junk Mail filter update
KhalInstallWrapper
LimeWire PRO 5.4.8
Logitech SetPoint
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Mega Manager
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OGG MP3 Converter v3.4 build 839
Plazmic CDK 4.7 for BlackBerry
Plazmic Content Developer's Kit 4.7 Update Patch
QuickTime
Replay Media Catcher 3.01
Reproductor de Windows Media 11
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Sony DVD Architect Studio 4.5
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Synaptics Pointing Device Driver
UFC Poker
Ultra Video Joiner 5.2.0322
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.16
Vegas Movie Studio Platinum 9.0
VLC media player 1.0.5
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Intel (NETw4x32) net (04/30/2007 11.1.1.11)
Windows Driver Package - Intel (w29n51) net (04/04/2007 9.0.4.36)
Windows Driver Package - Intel net (04/30/2007 11.1.1.11)
Windows Driver Package - Intel net (04/30/2007 11.1.1.11)
Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.25)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinX Video Converter 4.1
XP Codec Pack
Xvid 1.2.2 final uninstall




Thanks,
Chris
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm
Advertisement
Register to Remove

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » June 30th, 2010, 2:32 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


===================================


With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:
LimeWire PRO 5.4.8
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.


  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate LimeWire PRO 5.4.8 and click on the Change/Remove button to uninstall it.
  • Close Add/Remove Programs and Control Panel when done.


===================


CKScanner
Download CKScanner from here
  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under the Custom Scan box paste this in
    Code: Select all
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.




In your next reply:
  1. OTL.txt
  2. Extras.txt
  3. CKFiles.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 1st, 2010, 12:36 pm

Thank You so much for your help. I got rid of Limewire and did the scans. Here are the required .txt files

Ckfiles:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\flashget\torrent\call of duty 5 world at war 1.2 patch and nocd crack(nsk).torrent
c:\program files\flashget\torrent\call of duty 5 world at war 1.2 patch and nocd crack(nsk).torrent.bits
c:\program files\flashget\torrent\call of duty 5 world at war 1.2 patch and nocd crack(nsk).torrent.filelist
c:\program files\flashget\torrent\call of duty 5 world at war 1.2 patch and nocd crack(nsk).torrent.~tmp
c:\program files\sony\dvd architect pro 4.5\keygen.exe
c:\program files\sony\dvd architect studio 4.5\keygen.exe
scanner sequence 3.FN.11
----- EOF -----




OTL:

OTL logfile created on: 7/1/2010 10:25:58 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Chris House\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 51.30 Gb Free Space | 65.66% Space Free | Partition Type: NTFS
Drive D: | 70.91 Gb Total Space | 59.44 Gb Free Space | 83.82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS
Current User Name: Chris House
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/01 10:25:07 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris House\Desktop\OTL.exe
PRC - [2010/06/23 20:01:13 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/02 09:40:02 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 09:40:02 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 09:40:01 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 09:39:23 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 09:39:22 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/11 17:41:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/30 15:53:27 | 000,393,216 | -HS- | M] () -- C:\WINDOWS\system32\inetinfo.exe
PRC - [2009/09/03 22:04:54 | 001,077,248 | ---- | M] () -- C:\WINDOWS\system32\wuauclts.exe
PRC - [2009/06/30 03:30:04 | 001,961,984 | ---- | M] (Megaupload Limited) -- C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
PRC - [2009/05/03 18:33:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\srvany.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spupdsvc.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:00:00 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2006/11/27 09:09:50 | 000,361,300 | RHS- | M] () -- C:\WINDOWS\system32\wbem\Winmgnt.exe


========== Modules (SafeList) ==========

MOD - [2010/07/01 10:25:07 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris House\Desktop\OTL.exe
MOD - [2008/04/14 06:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/08 16:57:06 | 000,000,039 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\CCProxy.ini -- (CCProxy)
SRV - [2010/03/11 17:41:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/05 03:29:14 | 000,195,072 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\comine.exe -- (help service)
SRV - [2010/01/22 23:33:44 | 021,580,288 | -HS- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2009/10/30 15:53:27 | 000,393,216 | -HS- | M] () [Auto | Running] -- C:\WINDOWS\System32\inetinfo.exe -- (WebClient)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/03 18:33:00 | 000,015,360 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (Network_Server)
SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2006/11/27 09:09:50 | 000,361,300 | RHS- | M] () [Auto | Running] -- C:\WINDOWS\system32\wbem\Winmgnt.exe -- (Winmgnt)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 09:40:02 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 09:40:01 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/11 17:41:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/07 20:56:21 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/07/15 13:22:33 | 001,294,200 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/06/17 10:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 10:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/04/02 04:13:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2009/04/02 04:13:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2008/04/28 14:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/14 06:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 22:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/09/14 18:09:44 | 000,213,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/07/20 19:58:00 | 003,685,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/02 15:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/05 22:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 23:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 23:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {fce8417d-ef18-11dd-845c-000c6e211f50}:1.29
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 17:39:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 20:01:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/23 20:01:20 | 000,000,000 | ---D | M]

[2010/04/06 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Extensions
[2010/04/06 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/01 09:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions
[2010/06/24 22:28:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/15 12:15:41 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/06/24 22:28:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/24 22:28:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/29 23:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{fce8417d-ef18-11dd-845c-000c6e211f50}
[2009/10/18 12:07:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/06 12:02:32 | 000,403,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 yy66.meibu.com
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 13965 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (http://www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (http://www.flashget.com)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Power Video Converter\msdxm.ocx (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [M5T8QL3YW3] C:\DOCUME~1\CHRISH~1\LOCALS~1\Temp\Xjx.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Power Video Converter\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/15 11:04:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{98628d4f-3b30-11df-a789-001636baad1a}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{98628d4f-3b30-11df-a789-001636baad1a}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{f54c7024-a31d-11de-8526-001636baad1a}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{f54c7024-a31d-11de-8526-001636baad1a}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - C:\WINDOWS\system32\qmgr.dll ()

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (http://www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/01 10:25:03 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris House\Desktop\OTL.exe
[2010/06/28 12:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/26 15:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\Application Data\Uniblue
[2010/06/06 11:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010/06/01 17:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/01 17:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/24 14:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Video Joiner
[2010/05/14 18:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\My Documents\ConvertXToDVD
[2010/05/14 18:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\My Documents\PcSetup
[2010/05/09 20:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\Local Settings\Application Data\Xenocode
[2010/05/07 20:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\My Documents\Usenet.nl
[2010/04/18 20:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\Application Data\PokerCreations
[2010/04/18 19:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\Application Data\UFC Poker
[2010/04/18 19:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\UFC Poker
[2010/04/10 16:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/04/10 16:49:13 | 000,000,000 | ---D | C] -- C:\movies
[2010/04/10 16:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Power Video Converter
[2010/04/06 13:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\HooTech OGG MP3 Converter
[2004/11/24 12:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Chris House\Desktop\*.tmp files -> C:\Documents and Settings\Chris House\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/01 10:25:07 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris House\Desktop\OTL.exe
[2010/07/01 10:24:59 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2010/07/01 10:22:42 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Chris House\Desktop\CKScanner.exe
[2010/07/01 10:04:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris House\Local Settings\Application Data\prvlcl.dat
[2010/07/01 09:48:57 | 061,560,572 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/01 09:47:12 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/01 09:47:12 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/01 09:47:12 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/01 09:42:11 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/01 09:41:46 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\tasks\afwr.job
[2010/07/01 09:41:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/01 09:41:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/01 00:24:03 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Chris House\NTUSER.DAT
[2010/07/01 00:24:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chris House\ntuser.ini
[2010/06/29 18:53:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/28 16:56:09 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Chris House\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/28 12:43:37 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Chris House\Desktop\HiJackThis.lnk
[2010/06/26 16:09:02 | 000,000,699 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/26 16:07:00 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Chris House\Application Data\inst.exe
[2010/06/26 16:07:00 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Chris House\Application Data\pcouffin.sys
[2010/06/26 16:07:00 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Chris House\Application Data\pcouffin.cat
[2010/06/26 16:07:00 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Chris House\Application Data\pcouffin.inf
[2010/06/26 11:35:47 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/06/22 16:21:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris House\defogger_reenable
[2010/06/10 03:37:28 | 000,321,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 03:20:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 16:57:06 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\CCProxy.ini
[2010/06/07 18:15:21 | 000,001,041 | ---- | M] () -- C:\Documents and Settings\Chris House\Application Data\vso_ts_preview.xml
[2010/06/06 12:02:32 | 000,403,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/06 11:57:00 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Chris House\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/02 09:40:02 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 09:40:01 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 17:42:45 | 000,396,964 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100606-120232.backup
[2010/05/21 01:00:06 | 000,073,216 | RHS- | M] () -- C:\WINDOWS\System32\WpdShextb.dll
[2010/05/18 18:02:56 | 000,000,285 | RHS- | M] () -- C:\boot.ini
[2010/05/18 18:02:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/14 18:27:55 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Chris House\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/04/10 16:49:10 | 000,000,066 | ---- | M] () -- C:\WINDOWS\Power Video Converter.INI
[2010/04/10 11:06:01 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/04/10 11:06:01 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2010/04/10 11:05:55 | 000,323,584 | ---- | M] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Chris House\Desktop\*.tmp files -> C:\Documents and Settings\Chris House\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/01 10:22:40 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Chris House\Desktop\CKScanner.exe
[2010/06/28 12:42:49 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Chris House\Desktop\HiJackThis.lnk
[2010/06/26 16:07:00 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Chris House\Application Data\inst.exe
[2010/06/22 16:21:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris House\defogger_reenable
[2010/06/08 16:57:06 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\CCProxy.ini
[2010/06/01 17:32:25 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Chris House\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/05/24 14:36:55 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/05/24 14:36:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/05/21 11:33:14 | 000,007,101 | ---- | C] () -- C:\Documents and Settings\Chris House\_GEAREXT.WO_IDENT.TXT
[2010/05/21 01:00:06 | 000,073,216 | RHS- | C] () -- C:\WINDOWS\System32\WpdShextb.dll
[2010/05/21 01:00:06 | 000,000,318 | -HS- | C] () -- C:\WINDOWS\tasks\afwr.job
[2010/05/14 18:27:55 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Chris House\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/04/10 16:49:06 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI
[2010/03/22 18:16:03 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2010/02/03 17:53:49 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/01/23 00:02:41 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\AccInfo.ini
[2009/12/23 17:31:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/12/13 21:21:44 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/15 16:56:24 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/10/13 14:45:39 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\net_rim_plazmic_flint_dialog.dll
[2009/10/01 21:26:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/09/07 13:55:28 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/07 13:55:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/24 07:59:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2009/08/14 21:34:02 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak
[2009/08/14 21:34:02 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/07/15 16:30:27 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/07/15 15:10:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/15 13:01:12 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/07/15 12:45:59 | 000,000,138 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
[2009/07/15 11:02:15 | 021,580,288 | -HS- | C] () -- C:\WINDOWS\System32\qmgr.dll
[2008/12/17 10:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 10:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 10:22:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 10:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 09:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/11 04:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/06/10 18:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 18:03:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 18:03:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/04/14 06:00:00 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak
[2008/04/14 06:00:00 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2006/07/20 19:58:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/20 19:58:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/20 19:58:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/20 19:58:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/20 19:58:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/10/03 10:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

========== LOP Check ==========

[2010/05/25 16:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/13 11:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Configuration
[2009/11/11 21:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2010/03/16 07:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/12/14 07:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/07/15 12:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/28 17:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/12/20 17:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/08/14 16:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/10/24 13:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/13 11:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ticket
[2009/07/15 13:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/09/04 13:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/07/15 14:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2009/07/15 13:46:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/08/14 13:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/14 15:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\abgx360
[2009/10/24 16:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Audacity
[2009/12/13 11:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Backup Tickets
[2009/11/19 20:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Clone2Go Video Converter Free Version
[2009/12/13 11:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Configuration
[2009/12/23 17:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\EurekaLog
[2009/08/14 15:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\GetRightToGo
[2009/10/25 12:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\IEPro
[2009/07/15 15:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\ImgBurn
[2009/11/15 12:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Leadertech
[2009/10/19 10:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\LuckyAcePoker.com
[2009/11/15 12:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Megaupload
[2009/10/25 12:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\MiniDm
[2009/10/19 10:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\PacificPoker
[2009/10/13 14:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Plazmic
[2010/04/18 20:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\PokerCreations
[2009/08/14 07:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Publish Providers
[2009/10/24 16:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Research In Motion
[2009/07/15 16:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Seven Zip
[2009/08/14 16:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Sony
[2009/12/13 11:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Temp
[2009/09/04 13:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Thinstall
[2009/07/15 13:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\TuneUp Software
[2010/04/18 19:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\UFC Poker
[2010/06/26 15:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Uniblue
[2010/06/26 16:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Vso
[2010/07/01 09:41:46 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\Tasks\afwr.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/15 11:04:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/18 18:02:56 | 000,000,285 | RHS- | M] () -- C:\boot.ini
[2009/07/15 11:04:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/01/22 23:36:02 | 000,163,840 | ---- | M] () -- C:\FileReg.icp
[2009/07/15 11:04:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/30 02:00:43 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/07/15 11:04:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 06:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/01 09:41:39 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/12/13 18:47:22 | 000,002,918 | ---- | M] () -- C:\rollback.ini

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/03/28 12:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 06:00:00 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll
[2010/05/21 01:00:06 | 000,073,216 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\WpdShextb.dll
[48 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/07/01 09:41:46 | 000,000,318 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\afwr.job

< %systemroot%\System32\config\*.sav >
[2009/07/15 05:46:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/15 05:46:01 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/15 05:46:01 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 06:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[48 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 06:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[48 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 06:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[48 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-01 06:24:22

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
< End of report >




Extras:

OTL Extras logfile created on: 7/1/2010 10:25:58 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Chris House\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 51.30 Gb Free Space | 65.66% Space Free | Partition Type: NTFS
Drive D: | 70.91 Gb Total Space | 59.44 Gb Free Space | 83.82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS
Current User Name: Chris House
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Plazmic CDK 4.7\_jvm\bin\javaw.exe" = C:\Program Files\Plazmic CDK 4.7\_jvm\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Plazmic CDK 4.7\_jvm\bin\java.exe" = C:\Program Files\Plazmic CDK 4.7\_jvm\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Research In Motion\BlackBerry Smartphone Simulators 5.0.0\5.0.0.252 (9500)\fledge.exe" = C:\Program Files\Research In Motion\BlackBerry Smartphone Simulators 5.0.0\5.0.0.252 (9500)\fledge.exe:*:Enabled:BlackBerry Handheld Simulator -- (Research In Motion Limited)
"C:\Program Files\Research In Motion\BlackBerry Smartphone Simulators 4.7.0\4.7.0.76 (9530)\fledge.exe" = C:\Program Files\Research In Motion\BlackBerry Smartphone Simulators 4.7.0\4.7.0.76 (9530)\fledge.exe:*:Enabled:BlackBerry Handheld Simulator -- (Research In Motion Limited)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 1.00 A7
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7EF844A6-2FDC-40DB-94ED-B2229088E5AD}" = BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4C55-E34F-48A3-9FC4-D10815974DF0}" = BlackBerry Smartphone Simulators 4.7.0.76 (9530)
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B2BC4969-2DE3-499A-9A3D-1B7C34ED12C3}" = HP Webcam
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D28F4E17-9825-4388-8604-AD997C7D5026}" = BlackBerry Smartphone Simulators 5.0.0.252 (9500)
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D86CEB96-6B1E-4214-ACEA-83EBEFCA1212}_is1" = OGG MP3 Converter v3.4 build 839
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DC1E0881-66E8-4884-9B5B-580F957F5B9A}" = Sony DVD Architect Studio 4.5
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"09DE32C4F7BD75AFC4FD14FE55D82891A5C397E0" = Windows Driver Package - Intel net (04/30/2007 11.1.1.11)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"6455D19F3BFC2585EA48D0648505F8DA7DAC3629" = Windows Driver Package - Intel (NETw4x32) net (04/30/2007 11.1.1.11)
"737C4F107F61FFE46CE45CCA503223FBA5BD00FC" = Windows Driver Package - Intel net (04/30/2007 11.1.1.11)
"7-Zip" = 7-Zip 4.65
"A52334752DB8BF051DEADD0BADDDA32C2255FDC0" = Windows Driver Package - Intel (w29n51) net (04/04/2007 9.0.4.36)
"abgx360" = abgx360 v1.0.2
"AC3Filter_is1" = AC3Filter 1.61b
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"B6E4AD11B487308A361AACB990AC314D7DEAD995" = Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.25)
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_HDAUDIO" = Conexant HD Audio
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fast AVI MPEG Joiner_is1" = Fast AVI MPEG Joiner 1.2.0812
"ffdshow_is1" = ffdshow [rev 2265] [2008-10-28]
"FlashGet" = FlashGet 1.9.6.1073
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"JDownloader" = JDownloader
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"NVIDIA Drivers" = NVIDIA Drivers
"Plazmic CDK 4.7 for BlackBerry" = Plazmic CDK 4.7 for BlackBerry
"Plazmic Content Developer's Kit 4.7 Update Patch" = Plazmic Content Developer's Kit 4.7 Update Patch
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UFC Poker" = UFC Poker
"Ultra Video Joiner_is1" = Ultra Video Joiner 5.2.0322
"Veetle TV" = Veetle TV 0.9.16
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX HD Video Converter_is1" = WinX Video Converter 4.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/9/2010 4:25:31 AM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application megamanager.exe, version 3.3.0.4, faulting module
megamanager.exe, version 3.3.0.4, fault address 0x0002e38a.

Error - 5/9/2010 6:09:06 PM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application megamanager.exe, version 3.3.0.4, faulting module
megamanager.exe, version 3.3.0.4, fault address 0x0002e38a.

Error - 5/9/2010 6:17:27 PM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application megamanager.exe, version 3.3.0.4, faulting module
megamanager.exe, version 3.3.0.4, fault address 0x0002e38a.

Error - 5/27/2010 5:45:59 PM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application megamanager.exe, version 3.3.0.4, faulting module
megamanager.exe, version 3.3.0.4, fault address 0x0002e38a.

Error - 6/3/2010 6:51:51 PM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application megamanager.exe, version 3.3.0.4, faulting module
unknown, version 0.0.0.0, fault address 0x02970100.

Error - 6/7/2010 7:23:09 PM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 4.0.9.322, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 6/15/2010 7:20:43 PM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application avgtray.exe, version 9.0.0.825, faulting module
msvcr80.dll, version 8.0.50727.4053, fault address 0x000173bd.

Error - 6/24/2010 11:06:58 PM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application megamanager.exe, version 3.3.0.4, faulting module
megamanager.exe, version 3.3.0.4, fault address 0x0002e38a.

Error - 6/27/2010 2:18:55 PM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application megamanager.exe, version 3.3.0.4, faulting module
wwwstream.dll, version 0.0.0.0, fault address 0x00003738.

Error - 6/28/2010 9:19:07 PM | Computer Name = CHRIS | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 6.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 1/25/2010 11:24:52 PM | Computer Name = CHRIS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3223 seconds with 1200 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 6/30/2010 12:41:34 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7000
Description = The COM+ Application System service failed to start due to the following
error: %%2

Error - 6/30/2010 12:41:34 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the System Help and Support
service to connect.

Error - 6/30/2010 12:41:34 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = The Logonyd service terminated with the following error: %%126

Error - 6/30/2010 12:41:34 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/30/2010 12:42:56 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SuperMounter

Error - 7/1/2010 11:42:47 AM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7000
Description = The COM+ Application System service failed to start due to the following
error: %%2

Error - 7/1/2010 11:42:47 AM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the System Help and Support
service to connect.

Error - 7/1/2010 11:42:47 AM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = The Logonyd service terminated with the following error: %%126

Error - 7/1/2010 11:42:47 AM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 7/1/2010 11:44:09 AM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SuperMounter

[ TuneUp Events ]
Error - 8/30/2009 10:25:06 PM | Computer Name = CHRIS | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 8/30/2009 10:25:11 PM | Computer Name = CHRIS | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 9/5/2009 5:53:07 PM | Computer Name = CHRIS | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 9/7/2009 10:40:20 PM | Computer Name = CHRIS | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 9/7/2009 10:42:26 PM | Computer Name = CHRIS | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 9/7/2009 10:42:56 PM | Computer Name = CHRIS | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 9/7/2009 10:43:01 PM | Computer Name = CHRIS | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 9/7/2009 10:43:36 PM | Computer Name = CHRIS | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 9/12/2009 11:31:30 AM | Computer Name = CHRIS | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 9/12/2009 11:31:35 AM | Computer Name = CHRIS | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 1st, 2010, 1:10 pm

Cracks, Keygens, Warez etc.

As the log(s) you've posted indicate, you've used one or more of the above.

>> Forum Policy <<

The software will have to be removed before we can continue. Be aware that the tools we use can and will detect such software. If there are more such new findings after this, the topic will also be closed.

Along with P2P filesharing, this is a surefire way to get your computer is infected. Downloading cracks via P2P or visiting crack sites/warez sites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.
In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

Additionally, cracked programs are illegal. In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.

The distribution and use of cracked copies is illegal in almost every developed country.


Please post back to confirm the removal of the illegal items.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 1st, 2010, 1:55 pm

Confirmed. I deleted all that I could see. Didn't know they were on there. If you see anymore I will not hesitate to delete them. Please let me know.

This is the new ckfiles.txt:


CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 1st, 2010, 5:10 pm

Good - Thanks.


Check files
  • Go to VirusTotal
    C:\WINDOWS\System32\inetinfo.exe
  • Copy/Paste the file above into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal, where it will be scanned by several anti-virus programmes.
    NOTE: if you receive a message stating:
    • File has already been analyzed click Reanalyze file Now.
  • After a while, a window will open, with details of what the scans found.
    Repeat for:
    C:\WINDOWS\system32\wuauclts.exe
  • Copy and paste the results into your next reply.



Kenco

Please Download Kenco.exe by jpshortstuff and save it to your Desktop.

  • Close all other programs before executing!
  • Double click Kenco.exe, to begin execution. Scan should only take a few minutes.
  • When finished, the log file " Kenco.log" will open in Notepad.
  • It will also be saved in the same location as Kenco.exe, which should be on your desktop.
  • Please post the contents of that log in your next reply.



OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :files
    C:\WINDOWS\System32\WpdShextb.dll
    C:\WINDOWS\tasks\afwr.job
    
    :commands
    [PURITY]
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


After OTL has rebooted and produced the logile.


Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 2nd, 2010, 1:33 pm

Scan Results:

inetinfo.exe


a-squared 5.0.0.31 2010.07.02 Riskware.Server-Proxy.Win32.CCProxy!IK
AhnLab-V3 2010.07.02.04 2010.07.02 -
AntiVir 8.2.4.2 2010.07.02 -
Antiy-AVL 2.0.3.7 2010.07.02 Server-Proxy/Win32.CCProxy.gen
Authentium 5.2.0.5 2010.07.02 -
Avast 4.8.1351.0 2010.07.02 Win32:Malware-gen
Avast5 5.0.332.0 2010.07.02 Win32:Malware-gen
AVG 9.0.0.836 2010.07.02 -
BitDefender 7.2 2010.07.02 Trojan.Generic.3282628
CAT-QuickHeal 11.00 2010.06.30 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.07.02 -
Comodo 5291 2010.07.02 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.07.02 -
eSafe 7.0.17.0 2010.06.30 Win32.CCProxy
eTrust-Vet 36.1.7681 2010.07.02 -
F-Prot 4.6.1.107 2010.07.02 -
F-Secure 9.0.15370.0 2010.07.02 Trojan.Generic.3282628
Fortinet 4.1.133.0 2010.07.02 -
GData 21 2010.07.02 Trojan.Generic.3282628
Ikarus T3.1.1.84.0 2010.07.02 not-a-virus:Server-Proxy.Win32.CCProxy
Jiangmin 13.0.900 2010.07.01 -
Kaspersky 7.0.0.125 2010.07.02 not-a-virus:Server-Proxy.Win32.CCProxy.bv
McAfee 5.400.0.1158 2010.07.02 Generic PUP.z!bt
McAfee-GW-Edition 2010.1 2010.07.02 Heuristic.BehavesLike.Win32.Rootkit.C
Microsoft 1.5902 2010.07.02 -
NOD32 5246 2010.07.02 a variant of Win32/CCProxy
Norman 6.05.10 2010.07.02 -
nProtect 2010-07-02.01 2010.07.02 Trojan.Generic.3282628
Panda 10.0.2.7 2010.07.02 Trj/CI.A
PCTools 7.0.3.5 2010.07.02 Spyware.Keylogger
Prevx 3.0 2010.07.02 Medium Risk Malware
Rising 22.54.04.04 2010.07.02 -
Sophos 4.54.0 2010.07.02 CCProxy
Sunbelt 6536 2010.07.02 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.07.02 Spyware.Keylogger
TheHacker 6.5.2.1.307 2010.07.01 -
TrendMicro 9.120.0.1004 2010.07.02 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.02 -
VBA32 3.12.12.5 2010.07.02 -
ViRobot 2010.6.29.3912 2010.07.02 Not_a_virus:Proxy.CCProxy.393216
VirusBuster 5.0.27.0 2010.07.02 Trojan.CCProxy.O
Additional information
File size: 393216 bytes
MD5...: 38d778e72f47b501c8dae20b2a26366e
SHA1..: d9822fd5c32ae1bd9e1c3f460fe81a33dece3fb2
SHA256: 9cab458893d239cd51f34f581ef59413b3c31b23fb00640a42c2990dba34ed61
ssdeep: 6144:l4/33G8jj3Q/dXphohfr1nKD1J8d68koWy1B/irRwB+FbTsU7jWgxIKE0sE
i2nRc:s3W8jCdXpShJnKD1J8o8nWkEre+FUex5
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xef625
timedatestamp.....: 0x416b8ee3 (Tue Oct 12 07:59:31 2004)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x62383 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x64000 0x102e4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x75000 0x36508 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0xac000 0x38000 0x1000 2.80 e94a732baba70abfe75e42e83dc88357
.vmp0 0xe4000 0x4034 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.vmp1 0xe9000 0x5c673 0x5d000 7.93 a9db219c3dd7f7ad09f450636dc7c79a
.reloc 0x146000 0x4c 0x1000 0.13 cb7596298e8d25118cb10b2881ebe8bf

( 20 imports )
> WS2_32.dll: WSAAccept, WSAConnect, WSARecvFrom, -, -, -, -, WSARecv, WSASend, -, -, -, WSASocketA, -, -, -, -, -, WSASendTo, -, -, -, -, -, -, -, -, -, -
> KERNEL32.dll: GetThreadLocale, GetFileAttributesA, GetFileTime, SetErrorMode, RtlUnwind, RaiseException, GetStartupInfoA, GetCommandLineA, ExitProcess, GetACP, TerminateProcess, HeapReAlloc, HeapSize, LCMapStringA, LCMapStringW, SetHandleCount, GetStdHandle, GetFileType, SetUnhandledExceptionFilter, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetFullPathNameA, GetVolumeInformationA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, DuplicateHandle, GetCurrentDirectoryA, GetOEMCP, GetCPInfo, GetProcessVersion, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, SizeofResource, GlobalFlags, WaitForSingleObject, GlobalAlloc, lstrcmpA, GetCurrentThread, lstrcpynA, MulDiv, SetLastError, FormatMessageA, FileTimeToLocalFileTime, WideCharToMultiByte, InterlockedIncrement, GetVersion, GetCurrentThreadId, GlobalGetAtomNameA, lstrcmpiA, GlobalDeleteAtom, GetModuleHandleA, GlobalLock, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, LocalAlloc, LocalFree, HeapAlloc, HeapFree, MultiByteToWideChar, RemoveDirectoryA, CreateEventA, SetEvent, WriteFile, GetTimeZoneInformation, FindFirstFileA, FindNextFileA, FindClose, lstrcatA, lstrlenA, WinExec, TerminateThread, GetModuleFileNameA, CreateFileA, GetFileSize, ReadFile, FileTimeToSystemTime, GetComputerNameA, GetLastError, SleepEx, LoadLibraryA, GetProcAddress, FreeLibrary, GetVersionExA, GetCurrentProcess, DeleteFileA, lstrcpyA, GetTickCount, GlobalAddAtomA, GlobalFindAtomA, GetLocalTime, CreateDirectoryA, CreateThread, CloseHandle, GetWindowsDirectoryA, GetPrivateProfileIntA, DeleteCriticalSection, InitializeCriticalSection, GetLocaleInfoA, Sleep, CreateMailslotA, GetSystemTime, InterlockedDecrement, CopyFileA, EnterCriticalSection, LeaveCriticalSection, WritePrivateProfileStringA, GetPrivateProfileStringA, GetProfileStringA, GetDriveTypeA
> USER32.dll: RegisterClipboardFormatA, PostThreadMessageA, SetWindowContextHelpId, GetMessageA, TranslateMessage, ValidateRect, MapDialogRect, GetAsyncKeyState, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, wvsprintfA, GetMenuCheckMarkDimensions, GetMenuState, SetMenuItemBitmaps, EnableMenuItem, MoveWindow, IsDialogMessageA, SendDlgItemMessageA, MapWindowPoints, PeekMessageA, DispatchMessageA, GetFocus, SetFocus, AdjustWindowRectEx, CopyRect, IsWindowVisible, GetTopWindow, MessageBoxA, IsChild, GetCapture, GetClassInfoA, GetMenu, TrackPopupMenu, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, WindowFromPoint, UnhookWindowsHookEx, CallWindowProcA, GetMessagePos, GetForegroundWindow, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetNextDlgTabItem, EndDialog, GetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetWindowLongA, GetDlgItem, IsWindowEnabled, RegisterClassExA, GetMenuItemCount, GetMenuStringA, GetMenuItemID, ModifyMenuA, LoadStringA, LoadBitmapA, UpdateWindow, wsprintfA, PostQuitMessage, FillRect, DefWindowProcA, RegisterClassA, LoadCursorA, CopyIcon, GetDC, ReleaseDC, InflateRect, GetSysColor, InvalidateRect, SetCursor, ReleaseCapture, RedrawWindow, SetCapture, MessageBeep, GetWindow, GetDesktopWindow, GetClassNameA, SetActiveWindow, GetPropA, SetWindowLongA, RemovePropA, GetWindowThreadProcessId, EnumThreadWindows, ExitWindowsEx, ScreenToClient, LoadMenuA, GetSubMenu, CheckMenuItem, GetCursorPos, GetNextDlgGroupItem, SetRect, CopyAcceleratorTableA, CharNextA, CharUpperA, GetSysColorBrush, WinHelpA, RegisterHotKey, UnregisterHotKey, GetSystemMetrics, DrawIcon, GetSystemMenu, AppendMenuA, LoadIconA, LoadImageA, IsIconic, ShowWindow, SetForegroundWindow, GetLastActivePopup, SetWindowTextA, PostMessageA, FindWindowA, RegisterWindowMessageA, SetTimer, IsWindow, GetWindowRect, GetClientRect, PtInRect, GetKeyState, EnableWindow, GetParent, SendMessageA, SetPropA, DestroyMenu, IsWindowUnicode, DefDlgProcA, DrawFocusRect, ExcludeUpdateRgn, ShowCaret, HideCaret, UnregisterClassA, GetMessageTime
> GDI32.dll: RectVisible, TextOutA, ExtTextOutA, Escape, GetMapMode, DPtoLP, GetTextColor, PtVisible, LPtoDP, CreateHatchBrush, CreateSolidBrush, CreatePen, GetWindowExtEx, GetViewportExtEx, GetDeviceCaps, DeleteObject, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetBkMode, RestoreDC, SaveDC, DeleteDC, PatBlt, CreateBitmap, SetBkColor, SetTextColor, GetClipBox, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, SelectObject, GetTextExtentPointA, CreateDIBitmap, GetTextExtentPoint32A, GetObjectA, CreateFontIndirectA, GetBkColor, GetStockObject, LineTo, MoveToEx, IntersectClipRect, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx
> comdlg32.dll: GetFileTitleA, GetOpenFileNameA, GetSaveFileNameA
> WINSPOOL.DRV: OpenPrinterA, ClosePrinter, DocumentPropertiesA
> ADVAPI32.dll: LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegQueryValueA, RegOpenKeyExA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, DeleteService, QueryServiceStatus, ControlService, RegCreateKeyExA, AdjustTokenPrivileges, RegQueryValueExA, RegCreateKeyA, RegSetValueExA, RegDeleteValueA, StartServiceA, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, SetServiceStatus, OpenServiceA
> SHELL32.dll: Shell_NotifyIconA, SHBrowseForFolderA, SHGetPathFromIDListA, ShellExecuteA
> COMCTL32.dll: -, ImageList_Destroy, PropertySheetA, DestroyPropertySheetPage, CreatePropertySheetPageA
> oledlg.dll: -
> ole32.dll: StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, CoTaskMemFree, CoTaskMemAlloc, CLSIDFromString, CLSIDFromProgID, StgOpenStorageOnILockBytes, CoCreateInstance, CoUninitialize, CoGetClassObject, CoInitialize, OleIsCurrentClipboard, OleFlushClipboard, CoRevokeClassObject, CoRegisterMessageFilter, CoFreeUnusedLibraries, OleUninitialize, OleInitialize
> OLEPRO32.DLL: -
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -
> WININET.dll: InternetConnectA, InternetCanonicalizeUrlA, InternetOpenUrlA, InternetCloseHandle, InternetReadFile, HttpSendRequestA, HttpAddRequestHeadersA, HttpOpenRequestA, InternetOpenA, HttpQueryInfoA, GetUrlCacheEntryInfoA
> WSOCK32.dll: -, -
> NETAPI32.dll: Netbios
> RPCRT4.dll: UuidCreate
> iphlpapi.dll: GetIpNetTable
> KERNEL32.dll: VirtualProtect, GetModuleFileNameA, ExitProcess
> USER32.dll: MessageBoxA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=588D2CFE00745A22003B062AB3AF2B00451150A9' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=588D2CFE00745A22003B062AB3AF2B00451150A9</a>
sigcheck:
publisher....:
copyright....: Copyright(C) 2000
product......: CCProxy Application
description..: CCProxy Microsoft MFC Application
original name: CCProxy.EXE
internal name: CCProxy
file version.: 2, 0, 0, 1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned


wuauclts.exe:

a-squared 5.0.0.31 2010.07.02 Riskware.Server-Proxy.Win32.CCProxy!IK
AhnLab-V3 2010.07.02.04 2010.07.02 Malware/Win32.Suspicious
AntiVir 8.2.4.2 2010.07.02 SPR/Tool.CCProxy.22
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.02 -
Avast 4.8.1351.0 2010.07.02 Win32:Malware-gen
Avast5 5.0.332.0 2010.07.02 Win32:Malware-gen
AVG 9.0.0.836 2010.07.02 -
BitDefender 7.2 2010.07.02 Backdoor.Generic.270033
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.02 -
Comodo 5291 2010.07.02 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.07.02 -
eSafe 7.0.17.0 2010.06.30 Win32.HackToolCCProx
eTrust-Vet 36.1.7681 2010.07.02 -
F-Prot 4.6.1.107 2010.07.02 -
F-Secure 9.0.15370.0 2010.07.02 Backdoor.Generic.270033
Fortinet 4.1.133.0 2010.07.02 -
GData 21 2010.07.02 Backdoor.Generic.270033
Ikarus T3.1.1.84.0 2010.07.02 not-a-virus:Server-Proxy.Win32.CCProxy
Jiangmin 13.0.900 2010.07.01 -
Kaspersky 7.0.0.125 2010.07.02 -
McAfee 5.400.0.1158 2010.07.02 Artemis!65B61DCAAB17
McAfee-GW-Edition 2010.1 2010.07.02 Artemis!65B61DCAAB17
Microsoft 1.5902 2010.07.02 HackTool:Win32/CCProxy
NOD32 5246 2010.07.02 a variant of Win32/CCProxy
Norman 6.05.10 2010.07.02 -
nProtect 2010-07-02.01 2010.07.02 Backdoor.Generic.270033
Panda 10.0.2.7 2010.07.02 Trj/CI.A
PCTools 7.0.3.5 2010.07.02 Adware.Lop
Prevx 3.0 2010.07.02 -
Rising 22.54.04.04 2010.07.02 -
Sophos 4.54.0 2010.07.02 CCProxy
Sunbelt 6536 2010.07.02 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.07.02 Adware.Lop
TheHacker 6.5.2.1.307 2010.07.01 -
TrendMicro 9.120.0.1004 2010.07.02 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.02 -
VBA32 3.12.12.5 2010.07.02 -
ViRobot 2010.6.29.3912 2010.07.02 -
VirusBuster 5.0.27.0 2010.07.02 -
Additional information
File size: 1077248 bytes
MD5...: 65b61dcaab17862805f628ee1c17495d
SHA1..: ab4bdd43e4245aad124edf69108ef45ad1ba5496
SHA256: 4c576c48f2fd82ccda93edab1cbc83939709b7982fca0426fff5453fd519f77e
ssdeep: 12288:hEMH5FIy3YBdiRjwMy3r2UGVxPELU/+zS3JoUnUKkzGkzBcLorFWX:hEPi
XrxPQzEoyUlz9OLoZWX
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x58f92
timedatestamp.....: 0x449ba92b (Fri Jun 23 08:41:15 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x798d3 0x7a000 6.56 6b443bcbda60f209b2f41184169c84f3
.rdata 0x7b000 0x1094e 0x11000 4.62 770d9792845e29f2f964619507807e04
.data 0x8c000 0xa9888 0x7000 5.52 97494159109770bb69fdfd04d7ccbd01
.rsrc 0x136000 0x732f0 0x74000 6.56 71d75c96dfac5c678f153b308c85c8fa

( 18 imports )
> WS2_32.dll: -, WSAAccept, WSAConnect, WSARecvFrom, -, -, -, WSASendTo, -, WSARecv, WSASend, -, -, -, WSASocketA, -, -, -, -, -, -, -, -, -, -, -, -, -
> KERNEL32.dll: SetFilePointer, FlushFileBuffers, LockFile, UnlockFile, SetEndOfFile, GetVolumeInformationA, GetFullPathNameA, GetThreadLocale, GetFileAttributesA, GetFileTime, GetCurrentDirectoryA, RtlUnwind, GetTimeZoneInformation, RaiseException, HeapAlloc, GetStartupInfoA, GetCommandLineA, ExitProcess, GetACP, HeapReAlloc, HeapSize, LCMapStringA, LCMapStringW, SetHandleCount, GetStdHandle, GetFileType, SetUnhandledExceptionFilter, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetStringTypeA, GetStringTypeW, GetDriveTypeA, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetOEMCP, GetCPInfo, GetProcessVersion, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, SizeofResource, GlobalFlags, lstrcmpA, GetCurrentThread, lstrcpynA, MulDiv, SetLastError, WaitForSingleObject, FormatMessageA, LocalFree, FileTimeToLocalFileTime, MultiByteToWideChar, WideCharToMultiByte, InterlockedIncrement, GetVersion, GetCurrentThreadId, GlobalGetAtomNameA, lstrcmpiA, GlobalDeleteAtom, GetModuleHandleA, GlobalLock, GlobalUnlock, LockResource, FindResourceA, LoadResource, GetFileSize, ReadFile, GetProcessHeap, HeapFree, MapViewOfFile, GetCurrentProcessId, DuplicateHandle, DeviceIoControl, UnmapViewOfFile, OpenProcess, TerminateProcess, SetEvent, CreateEventA, CreateFileA, WriteFile, FindFirstFileA, FindNextFileA, FindClose, GetWindowsDirectoryA, TerminateThread, GlobalAlloc, GlobalFree, FileTimeToSystemTime, GetComputerNameA, GetLastError, LoadLibraryA, GetProcAddress, CreateThread, FreeLibrary, lstrcatA, lstrlenA, WinExec, lstrcpyA, GetVersionExA, GetCurrentProcess, GlobalFindAtomA, GlobalAddAtomA, CloseHandle, GetLocaleInfoA, CreateMailslotA, Sleep, GetSystemTime, DeleteFileA, InterlockedDecrement, CopyFileA, GetTickCount, CreateDirectoryA, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, WritePrivateProfileStringA, GetModuleFileNameA, GetPrivateProfileIntA, GetLocalTime, GetPrivateProfileStringA, GetProfileStringA, SetErrorMode
> USER32.dll: CharUpperA, CharNextA, CopyAcceleratorTableA, SetRect, GetNextDlgGroupItem, RegisterClipboardFormatA, PostThreadMessageA, TranslateMessage, ValidateRect, MapDialogRect, GetAsyncKeyState, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, wvsprintfA, GetMenuCheckMarkDimensions, GetMenuState, SetMenuItemBitmaps, EnableMenuItem, IsDialogMessageA, SendDlgItemMessageA, MapWindowPoints, PeekMessageA, DispatchMessageA, GetFocus, SetFocus, AdjustWindowRectEx, CopyRect, IsWindowVisible, GetTopWindow, IsChild, GetCapture, GetClassInfoA, GetMenu, TrackPopupMenu, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, CallWindowProcA, GetMessageTime, GetMessagePos, GetForegroundWindow, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetNextDlgTabItem, EndDialog, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetWindowLongA, IsWindowEnabled, RegisterClassExA, LoadBitmapA, UpdateWindow, PostQuitMessage, FillRect, DefWindowProcA, RegisterClassA, LoadCursorA, CopyIcon, GetDC, ReleaseDC, InflateRect, GetSysColor, SetCursor, ReleaseCapture, RedrawWindow, SetCapture, MessageBeep, MessageBoxA, MsgWaitForMultipleObjects, GetPropA, SetWindowLongA, RemovePropA, GetWindowThreadProcessId, EnumThreadWindows, ExitWindowsEx, SetWindowTextA, GetMenuStringA, ModifyMenuA, LoadMenuA, GetMenuItemCount, GetSubMenu, GetMenuItemID, CheckMenuItem, GetCursorPos, UnregisterHotKey, RegisterHotKey, GetSystemMetrics, GetSysColorBrush, GetDesktopWindow, GetClassNameA, WindowFromPoint, DestroyMenu, WinHelpA, SetWindowContextHelpId, DrawIcon, GetSystemMenu, AppendMenuA, LoadIconA, LoadImageA, wsprintfA, IsIconic, ShowWindow, SetForegroundWindow, GetLastActivePopup, FindWindowA, PostMessageA, SetTimer, InvalidateRect, PtInRect, LoadStringA, GetKeyState, MoveWindow, IsWindow, GetClientRect, GetDlgItem, GetWindowRect, ScreenToClient, EnableWindow, GetParent, GetWindow, SendMessageA, UnhookWindowsHookEx, GetMessageA, IsWindowUnicode, DefDlgProcA, DrawFocusRect, ExcludeUpdateRgn, ShowCaret, HideCaret, UnregisterClassA, SetWindowPos
> GDI32.dll: CreateSolidBrush, CreateHatchBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetMapMode, DPtoLP, GetTextColor, GetBkColor, LPtoDP, CreatePen, GetWindowExtEx, GetViewportExtEx, GetDeviceCaps, SetViewportOrgEx, SetMapMode, SetBkMode, RestoreDC, SaveDC, DeleteDC, PatBlt, CreateBitmap, SetBkColor, DeleteObject, SetTextColor, GetClipBox, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, SelectObject, GetTextExtentPointA, CreateDIBitmap, GetTextExtentPoint32A, GetObjectA, CreateFontIndirectA, GetStockObject, LineTo, MoveToEx, IntersectClipRect, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx
> comdlg32.dll: GetFileTitleA, GetOpenFileNameA, GetSaveFileNameA
> WINSPOOL.DRV: OpenPrinterA, ClosePrinter, DocumentPropertiesA
> ADVAPI32.dll: RegDeleteValueA, RegQueryValueExA, RegOpenKeyExA, StartServiceA, ControlService, CloseServiceHandle, OpenServiceA, QueryServiceStatus, OpenSCManagerA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCreateKeyExA, RegCreateKeyA, RegSetValueExA, RegCloseKey, EnumServicesStatusA, QueryServiceConfigA, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, SetServiceStatus, DeleteService, CreateServiceA, RegQueryValueA
> SHELL32.dll: Shell_NotifyIconA, SHBrowseForFolderA, SHGetPathFromIDListA, ShellExecuteA
> COMCTL32.dll: -, ImageList_Destroy, PropertySheetA, DestroyPropertySheetPage, CreatePropertySheetPageA
> oledlg.dll: -
> ole32.dll: CoTaskMemFree, CoTaskMemAlloc, CLSIDFromString, CLSIDFromProgID, CoInitialize, CoCreateInstance, CoUninitialize, OleInitialize, CoGetClassObject, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, OleIsCurrentClipboard, OleFlushClipboard, CoRevokeClassObject, CoRegisterMessageFilter, CoFreeUnusedLibraries, OleUninitialize
> OLEPRO32.DLL: -
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -
> WININET.dll: HttpAddRequestHeadersA, InternetOpenUrlA, InternetReadFile, HttpQueryInfoA, InternetCloseHandle, HttpSendRequestA, HttpOpenRequestA, InternetConnectA, InternetOpenA, GetUrlCacheEntryInfoA
> NETAPI32.dll: NetApiBufferFree, NetQueryDisplayInformation
> iphlpapi.dll: GetIpForwardTable, CreateIpForwardEntry, GetIfTable, SendARP
> WSOCK32.dll: -, -
> PSAPI.DLL: GetModuleFileNameExA, EnumProcessModules

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....:
copyright....: Copyright(C) 2000
product......: CCProxy Application
description..: CCProxy Microsoft MFC Application
original name: CCProxy.EXE
internal name: CCProxy
file version.: 6, 3, 0, 1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned


Kenco.exe:

Kenco by jpshortstuff (31.12.09.1)
Log created at 11:12 on 02/07/2010 (Chris House)

========== Task Unlocker ==========
C:\WINDOWS\Tasks\afwr.job -> Unlocked!

========== KencoScan ==========
C:\WINDOWS\system32\WpdShextb.dll -> Unlocked!

========== C:\WINDOWS\Tasks ==========
afwr.job -> [07:00 21/05/2010] 318 bytes

-=E.O.F=-

OTL Fix:

All processes killed
========== FILES ==========
C:\WINDOWS\System32\WpdShextb.dll moved successfully.
C:\WINDOWS\tasks\afwr.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 531253 bytes

User: All Users

User: Chris House
->Temp folder emptied: 5579929 bytes
->Temporary Internet Files folder emptied: 236613718 bytes
->Java cache emptied: 51116138 bytes
->FireFox cache emptied: 90058235 bytes
->Google Chrome cache emptied: 6274608 bytes
->Flash cache emptied: 124582 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66083 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 982656 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 37135873 bytes
%systemroot%\System32\dllcache .tmp files removed: 11366912 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2573159 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 40720700 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4443645747 bytes

Total Files Cleaned = 4,701.00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 07022010_111445

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Malwarebytes Quick Scan:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4267

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/2/2010 11:31:22 AM
mbam-log-2010-07-02 (11-31-22).txt

Scan type: Quick scan
Objects scanned: 139119
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\WINDOWS\system32\wbem\Winmgnt.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgnt (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wbem\Winmgnt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CCProxy.ini (Trojan.CCProxy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\homepage.txt (Stolen.Data) -> Quarantined and deleted successfully.
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 2nd, 2010, 6:56 pm

Hi

It looks as though your pc is being used as a proxy server, which may be the result of - or used on conjunction with - remote (backdoor) access.

From Kaspersky:
not-a-virus:Server-Proxy.Win32.CCProxy

Such programs function as a proxy server. For this reason, malicious users include them in bundles of malicious program in order to send out spam or other malicious content from the victim computer.


I'd like you to check some more files.

Check files
  • Go to VirusTotal
    C:\WINDOWS\System32\comine.exe
  • Copy/Paste the file above into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal, where it will be scanned by several anti-virus programmes.
    NOTE: if you receive a message stating:
    • File has already been analyzed click Reanalyze file Now.
  • After a while, a window will open, with details of what the scans found.
    Repeat for:
    C:\WINDOWS\system32\qmgr.dll
    Repeat for:
    C:\WINDOWS\system32\srvany.exe
  • Copy and paste the results into your next reply.


O1 - Hosts: 127.0.0.1 yy66.meibu.com
Did you add this hosts entry yourself?



Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or keeps resulting in a BSoDs, uncheck Devices on the right side before scanning -- If you continue to encounter problems, try running GMER in safe mode

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 3rd, 2010, 9:22 am

Hello,
I did not add this entry: O1 - Hosts: 127.0.0.1 yy66.meibu.com


comine.exe

a-squared 5.0.0.31 2010.07.03 Trojan-Dropper.Delf!IK
AhnLab-V3 2010.07.03.00 2010.07.03 Backdoor/Win32.Hupigon
AntiVir 8.2.4.2 2010.07.02 BDS/Hupigon.Gen
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.03 W32/Hupigon.C.gen!Eldorado
Avast 4.8.1351.0 2010.07.03 Win32:Crypt-ECL
Avast5 5.0.332.0 2010.07.03 Win32:Crypt-ECL
AVG 9.0.0.836 2010.07.03 -
BitDefender 7.2 2010.07.03 Packer.Cryptocrack.A
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.03 -
Comodo 5300 2010.07.03 Heur.Pck.CRYPToCRACk
DrWeb 5.0.2.03300 2010.07.03 BackDoor.Pigeon.49698
eSafe 7.0.17.0 2010.06.30 Win32.BDSHupigon
eTrust-Vet 36.1.7684 2010.07.03 -
F-Prot 4.6.1.107 2010.07.02 W32/Hupigon.C.gen!Eldorado
F-Secure 9.0.15370.0 2010.07.03 Packer.Cryptocrack.A
Fortinet 4.1.133.0 2010.07.03 -
GData 21 2010.07.03 Packer.Cryptocrack.A
Ikarus T3.1.1.84.0 2010.07.03 Trojan-Dropper.Delf
Jiangmin 13.0.900 2010.07.03 -
Kaspersky 7.0.0.125 2010.07.03 Backdoor.Win32.Hupigon.aspg
McAfee 5.400.0.1158 2010.07.03 Artemis!21BE45DD4023
McAfee-GW-Edition 2010.1 2010.07.02 Artemis!21BE45DD4023
Microsoft 1.5902 2010.07.03 Backdoor:Win32/Blackhole.U
NOD32 5248 2010.07.03 -
Norman 6.05.10 2010.07.03 Overpacked.gen3.dam
nProtect 2010-07-03.02 2010.07.03 Packer.Cryptocrack.A
Panda 10.0.2.7 2010.07.02 Malicious Packer
PCTools 7.0.3.5 2010.07.02 HeurEngine.Packed-CryptoCrack
Prevx 3.0 2010.07.03 High Risk Cloaked Malware
Rising 22.54.04.04 2010.07.02 -
Sophos 4.54.0 2010.07.03 Sus/UnkPack-C
Sunbelt 6539 2010.07.03 Trojan.Win32.Packer.PEProtectorV0.9.3 (v)
Symantec 20101.1.0.89 2010.07.03 Packed.Generic.48
TheHacker 6.5.2.1.307 2010.07.01 Backdoor/Hupigon.aspg
TrendMicro 9.120.0.1004 2010.07.03 BKDR_HUPIGO.ATW
TrendMicro-HouseCall 9.120.0.1004 2010.07.03 BKDR_HUPIGO.ATW
VBA32 3.12.12.5 2010.07.02 Backdoor.Win32.BlackHole.cik
ViRobot 2010.7.3.3920 2010.07.03 Backdoor.Win32.Hupigon.195072.C
VirusBuster 5.0.27.0 2010.07.02 -
Additional information
File size: 195072 bytes
MD5...: 21be45dd4023768b544e909b7709923b
SHA1..: b67db86dee0479d4bb02b129317128f195cd880e
SHA256: cdb3791edf4a33f04ec83dc5a42fa55cf9cc5a3830d9de452087a39ebf3bac50
ssdeep: 3072:+Yj0A7JxzEwmTg40kmjRUSdjz3P5ho/t5OQeYs3Tp7HuLGp3i/iSPzuT:DH
AUXBjnP5h0tUQrCTp7OLGJciS7uT
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x8a000
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 30 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x46000 0x1d200 8.00 dcf126caad8d0bcd69eacb2166a37948
DATA 0x47000 0x9000 0x5000 7.99 298f0a3d2c07d04a6a112826a3a45d8c
BSS 0x50000 0x4000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x54000 0x2000 0x1000 7.93 55b01e618df6b48e4134b085cc80d80d
.tls 0x56000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x57000 0x1000 0x400 7.34 04a7d9dbc11703ddacd4e8661b75f801
.reloc 0x58000 0x5000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x5d000 0x4000 0x1400 6.71 1fb43f615bf46b69a6ea6c94a29288ed
.Amoeba 0x61000 0x1000 0x400 7.79 1a091d7c78fd9f8c8685d4021b2b4d7d
.aspack 0x62000 0x3000 0x1200 7.96 e941de201aa95f16a0058c13e58c2ff8
.adata 0x65000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x66000 0x3000 0x1000 7.93 8df785a42adf711f3df2c34a895910cf
.adata 0x69000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x6a000 0x3000 0x1000 7.94 f1785f0617f4f4b2e41ecab56fdad34a
.adata 0x6d000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x6e000 0x3000 0x1000 7.93 b4959e96c258be8fe8ddceb689e10afd
.adata 0x71000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x72000 0x3000 0xe00 7.95 8015cfd756a7f51cd618b2da35843bd6
.adata 0x75000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x76000 0x3000 0xe00 7.94 3f1e9db1bf56f36ca513792667b7beaf
.adata 0x79000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x7a000 0x3000 0xe00 7.94 d18613c1c40c905cbebbb05462c81f8b
.adata 0x7d000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x7e000 0x3000 0xe00 7.94 725ce4cc480c695833eda8f3ca506ee4
.adata 0x81000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x82000 0x3000 0xe00 7.93 d5c489f7cb28e73e5eb1c8be67c95579
.adata 0x85000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x86000 0x3000 0x2200 7.71 5fe309ff43fb9d304be2d3c9278795b8
.adata 0x89000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.ccp3p 0x8a000 0x1000 0x600 7.20 9d2ce2ed5ed8563437c52fb7ab797bf1

( 1 imports )
> kernel32.dll: FatalExit

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Dynamic Link Library (generic) (55.4%)
Win16/32 Executable Delphi generic (15.1%)
Generic Win/DOS Executable (14.6%)
DOS Executable Generic (14.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): Cryptocrack, ASPack, ASPack, ASPack, ASPack, ASPack, ASPack, ASPack, ASPack, ASPack, ASPack
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=7AA3ED28003E5404FA3402667427AB00E769C007' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=7AA3ED28003E5404FA3402667427AB00E769C007</a>
packers (Authentium): Cryptocrack, Aspack
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Cryptocrack, Aspack





srvany.exe



Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.03 -
AhnLab-V3 2010.07.03.00 2010.07.03 -
AntiVir 8.2.4.2 2010.07.02 -
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.03 -
Avast 4.8.1351.0 2010.07.03 -
Avast5 5.0.332.0 2010.07.03 -
AVG 9.0.0.836 2010.07.03 -
BitDefender 7.2 2010.07.03 -
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.03 -
Comodo 5302 2010.07.03 -
DrWeb 5.0.2.03300 2010.07.03 -
eSafe 7.0.17.0 2010.06.30 -
eTrust-Vet 36.1.7684 2010.07.03 -
F-Prot 4.6.1.107 2010.07.02 -
F-Secure 9.0.15370.0 2010.07.03 -
Fortinet 4.1.133.0 2010.07.03 -
GData 21 2010.07.03 -
Ikarus T3.1.1.84.0 2010.07.03 -
Jiangmin 13.0.900 2010.07.03 -
Kaspersky 7.0.0.125 2010.07.03 -
McAfee 5.400.0.1158 2010.07.03 -
McAfee-GW-Edition 2010.1 2010.07.02 -
Microsoft 1.5902 2010.07.03 -
NOD32 5248 2010.07.03 -
Norman 6.05.10 2010.07.03 -
nProtect 2010-07-03.02 2010.07.03 -
Panda 10.0.2.7 2010.07.02 -
PCTools 7.0.3.5 2010.07.02 -
Prevx 3.0 2010.07.03 -
Rising 22.54.04.04 2010.07.02 -
Sophos 4.54.0 2010.07.03 -
Sunbelt 6539 2010.07.03 -
Symantec 20101.1.0.89 2010.07.03 -
TheHacker 6.5.2.1.307 2010.07.01 -
TrendMicro 9.120.0.1004 2010.07.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.03 -
VBA32 3.12.12.5 2010.07.02 -
ViRobot 2010.7.3.3920 2010.07.03 -
VirusBuster 5.0.27.0 2010.07.02 -
Additional information
File size: 15360 bytes
MD5...: f03ea3d3a14db51b505b86aba8ed3be2
SHA1..: 63803ee958baa09e34cd97104e45c3a27dbfe05c
SHA256: ba051c67d3a9ba33efb02fcf354f4be373dcf7daa636de73bdec84456d76dd27
ssdeep: 384:LfOw4QSE3EDhmqYs1z83pG9erjTjEvBYQK5W3:Lax1zspGYrjTjEvBYd
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x22aa
timedatestamp.....: 0x300160c2 (Mon Jul 10 17:17:54 1995)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x17f6 0x1800 5.67 36e9dba3c0beedee4e9b5025e40c15e5
.data 0x3000 0x480 0x600 4.23 9a327a570b8bbaa4a31e26ca723c9bdf
.reloc 0x4000 0x19e 0x200 4.95 548f5e91c04900117650d0feab6f63c2

( 4 imports )
> USER32.dll: wsprintfA, GetDesktopWindow
> KERNEL32.dll: TerminateProcess, SetEvent, OpenEventA, SetCurrentDirectoryA, Sleep, CreateProcessA, ExitThread, GetLastError, ExitProcess
> CRTDLL.dll: _lseek, _XcptFilter, _local_unwind2, malloc, _fmode_dll, strcat, strcpy, _stricmp, strncmp, _close, free, _read, _commode_dll, _global_unwind2, _open, _exit, exit, _initterm, __GetMainArgs
> ADVAPI32.dll: RegisterServiceCtrlHandlerA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, SetServiceStatus, StartServiceCtrlDispatcherA

( 0 exports )
RDS...: NSRL Reference Data Set
-
trid..: OS/2 Executable (generic) (41.0%)
Win32 Executable Generic (24.9%)
Win32 Dynamic Link Library (generic) (22.1%)
Generic Win/DOS Executable (5.8%)
DOS Executable Generic (5.8%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -



gmer:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-03 07:18:05
Windows 5.1.2600 Service Pack 3
Running: bjm57eyr.exe; Driver: C:\DOCUME~1\CHRISH~1\LOCALS~1\Temp\kxtdqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

? ruxg.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8882360, 0x2255BD, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----



It would not let me scan C:\WINDOWS\system32\qmgr.dll [i]because file is too big[/i]
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 3rd, 2010, 10:36 am

Hi

Unfortunately my suspicions have been proved correct.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steals personal information etc.

One example from the files I had you upload:
Microsoft 1.5902 2010.07.03 Backdoor:Win32/Blackhole.U

http://www.microsoft.com/security/porta ... 2147371828
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers.


This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

    If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned. Limit your Internet use to this site only, should you choose to clean the machine.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being: Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 3rd, 2010, 1:01 pm

Hello,
Well I would love to get rid of it without reformatting. I have reformatted before a few months ago and its kind of a pain. Can I go the non-reformatting route first? and then if need be I guess I will reformat.

Chris
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 3rd, 2010, 5:20 pm

OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    SRV - [2010/03/05 03:29:14 | 000,195,072 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\comine.exe -- (help service)
    SRV - [2009/10/30 15:53:27 | 000,393,216 | -HS- | M] () [Auto | Running] -- C:\WINDOWS\System32\inetinfo.exe -- (WebClient)
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
    
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


================================================


ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 5th, 2010, 1:41 pm

I did both scans but this is what I got. Should I break it up into 3 different messages?

Your message contains 277875 characters. The maximum number of allowed characters is 100000.
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 5th, 2010, 1:58 pm

Yes, split the posts.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 5th, 2010, 6:27 pm

ComboFix:

ComboFix 10-07-04.04 - Chris House 07/05/2010 11:15:46.2.2 - x86
Running from: c:\documents and settings\Chris House\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chris House\Application Data\EurekaLog
c:\documents and settings\Chris House\Application Data\EurekaLog\VistaStartMenu\BugReport.zip
c:\documents and settings\Chris House\Application Data\inst.exe
c:\program files\Internet Explorer\SET26C.tmp
c:\program files\Internet Explorer\SET26D.tmp
c:\program files\StormII
c:\windows\system32\a.bat
c:\windows\system32\instsrv.exe
c:\windows\system32\server.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFPANSI
-------\Legacy_IAS
-------\Service_ias


((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-02 17:14 . 2010-07-02 17:14 -------- d-----w- C:\_OTL
2010-06-28 18:42 . 2010-06-28 18:42 388096 ----a-r- c:\documents and settings\Chris House\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-28 18:42 . 2010-06-28 18:42 -------- d-----w- c:\program files\Trend Micro
2010-06-26 21:47 . 2010-06-26 21:53 -------- d-----w- c:\documents and settings\Chris House\Application Data\Uniblue
2010-06-10 09:01 . 2010-06-10 09:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-10 09:01 . 2010-06-10 09:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-06-10 04:12 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AcrobatUpdater.exe
2010-06-06 17:44 . 2010-06-07 03:23 -------- d-----w- c:\program files\JDownloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 15:08 . 2009-11-10 00:04 0 ----a-w- c:\documents and settings\Chris House\Local Settings\Application Data\prvlcl.dat
2010-07-04 02:06 . 2009-07-15 19:15 -------- d-----w- c:\documents and settings\Chris House\Application Data\Vso
2010-07-03 20:55 . 2010-02-07 22:57 -------- d-----w- c:\documents and settings\Chris House\Application Data\vlc
2010-07-02 17:24 . 2010-01-17 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-26 22:08 . 2010-02-05 05:39 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-26 22:08 . 2009-07-15 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-26 22:07 . 2009-07-15 19:15 -------- d-----w- c:\program files\VSO
2010-06-26 22:07 . 2009-07-15 19:15 47360 ----a-w- c:\documents and settings\Chris House\Application Data\pcouffin.sys
2010-06-26 22:07 . 2009-07-15 19:15 47360 ----a-w- c:\documents and settings\Chris House\Application Data\pcouffin.sys
2010-06-26 22:06 . 2010-02-28 05:04 -------- d-----w- c:\program files\eGames
2010-06-26 17:35 . 2009-09-18 22:49 256 ----a-w- c:\windows\system32\pool.bin
2010-06-10 09:20 . 2010-01-26 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-06 18:01 . 2010-06-01 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-06 18:01 . 2010-06-01 23:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 17:24 . 2009-07-15 20:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 15:40 . 2009-07-15 18:55 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 15:40 . 2009-07-15 18:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 22:38 . 2009-11-06 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-24 20:41 . 2010-05-24 20:36 -------- d-----w- c:\program files\Ultra Video Joiner
2010-05-19 00:56 . 2009-08-24 14:17 -------- d-----w- c:\documents and settings\Chris House\Application Data\dvdcss
2010-05-09 04:16 . 2009-07-31 17:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-06 10:36 . 2009-07-14 19:40 919040 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 18:04 . 2009-07-14 19:40 1860352 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 21:39 . 2010-01-17 19:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39 . 2010-01-17 19:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-10 17:06 . 2010-02-03 23:53 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-04-10 17:06 . 2010-02-03 23:53 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-04-10 17:05 . 2010-02-03 23:51 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-12-10 04:42 . 2009-12-13 17:08 801 --sha-w- c:\windows\Fonts\server.bat
2010-01-23 05:33 . 2009-07-15 17:02 21580288 --sha-w- c:\windows\system32\qmgr.dll
2009-07-14 19:38 . 2009-07-14 19:38 35328 --sha-w- c:\windows\system32\sc.exe
2009-06-19 04:11 . 2008-04-14 12:00 106859 --sha-r- c:\windows\system32\sethc.exe
2010-01-23 05:33 . 2009-07-15 17:02 21580288 -csha-w- c:\windows\system32\dllcache\qmgr.dll
2009-12-15 02:17 . 2009-12-14 00:47 3266848 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-15 02:17 . 2009-12-14 00:47 25376 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[-] 2010-01-23 05:33 . 4A8E7E8B7D8FAD9F2F3F166D0471CC9E . 21580288 . . [1.0.0.1] . . c:\windows\system32\qmgr.dll
[-] 2010-01-23 05:33 . 4A8E7E8B7D8FAD9F2F3F166D0471CC9E . 21580288 . . [1.0.0.1] . . c:\windows\system32\dllcache\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-08_03.22.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 06:46 . 2006-12-02 06:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
- 2006-12-02 05:46 . 2006-12-02 05:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2009-07-12 02:54 . 2009-07-12 02:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
- 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 06:08 . 2006-12-02 06:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
- 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 06:08 . 2006-12-02 06:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-02 05:08 . 2006-12-02 05:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 06:08 . 2006-12-02 06:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 06:08 . 2006-12-02 06:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-02 05:08 . 2006-12-02 05:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-02 05:08 . 2006-12-02 05:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 06:08 . 2006-12-02 06:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-02 05:08 . 2006-12-02 05:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 06:08 . 2006-12-02 06:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
- 2006-12-02 05:26 . 2006-12-02 05:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 06:26 . 2006-12-02 06:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 05:25 . 2006-12-02 05:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 06:25 . 2006-12-02 06:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2009-07-12 07:07 . 2009-07-12 07:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 07:19 . 2009-07-12 07:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2006-12-02 04:56 . 2006-12-02 04:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
- 2006-12-02 03:56 . 2006-12-02 03:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 95744 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2009-12-05 21:02 . 2006-06-06 08:08 67472 c:\windows\UnDeploy.exe
+ 2010-07-05 17:21 . 2010-07-05 17:21 16384 c:\windows\temp\Perflib_Perfdata_724.dat
+ 2009-10-02 03:26 . 2004-01-25 06:00 70656 c:\windows\system32\yv12vfw.dll
+ 2008-11-09 20:20 . 2009-08-07 01:24 44768 c:\windows\system32\wups2.dll
+ 2009-07-15 17:02 . 2009-08-07 01:24 35552 c:\windows\system32\wups.dll
+ 2006-09-29 00:56 . 2006-09-29 00:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-29 02:13 . 2006-09-29 02:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2009-07-15 17:02 . 2009-08-07 01:24 53472 c:\windows\system32\wuauclt.exe
+ 2005-01-28 19:44 . 2005-01-28 19:44 10752 c:\windows\system32\wpdtrace.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 38400 c:\windows\system32\wpdshextres.dll
+ 2006-10-19 02:00 . 2006-10-19 02:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2005-01-28 19:44 . 2006-10-19 03:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2005-01-28 19:44 . 2006-10-19 03:47 35840 c:\windows\system32\wpdconns.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 37376 c:\windows\system32\wmdmps.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 33792 c:\windows\system32\wmdmlog.dll
+ 2009-12-23 22:35 . 2008-04-26 21:14 42672 c:\windows\system32\wbsys.dll
+ 2006-07-24 16:50 . 2006-07-24 16:50 47920 c:\windows\system32\VBAME.DLL
+ 2008-04-14 12:00 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 12:00 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2007-10-31 01:39 . 2007-10-31 01:39 59904 c:\windows\system32\TVUAx\zlib1.dll
+ 2008-04-14 12:00 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 75776 c:\windows\system32\strmfilt.dll
+ 2010-01-23 06:02 . 2009-05-04 00:33 15360 c:\windows\system32\srvany.exe
+ 2009-07-15 19:19 . 2009-01-08 00:21 26144 c:\windows\system32\spupdsvc.exe
+ 2010-01-26 00:54 . 2006-10-27 01:56 33104 c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
+ 2010-01-26 00:54 . 2008-11-10 17:41 67472 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2010-01-26 00:54 . 2008-11-10 17:41 67472 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
- 2009-07-15 17:04 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2010-01-25 09:00 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-11-13 04:31 . 2009-08-07 01:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-11-13 04:31 . 2009-08-07 01:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2009-07-26 22:44 . 2009-07-26 22:44 48448 c:\windows\system32\sirenacm.dll
+ 2006-07-24 16:50 . 2006-07-24 16:50 39728 c:\windows\system32\SCP32.DLL
+ 2010-06-27 18:17 . 2008-04-14 08:42 23552 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\wdmaud.drv
+ 2010-06-27 18:17 . 2008-04-14 03:15 49408 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\stream.sys
+ 2010-06-27 18:17 . 2008-04-14 03:15 60160 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\drmk.sys
+ 2010-06-27 18:17 . 2006-07-27 19:44 61952 c:\windows\system32\ReinstallBackups\0016\DriverFiles\CHDAudPropShortcut.exe
+ 2010-06-27 18:17 . 2006-07-27 19:44 24064 c:\windows\system32\ReinstallBackups\0016\DriverFiles\CHdAudprop.dll
+ 2009-11-01 18:15 . 2009-01-09 22:18 27136 c:\windows\system32\ReinstallBackups\0015\DriverFiles\RimSerial.sys
+ 2009-10-28 23:34 . 2009-01-09 22:18 27136 c:\windows\system32\ReinstallBackups\0014\DriverFiles\RimSerial.sys
+ 2009-10-14 02:01 . 2009-01-09 22:18 27136 c:\windows\system32\ReinstallBackups\0013\DriverFiles\RimSerial.sys
+ 2009-10-14 01:58 . 2009-01-09 22:18 27136 c:\windows\system32\ReinstallBackups\0012\DriverFiles\RimSerial.sys
+ 2009-09-21 00:39 . 2007-01-18 16:24 26496 c:\windows\system32\ReinstallBackups\0011\DriverFiles\RimSerial.sys
+ 2009-09-18 22:28 . 2007-01-18 16:24 26496 c:\windows\system32\ReinstallBackups\0010\DriverFiles\RimSerial.sys
- 2008-04-14 12:00 . 2008-04-14 12:00 79872 c:\windows\system32\raschap.dll
+ 2008-04-14 12:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
+ 2007-05-01 22:48 . 2009-12-01 19:14 68080 c:\windows\system32\pxinsa64.exe
+ 2009-08-06 07:27 . 2009-12-01 19:14 72176 c:\windows\system32\pxhpinst.exe
- 2009-08-06 07:27 . 2009-05-13 21:56 66296 c:\windows\system32\pxcpya64.exe
+ 2007-05-01 22:48 . 2007-05-01 22:48 66296 c:\windows\system32\pxcpya64.exe
+ 2010-03-31 06:16 . 2010-03-31 06:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2008-04-14 12:00 . 2010-07-01 15:47 68558 c:\windows\system32\perfc009.dat
+ 2009-01-08 00:20 . 2009-01-08 00:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-08 00:20 . 2009-01-08 00:20 24576 c:\windows\system32\nlsdl.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-04-14 03:42 . 2009-11-27 17:23 17920 c:\windows\system32\msyuv.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 11264 c:\windows\system32\msrle32.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 27136 c:\windows\system32\mspmsnsv.dll
+ 2010-01-26 00:54 . 2008-11-10 17:41 32656 c:\windows\system32\msonpmon.dll
+ 2008-04-14 12:00 . 2009-03-08 10:31 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 10:31 . 2009-03-08 10:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 10:31 . 2010-05-06 10:36 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-04-14 12:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
+ 2003-03-19 02:44 . 2003-03-19 02:44 49152 c:\windows\system32\MFC71KOR.DLL
+ 2003-03-19 02:44 . 2003-03-19 02:44 49152 c:\windows\system32\MFC71JPN.DLL
+ 2003-03-19 02:44 . 2003-03-19 02:44 61440 c:\windows\system32\MFC71ITA.DLL
+ 2003-03-19 02:44 . 2003-03-19 02:44 61440 c:\windows\system32\MFC71FRA.DLL
+ 2003-03-19 02:44 . 2003-03-19 02:44 61440 c:\windows\system32\MFC71ESP.DLL
+ 2003-03-19 02:44 . 2003-03-19 02:44 57344 c:\windows\system32\MFC71ENU.DLL
+ 2003-03-19 02:44 . 2003-03-19 02:44 65536 c:\windows\system32\MFC71DEU.DLL
+ 2003-03-19 02:44 . 2003-03-19 02:44 45056 c:\windows\system32\MFC71CHT.DLL
+ 2003-03-19 02:44 . 2003-03-19 02:44 40960 c:\windows\system32\MFC71CHS.DLL
- 2009-07-15 19:01 . 2009-09-04 18:22 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-15 19:01 . 2010-02-05 22:01 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-02 00:46 . 2009-10-25 21:50 89101 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-04-14 12:00 . 2006-10-19 03:47 11264 c:\windows\system32\LAPRXY.dll
+ 2009-11-15 18:29 . 2009-07-20 18:26 84496 c:\windows\system32\KemXML.dll
+ 2008-04-14 12:00 . 2010-05-06 10:36 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 03:41 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2008-04-14 12:00 . 2009-03-08 10:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 10:32 . 2009-03-08 10:32 36864 c:\windows\system32\ieudinit.exe
+ 2008-04-14 12:00 . 2009-03-08 10:32 71680 c:\windows\system32\iesetup.dll
+ 2008-04-14 12:00 . 2009-03-08 10:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-08 00:20 . 2009-01-08 00:20 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 10:31 . 2009-03-08 10:31 59904 c:\windows\system32\icardie.dll
+ 2009-10-02 03:26 . 2004-01-25 06:00 70656 c:\windows\system32\i420vfw.dll
+ 2008-04-14 12:00 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
+ 2009-12-14 16:53 . 2008-04-14 12:00 42496 c:\windows\system32\fp.exe
- 2009-07-14 19:41 . 2009-07-14 19:41 81920 c:\windows\system32\fontsub.dll
+ 2009-07-14 19:41 . 2009-10-15 16:39 81920 c:\windows\system32\fontsub.dll
+ 2006-10-26 20:10 . 2006-10-26 20:10 33088 c:\windows\system32\FM20ENU.DLL
+ 2007-05-01 22:48 . 2007-05-01 22:48 68344 c:\windows\system32\drvins64.exe
+ 2008-04-14 12:00 . 2005-01-28 19:44 96768 c:\windows\system32\drmstor.dll
+ 2006-09-29 01:00 . 2006-09-29 01:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-29 00:55 . 2006-09-29 00:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2005-01-28 19:44 . 2006-10-19 02:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2010-02-07 22:35 . 2008-04-14 04:15 60032 c:\windows\system32\drivers\USBAUDIO.sys
- 2008-04-13 22:15 . 2008-04-14 03:15 49408 c:\windows\system32\drivers\stream.sys
+ 2008-04-13 22:15 . 2008-04-14 04:15 49408 c:\windows\system32\drivers\stream.sys
+ 2008-05-21 00:33 . 2008-05-21 00:33 22784 c:\windows\system32\drivers\RimUsb.sys
+ 2009-09-18 22:28 . 2009-01-09 22:18 27136 c:\windows\system32\drivers\RimSerial.sys
+ 2007-05-01 09:00 . 2009-12-01 19:14 44944 c:\windows\system32\drivers\pxhelp20.sys
+ 2009-06-17 16:56 . 2009-06-17 16:56 28560 c:\windows\system32\drivers\LUsbFilt.sys
+ 2009-06-17 16:56 . 2009-06-17 16:56 37392 c:\windows\system32\drivers\LMouFilt.Sys
+ 2009-06-17 16:56 . 2009-06-17 16:56 35472 c:\windows\system32\drivers\LHidFilt.Sys
+ 2009-11-15 18:30 . 2009-06-17 16:55 10384 c:\windows\system32\drivers\LBeepKE.sys
- 2009-07-15 19:27 . 2008-04-14 03:15 60160 c:\windows\system32\drivers\drmk.sys
+ 2009-07-15 19:27 . 2008-04-14 04:15 60160 c:\windows\system32\drivers\drmk.sys
+ 2008-06-11 00:03 . 2008-06-11 00:03 57344 c:\windows\system32\dpv11.dll
+ 2008-06-11 00:03 . 2008-06-11 00:03 53248 c:\windows\system32\dpuGUI10.dll
+ 2008-06-11 00:03 . 2008-06-11 00:03 81920 c:\windows\system32\dpl100.dll
+ 2009-09-28 02:12 . 2010-05-06 10:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-07-15 17:02 . 2009-08-07 01:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-07-15 17:02 . 2009-08-07 01:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-07-15 17:02 . 2006-11-03 16:01 64000 c:\windows\system32\dllcache\wmplayer.exe
+ 2009-07-15 17:02 . 2006-11-03 16:01 96768 c:\windows\system32\dllcache\wmpband.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 33792 c:\windows\system32\dllcache\wmdmlog.dll
+ 2010-02-07 22:35 . 2008-04-14 04:15 60032 c:\windows\system32\dllcache\usbaudio.sys
- 2008-04-14 12:00 . 2008-04-14 12:00 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2008-04-14 12:00 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
- 2008-04-13 22:15 . 2008-04-14 03:15 49408 c:\windows\system32\dllcache\stream.sys
+ 2008-04-13 22:15 . 2008-04-14 04:15 49408 c:\windows\system32\dllcache\stream.sys
+ 2008-04-14 12:00 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 79872 c:\windows\system32\dllcache\raschap.dll
+ 2008-04-14 12:00 . 2009-03-08 10:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-12-14 16:53 . 2008-04-14 12:00 42496 c:\windows\system32\dllcache\nt.exe
+ 2010-02-09 20:18 . 2009-11-27 17:23 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 27136 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2008-04-14 12:00 . 2009-03-08 10:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2008-04-14 12:00 . 2009-03-08 10:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-09-28 02:12 . 2010-05-06 10:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-14 12:00 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 11264 c:\windows\system32\dllcache\LAPRXY.dll
+ 2008-04-14 12:00 . 2010-05-06 10:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-02-09 20:17 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2008-04-14 12:00 . 2009-03-08 10:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2008-04-14 12:00 . 2009-03-08 10:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2008-04-14 12:00 . 2009-03-08 10:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2008-04-14 12:00 . 2009-03-08 10:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-09-28 02:12 . 2009-10-02 04:44 92160 c:\windows\system32\dllcache\iecompat.dll
+ 2008-04-14 12:00 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2009-07-15 17:01 . 2009-03-08 10:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-07-14 19:41 . 2009-10-15 16:39 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-07-14 19:41 . 2009-07-14 19:41 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2008-04-14 12:00 . 2005-01-28 19:44 96768 c:\windows\system32\dllcache\drmstor.dll
- 2009-07-15 19:27 . 2008-04-14 03:15 60160 c:\windows\system32\dllcache\drmk.sys
+ 2009-07-15 19:27 . 2008-04-14 04:15 60160 c:\windows\system32\dllcache\drmk.sys
+ 2008-04-14 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-14 12:00 . 2009-03-08 10:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2008-11-09 20:20 . 2009-08-07 01:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2008-04-14 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2008-04-14 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2008-04-14 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2008-04-14 12:00 . 2009-03-08 10:33 18944 c:\windows\system32\corpol.dll
- 2006-07-27 19:44 . 2006-07-27 19:44 61952 c:\windows\system32\CHDAudPropShortcut.exe
+ 2006-07-27 19:44 . 2006-06-02 21:02 61952 c:\windows\system32\CHDAudPropShortcut.exe
+ 2006-07-27 19:44 . 2006-06-02 21:02 24064 c:\windows\system32\CHdAudprop.dll
- 2006-07-27 19:44 . 2006-07-27 19:44 24064 c:\windows\system32\CHdAudprop.dll
+ 2008-11-09 20:20 . 2009-08-07 01:24 96480 c:\windows\system32\cdm.dll
+ 2008-04-14 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2009-10-02 03:26 . 2005-07-14 18:31 27648 c:\windows\system32\AVSredirect.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
- 2008-04-14 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
+ 2010-03-11 23:41 . 2010-03-11 23:41 12464 c:\windows\system32\avgrsstx.dll
+ 2010-05-24 20:36 . 2006-09-26 19:57 28672 c:\windows\system32\AVEQT.dll
+ 2008-04-14 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 96768 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 87040 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 96768 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2009-10-28 23:38 . 2005-01-28 19:44 18944 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2009-10-28 23:38 . 2005-01-28 19:44 10752 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 66560 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 61952 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 38912 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 38912 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2009-10-28 23:38 . 2005-01-28 19:44 15872 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 47104 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2009-10-28 23:38 . 2005-01-28 19:44 33792 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 28160 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 25088 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2009-09-18 22:30 . 2008-04-14 12:00 23552 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMPS.dll
+ 2009-09-18 22:30 . 2008-04-14 12:00 27136 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMLOG.dll
+ 2009-09-18 22:30 . 2008-04-14 12:00 52224 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 11:31 . 2010-03-23 11:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2006-10-26 19:44 . 2006-10-26 19:44 68280 c:\windows\Microsoft.NET\Framework\v2.0.50727\al.exe
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2009-06-17 16:55 . 2009-06-17 16:55 55824 c:\windows\KHALMNPR.Exe
+ 2010-01-26 00:44 . 2010-01-26 00:44 48128 c:\windows\Installer\461ea2c.msi
+ 2009-11-09 23:52 . 2009-11-09 23:52 22016 c:\windows\Installer\18a10e.msi
+ 2009-11-09 23:50 . 2009-11-09 23:50 27136 c:\windows\Installer\18a0d7.msi
+ 2009-11-25 09:00 . 2009-11-25 09:00 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-09-21 00:39 . 2009-10-14 01:58 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-14 01:58 . 2009-10-14 01:58 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-09-21 00:39 . 2009-10-14 01:58 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-09-21 00:39 . 2009-10-14 01:58 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-09-21 00:39 . 2009-10-14 01:58 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-09-21 00:39 . 2009-10-14 01:58 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-09-21 00:39 . 2009-10-14 01:58 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-09-21 00:39 . 2009-10-14 01:58 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\DesktopMgr.exe
+ 2009-10-28 23:43 . 2009-10-28 23:43 25214 c:\windows\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\NewShortcut4_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-10-28 23:43 . 2009-10-28 23:43 25214 c:\windows\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\NewShortcut33_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-10-28 23:43 . 2009-10-28 23:43 25214 c:\windows\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\NewShortcut24_8E832933A07340209FB8DBADC480B69B_1.exe
+ 2009-10-28 23:43 . 2009-10-28 23:43 25214 c:\windows\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\MediaManager8.exe_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-10-28 23:43 . 2009-10-28 23:43 25214 c:\windows\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\ARPPRODUCTICON.exe
+ 2009-10-25 21:50 . 2009-10-25 21:50 77824 c:\windows\Installer\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}\ARPPRODUCTICON.exe
+ 2009-11-09 23:51 . 2009-11-09 23:51 80395 c:\windows\Installer\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}\MsblIco.Exe
+ 2009-11-15 18:31 . 2009-11-15 18:31 10134 c:\windows\Installer\{A498D9EB-927B-459B-85D6-DD6EF8C2C564}\ARPPRODUCTICON.exe
+ 2009-09-18 22:28 . 2009-09-18 22:28 26694 c:\windows\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-09-18 22:28 . 2009-09-18 22:28 26694 c:\windows\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-09-18 22:28 . 2009-09-18 22:28 26694 c:\windows\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-09-18 22:28 . 2009-09-18 22:28 26694 c:\windows\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-09-18 22:28 . 2009-09-18 22:28 26694 c:\windows\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-09-18 22:28 . 2009-09-18 22:28 26694 c:\windows\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-09-18 22:28 . 2009-09-18 22:28 26694 c:\windows\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-09-18 22:28 . 2009-09-18 22:28 69632 c:\windows\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\DesktopMgr.exe
+ 2010-01-26 00:54 . 2010-06-10 09:20 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-26 00:54 . 2010-06-10 09:20 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-26 00:54 . 2010-06-10 09:20 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-05 09:00 . 2010-06-05 09:00 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2009-11-09 23:52 . 2009-11-09 23:52 58945 c:\windows\Installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}\wlmail.exe
+ 2009-09-18 22:35 . 2009-09-18 22:35 25214 c:\windows\Installer\{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}\NewShortcut4_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-09-18 22:35 . 2009-09-18 22:35 25214 c:\windows\Installer\{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}\NewShortcut33_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-09-18 22:35 . 2009-09-18 22:35 25214 c:\windows\Installer\{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}\NewShortcut24_8E832933A07340209FB8DBADC480B69B_1.exe
+ 2009-09-18 22:35 . 2009-09-18 22:35 25214 c:\windows\Installer\{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}\MediaManager8.exe_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-10-24 20:22 . 2009-10-24 20:22 25214 c:\windows\Installer\{4D612FB2-1AE7-4E46-9377-35BB2F06A787}\NewShortcut4_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-10-24 20:22 . 2009-10-24 20:22 25214 c:\windows\Installer\{4D612FB2-1AE7-4E46-9377-35BB2F06A787}\NewShortcut33_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-10-24 20:22 . 2009-10-24 20:22 25214 c:\windows\Installer\{4D612FB2-1AE7-4E46-9377-35BB2F06A787}\NewShortcut24_8E832933A07340209FB8DBADC480B69B_1.exe
+ 2009-10-24 20:22 . 2009-10-24 20:22 25214 c:\windows\Installer\{4D612FB2-1AE7-4E46-9377-35BB2F06A787}\MediaManager8.exe_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-11-15 18:28 . 2009-11-15 18:28 10134 c:\windows\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
+ 2009-10-28 23:34 . 2009-11-01 18:15 49152 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2009-10-28 23:34 . 2009-11-01 18:15 49152 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2009-10-28 23:34 . 2009-11-01 18:15 49152 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2009-10-28 23:34 . 2009-11-01 18:15 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-28 23:34 . 2009-11-01 18:15 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-28 23:34 . 2009-11-01 18:15 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-28 23:34 . 2009-11-01 18:15 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-28 23:34 . 2009-11-01 18:15 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-28 23:34 . 2009-11-01 18:15 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-28 23:34 . 2009-11-01 18:15 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-28 23:34 . 2009-11-01 18:15 69632 c:\windows\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
+ 2009-11-15 18:30 . 2009-11-15 18:30 10134 c:\windows\Installer\{0C826C5B-B131-423A-A229-C71B3CACCD6A}\ARPPRODUCTICON.exe
+ 2009-04-04 00:01 . 2009-04-04 00:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\XL12CNVP.DLL
+ 2009-04-03 23:57 . 2009-04-03 23:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WRD12EXE.EXE
+ 2006-07-24 16:50 . 2006-07-24 16:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2009-01-07 03:31 . 2009-01-07 03:31 48512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PUBTRAP.DLL
+ 2008-10-25 14:18 . 2008-10-25 14:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 14:18 . 2008-10-25 14:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2006-07-24 16:50 . 2006-07-24 16:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2006-10-27 03:17 . 2006-10-27 03:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 21:11 . 2006-10-27 21:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2010-01-26 00:50 . 2010-01-26 00:50 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPOL.DLL
+ 2006-10-27 04:58 . 2006-10-27 04:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2010-01-26 00:50 . 2010-01-26 00:50 12080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
+ 2010-01-26 00:49 . 2010-01-26 00:49 64288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
+ 2006-10-26 20:04 . 2006-10-26 20:04 76624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-26 20:04 . 2006-10-26 20:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 20:04 . 2006-10-26 20:04 51008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 20:04 . 2006-10-26 20:04 27456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 20:04 . 2006-10-26 20:04 58168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 20:05 . 2006-10-26 20:05 86840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 20:04 . 2006-10-26 20:04 29976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-27 01:59 . 2006-10-27 01:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-27 01:49 . 2006-10-27 01:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-27 02:55 . 2006-10-27 02:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-27 02:55 . 2006-10-27 02:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-26 20:04 . 2006-10-26 20:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-27 02:12 . 2006-10-27 02:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-27 02:09 . 2006-10-27 02:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2006-10-26 20:05 . 2006-10-26 20:05 77144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2010-01-26 00:50 . 2010-01-26 00:50 12112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPOL.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-27 21:16 . 2006-10-27 21:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-27 01:59 . 2006-10-27 01:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-27 01:59 . 2006-10-27 01:59 18760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OPHPROXY.DLL
+ 2006-10-27 02:24 . 2006-10-27 02:24 72504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-27 02:24 . 2006-10-27 02:24 98632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-27 01:59 . 2006-10-27 01:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-27 02:00 . 2006-10-27 02:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 21:11 . 2006-10-27 21:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2010-01-26 00:50 . 2010-01-26 00:50 11544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
+ 2006-10-27 02:12 . 2006-10-27 02:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2010-01-26 00:50 . 2010-01-26 00:50 12104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL
+ 2010-01-26 00:49 . 2010-01-26 00:49 20280 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL
+ 2006-10-27 01:59 . 2006-10-27 01:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-27 01:58 . 2006-10-27 01:58 20776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPGIMME.DLL
+ 2006-10-27 21:26 . 2006-10-27 21:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-27 01:56 . 2006-10-27 01:56 67408 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPUI.DLL
+ 2006-10-27 01:56 . 2006-10-27 01:56 32592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPMON.DLL
+ 2006-10-27 01:52 . 2006-10-27 01:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-27 02:12 . 2006-10-27 02:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 21:01 . 2006-10-27 21:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 01:48 . 2006-10-27 01:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 01:59 . 2006-10-27 01:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-27 01:52 . 2006-10-27 01:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSE7.EXE
+ 2006-10-27 03:18 . 2006-10-27 03:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-27 02:12 . 2006-10-27 02:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2006-10-27 03:41 . 2006-10-27 03:41 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INLAUNCH.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 35112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL
+ 2006-10-27 06:47 . 2006-10-27 06:47 16688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
+ 2006-10-27 06:47 . 2006-10-27 06:47 22808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-27 06:47 . 2006-10-27 06:47 31016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE
+ 2006-10-27 06:47 . 2006-10-27 06:47 33568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 21:37 . 2006-10-27 21:37 34088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL
+ 2006-10-27 06:47 . 2006-10-27 06:47 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE
+ 2010-01-26 00:49 . 2010-01-26 00:49 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2006-10-26 20:04 . 2006-10-26 20:04 75576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2010-01-26 00:48 . 2010-01-26 00:48 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPOL.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 03:30 . 2006-10-27 03:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 02:12 . 2006-10-27 02:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 21:00 . 2006-10-27 21:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 03:18 . 2006-10-27 03:18 94016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCOLK.DLL
+ 2010-06-10 09:16 . 2010-02-25 06:19 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-10 09:16 . 2010-02-25 06:19 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-10 09:16 . 2010-02-25 06:19 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-03-31 03:18 . 2009-12-21 19:09 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-03-31 03:18 . 2009-12-21 19:09 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-03-31 03:18 . 2009-12-21 19:09 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 2010-01-22 09:01 . 2009-10-29 07:45 12800 c:\windows\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-01-22 09:01 . 2009-10-29 07:45 55296 c:\windows\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-01-22 09:01 . 2009-10-29 07:45 25600 c:\windows\ie8updates\KB978207-IE8\jsproxy.dll
+ 2009-12-15 02:23 . 2009-03-08 10:33 12288 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2009-12-15 02:23 . 2009-03-08 10:31 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2009-12-15 02:23 . 2009-10-29 07:45 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2009-12-15 02:23 . 2008-04-14 12:00 34304 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2009-12-15 02:22 . 2009-03-08 20:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-09-28 02:13 . 2009-03-08 20:23 58464 c:\windows\ie8\spuninst\_000000_.tmp.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 39424 c:\windows\ie8\pngfilt.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 56832 c:\windows\ie8\mshtmler.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 29184 c:\windows\ie8\mshta.exe
+ 2009-12-15 02:22 . 2008-04-14 12:00 22016 c:\windows\ie8\licmgr10.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 96256 c:\windows\ie8\inseng.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 35840 c:\windows\ie8\imgutil.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 48640 c:\windows\ie8\iernonce.dll
+ 2009-12-15 02:22 . 2009-06-26 16:42 81920 c:\windows\ie8\ieencode.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 34304 c:\windows\ie8\ie4uinit.exe
+ 2009-12-15 02:22 . 2008-04-14 12:00 38912 c:\windows\ie8\hmmapi.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 61440 c:\windows\ie8\admparse.dll
+ 2010-02-09 20:18 . 2009-11-27 17:23 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2010-02-09 20:17 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2006-06-30 18:00 . 2006-06-30 18:00 29616 c:\windows\Downloaded Program Files\dwusplay.dll
+ 2010-01-29 16:33 . 2006-02-02 23:58 63488 c:\windows\Debug\UserMode\sc.exe
+ 2010-01-29 16:33 . 2006-02-02 23:58 11264 c:\windows\Debug\UserMode\look.dll
+ 2010-06-24 09:06 . 2010-06-24 09:06 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2009-11-13 09:18 . 2009-11-13 09:18 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2010-06-24 09:09 . 2010-06-24 09:09 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-06-10 09:23 . 2010-06-10 09:23 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-11-13 09:21 . 2009-11-13 09:21 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2010-06-24 09:06 . 2010-06-24 09:06 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-06-10 09:11 . 2010-06-10 09:11 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
+ 2010-06-24 09:05 . 2010-06-24 09:05 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
+ 2009-11-13 09:21 . 2009-11-13 09:21 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-11-13 09:21 . 2009-11-13 09:21 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-11-13 09:20 . 2009-11-13 09:20 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-11-13 09:19 . 2009-11-13 09:19 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 13024 c:\windows\assembly\GAC_MSIL\VSTADTEProvider.Interop\8.0.0.0__b03f5f7f11d50a3a\VSTADTEProvider.Interop.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-10 09:11 . 2010-06-10 09:11 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-08-09 08:04 . 2009-08-09 08:04 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 39624 c:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-01-26 00:44 . 2010-01-26 00:44 53248 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 73728 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WizardFramework\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WizardFramework.Dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 16384 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.VSContentInstaller\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSContentInstaller.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 72472 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 39704 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 39712 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 15872 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TemplateWizardInterface\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TemplateWizardInterface.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 32768 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 49152 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 24576 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities.Sync\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll
+ 2010-01-26 00:44 . 2010-01-26 00:44 49152 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.DebuggerVisualizers\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.DebuggerVisualizers.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 60200 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 39728 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 43840 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 69632 c:\windows\assembly\GAC_MSIL\Microsoft.MSXML\8.0.0.0__b03f5f7f11d50a3a\microsoft.msxml.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 49152 c:\windows\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 73728 c:\windows\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\VSLangProj80.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 19968 c:\windows\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\VSLangProj2.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 53248 c:\windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\VSLangProj.dll
+ 2010-01-26 01:54 . 2010-01-26 01:54 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
- 2009-07-15 21:09 . 2009-07-15 21:09 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2010-01-27 09:20 . 2010-01-27 09:20 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2010-01-27 09:20 . 2010-01-27 09:20 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2010-01-27 09:21 . 2010-01-27 09:21 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2010-01-27 09:20 . 2010-01-27 09:20 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
+ 2010-01-27 09:21 . 2010-01-27 09:21 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 12632 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2010-01-27 09:20 . 2010-01-27 09:20 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2010-01-27 09:20 . 2010-01-27 09:20 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2010-01-26 00:48 . 2010-01-26 00:48 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 11264 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 57344 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.8.0.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 69632 c:\windows\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommandBars.dll
+ 2010-01-27 09:20 . 2010-01-27 09:20 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 13312 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2010-01-27 09:20 . 2010-01-27 09:20 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2010-01-26 00:49 . 2010-01-26 00:49 35648 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 17208 c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2010-01-26 00:49 . 2010-01-26 00:49 88896 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2010-01-26 00:48 . 2010-01-26 00:48 80696 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 16712 c:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 31560 c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
+ 2010-01-26 00:50 . 2010-01-26 00:50 82784 c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 65536 c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2010-01-24 04:36 . 2006-09-29 01:01 58368 c:\windows\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2010-01-24 04:37 . 2008-04-14 12:00 73728 c:\windows\$NtUninstallwmp11$\wmplayer.exe
+ 2010-01-24 04:37 . 2008-04-14 12:00 98304 c:\windows\$NtUninstallwmp11$\wmpband.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 18944 c:\windows\$NtUninstallWMFDist11$\wpdusb.sys
+ 2010-01-24 04:36 . 2005-01-28 19:44 66560 c:\windows\$NtUninstallWMFDist11$\wpdmtpus.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 61952 c:\windows\$NtUninstallWMFDist11$\wpdconns.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 38912 c:\windows\$NtUninstallWMFDist11$\wpd_ci.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 33792 c:\windows\$NtUninstallWMFDist11$\wmdmps.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 28160 c:\windows\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 38912 c:\windows\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2010-01-24 04:36 . 2005-01-28 19:44 15872 c:\windows\$NtUninstallWMFDist11$\wdfapi.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 47104 c:\windows\$NtUninstallWMFDist11$\uwdf.exe
+ 2010-01-24 04:36 . 2006-11-02 17:46 13312 c:\windows\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 25088 c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2010-01-24 04:36 . 2008-06-10 11:52 96768 c:\windows\$NtUninstallWMFDist11$\logagent.exe
+ 2010-05-27 09:00 . 2010-01-23 08:11 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-05-27 09:00 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-04-14 09:00 . 2008-04-14 12:00 84480 c:\windows\$NtUninstallKB979309$\cabview.dll
+ 2010-02-24 09:00 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB979306$\tzchange.exe
+ 2010-02-24 09:00 . 2010-01-23 10:40 16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll
+ 2010-02-10 09:03 . 2008-04-14 12:00 32256 c:\windows\$NtUninstallKB978037$\csrsrv.dll
+ 2010-02-10 09:01 . 2008-04-14 12:00 25600 c:\windows\$NtUninstallKB977914$\msvidc32.dll
+ 2010-02-10 09:01 . 2008-04-14 12:00 11264 c:\windows\$NtUninstallKB977914$\msrle32.dll
+ 2010-02-10 09:01 . 2009-07-14 19:54 47616 c:\windows\$NtUninstallKB977914$\iyuv_32.dll
+ 2010-02-10 09:01 . 2009-06-10 14:13 84992 c:\windows\$NtUninstallKB977914$\avifil32.dll
+ 2009-11-25 09:00 . 2009-07-14 11:03 46080 c:\windows\$NtUninstallKB976098-v2$\tzchange.exe
+ 2009-11-25 09:00 . 2009-10-29 02:03 16896 c:\windows\$NtUninstallKB976098-v2$\spuninst\tzchange.dll
+ 2010-02-10 09:02 . 2009-07-14 19:54 16896 c:\windows\$NtUninstallKB975560$\msyuv.dll
+ 2009-11-13 09:04 . 2008-04-14 12:00 57344 c:\windows\$NtUninstallKB974571$\msasn1.dll
+ 2009-12-09 09:01 . 2008-04-14 12:00 79872 c:\windows\$NtUninstallKB974318$\raschap.dll
+ 2010-01-13 09:00 . 2009-07-14 19:41 81920 c:\windows\$NtUninstallKB972270$\fontsub.dll
+ 2009-12-09 09:02 . 2008-04-14 12:00 75776 c:\windows\$NtUninstallKB970430$\strmfilt.dll
+ 2009-12-09 09:02 . 2008-04-14 12:00 24576 c:\windows\$NtUninstallKB970430$\httpapi.dll
+ 2010-04-15 09:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981332-IE8\update\spcustom.dll
+ 2010-04-15 09:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981332-IE8\spmsg.dll
+ 2010-04-15 09:03 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB980232\update\spcustom.dll
+ 2010-04-15 09:03 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB980232\spmsg.dll
+ 2010-04-14 09:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll
+ 2010-04-14 09:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB979309\spmsg.dll
+ 2010-04-13 23:59 . 2010-01-13 13:48 86016 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
+ 2010-02-10 09:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978706\update\spcustom.dll
+ 2010-02-10 09:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978706\spmsg.dll
+ 2010-04-14 09:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll
+ 2010-04-14 09:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB978601\spmsg.dll
+ 2010-05-12 09:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-05-12 09:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-04-15 09:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2010-04-15 09:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978262\update\spcustom.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978262\spmsg.dll
+ 2010-02-10 09:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978251\update\spcustom.dll
+ 2010-02-10 09:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978251\spmsg.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978037\update\spcustom.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978037\spmsg.dll
+ 2010-02-09 20:18 . 2009-12-14 07:10 33280 c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll
+ 2010-02-10 09:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll
+ 2010-02-10 09:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977914\spmsg.dll
+ 2010-02-09 20:17 . 2009-11-27 16:28 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll
+ 2010-02-09 20:17 . 2009-11-27 16:28 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll
+ 2010-02-09 20:17 . 2009-11-27 16:28 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll
+ 2010-02-09 20:17 . 2009-11-27 16:28 84992 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll
+ 2010-04-15 09:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-04-15 09:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2009-11-14 09:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976749-IE8\update\spcustom.dll
+ 2009-11-14 09:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976749-IE8\spmsg.dll
+ 2010-02-24 09:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll
+ 2010-02-24 09:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll
+ 2009-12-09 09:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976325-IE8\update\spcustom.dll
+ 2009-12-09 09:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB976325-IE8\spmsg.dll
+ 2009-12-08 21:54 . 2009-10-29 07:45 12800 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\xpshims.dll
+ 2009-12-08 21:54 . 2009-10-29 07:45 55296 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\msfeedsbs.dll
+ 2009-12-08 21:54 . 2009-10-29 07:45 25600 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\jsproxy.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975713\update\spcustom.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975713\spmsg.dll
+ 2010-03-10 09:03 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975561\update\spcustom.dll
+ 2010-03-10 09:03 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975561\spmsg.dll
+ 2009-12-15 02:23 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975364-IE8\update\spcustom.dll
+ 2009-12-15 02:23 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975364-IE8\spmsg.dll
+ 2009-12-15 02:21 . 2009-10-02 04:43 92160 c:\windows\$hf_mig$\KB975364-IE8\SP3QFE\iecompat.dll
+ 2009-11-13 09:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll
+ 2009-11-13 09:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975025\spmsg.dll
+ 2009-11-13 09:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll
+ 2009-11-13 09:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974571\spmsg.dll
+ 2009-11-13 04:40 . 2009-09-04 20:57 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll
+ 2009-11-13 09:08 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB974455-IE8\update\spcustom.dll
+ 2009-11-13 09:08 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB974455-IE8\spmsg.dll
+ 2009-11-13 04:39 . 2009-08-29 08:01 12800 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\xpshims.dll
+ 2009-11-13 04:39 . 2009-08-29 08:01 55296 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\msfeedsbs.dll
+ 2009-11-13 04:39 . 2009-08-29 08:01 25600 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\jsproxy.dll
+ 2009-12-09 09:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2009-12-09 09:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2009-12-09 09:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2009-12-09 09:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2009-12-08 21:55 . 2009-10-12 13:28 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2009-11-13 09:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll
+ 2009-11-13 09:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974112\spmsg.dll
+ 2009-09-28 02:14 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973874-IE8\update\spcustom.dll
+ 2009-09-28 02:14 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973874-IE8\spmsg.dll
+ 2009-11-25 09:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973687\update\spcustom.dll
+ 2009-11-25 09:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973687\spmsg.dll
+ 2009-11-13 09:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973525\update\spcustom.dll
+ 2009-11-13 09:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973525\spmsg.dll
+ 2009-09-28 02:14 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB972260-IE8\update\spcustom.dll
+ 2009-09-28 02:14 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB972260-IE8\spmsg.dll
+ 2009-09-28 02:12 . 2009-07-03 17:06 12800 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\xpshims.dll
+ 2009-09-28 02:12 . 2009-07-03 17:06 55296 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\msfeedsbs.dll
+ 2009-09-28 02:12 . 2009-07-03 17:06 25600 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\jsproxy.dll
+ 2009-11-13 09:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971961-IE8\update\spcustom.dll
+ 2009-11-13 09:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971961-IE8\spmsg.dll
+ 2010-02-10 09:03 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971468\update\spcustom.dll
+ 2010-02-10 09:03 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971468\spmsg.dll
+ 2009-12-09 09:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB970430\update\spcustom.dll
+ 2009-12-09 09:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB970430\spmsg.dll
+ 2009-12-08 21:55 . 2009-10-21 05:40 75776 c:\windows\$hf_mig$\KB970430\SP3QFE\strmfilt.dll
+ 2009-12-08 21:55 . 2009-10-21 05:40 25088 c:\windows\$hf_mig$\KB970430\SP3QFE\httpapi.dll
+ 2009-11-13 09:07 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll
+ 2009-11-13 09:07 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969059\spmsg.dll
+ 2009-11-13 09:05 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll
+ 2009-11-13 09:05 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956844\spmsg.dll
+ 2010-01-13 09:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB955759\update\spcustom.dll
+ 2010-01-13 09:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB955759\spmsg.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\wmvdmoe2.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\wmvdmod.dll
+ 2005-01-28 19:44 . 2006-10-19 03:47 4096 c:\windows\system32\WMVADVE.DLL
+ 2005-01-28 19:44 . 2006-10-19 03:47 4096 c:\windows\system32\WMVADVD.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\wmsdmoe2.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\wmsdmod.dll
+ 2005-01-28 19:44 . 2006-10-19 03:58 8704 c:\windows\system32\wdfmgr.exe
+ 2005-01-28 19:44 . 2006-10-19 03:47 4096 c:\windows\system32\wdfapi.dll
+ 2005-01-28 19:44 . 2006-10-19 03:58 8704 c:\windows\system32\uwdf.exe
+ 2001-08-17 20:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2010-06-27 18:17 . 2008-04-14 08:41 4096 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\ksuser.dll
+ 2010-06-27 18:17 . 2006-07-27 19:44 5120 c:\windows\system32\ReinstallBackups\0016\DriverFiles\CHdAudPropres.dll
+ 2010-05-01 15:07 . 2001-08-18 02:36 5632 c:\windows\system32\ptpusb.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\MPG4DMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\MP4SDMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\MP43DMOD.dll
- 2009-07-15 11:50 . 2008-04-14 08:41 4096 c:\windows\system32\ksuser.dll
+ 2009-07-15 11:50 . 2008-04-14 09:41 4096 c:\windows\system32\ksuser.dll
+ 2009-09-17 00:07 . 2001-08-18 02:36 8192 c:\windows\system32\kbdkor.dll
+ 2009-09-17 00:07 . 2001-08-18 02:36 8704 c:\windows\system32\kbdjpn.dll
+ 2009-09-17 00:07 . 2008-04-14 09:39 6144 c:\windows\system32\kbd106.dll
+ 2009-09-17 00:07 . 2001-08-17 18:55 5632 c:\windows\system32\kbd103.dll
+ 2009-09-17 00:07 . 2001-08-17 18:55 6144 c:\windows\system32\kbd101c.dll
+ 2009-09-17 00:07 . 2001-08-17 18:55 6144 c:\windows\system32\kbd101b.dll
+ 2008-12-17 16:22 . 2008-06-13 01:36 7680 c:\windows\system32\ff_vfw.dll
+ 2009-10-26 02:49 . 2008-12-24 11:07 1615 c:\windows\system32\drivers\etc\mvps.bat
+ 2007-02-02 10:00 . 2007-02-02 10:00 9464 c:\windows\system32\drivers\cdralw2k.sys
- 2009-08-06 07:27 . 2009-05-13 21:56 9464 c:\windows\system32\drivers\cdralw2k.sys
- 2009-08-06 07:27 . 2009-05-13 21:56 9336 c:\windows\system32\drivers\cdr4_xp.sys
+ 2007-02-02 10:00 . 2007-02-02 10:00 9336 c:\windows\system32\drivers\cdr4_xp.sys
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\wmvdmod.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\wmsdmod.dll
+ 2010-02-09 20:17 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\MPG4DMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\MP4SDMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\MP43DMOD.dll
+ 2009-07-15 11:50 . 2008-04-14 09:41 4096 c:\windows\system32\dllcache\ksuser.dll
- 2009-07-15 11:50 . 2008-04-14 08:41 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2009-09-17 00:07 . 2001-08-18 02:36 8192 c:\windows\system32\dllcache\kbdkor.dll
+ 2009-09-17 00:07 . 2001-08-18 02:36 8704 c:\windows\system32\dllcache\kbdjpn.dll
+ 2009-09-17 00:07 . 2008-04-14 09:39 6144 c:\windows\system32\dllcache\kbd106.dll
+ 2009-09-17 00:07 . 2001-08-17 18:55 5632 c:\windows\system32\dllcache\kbd103.dll
+ 2009-09-17 00:07 . 2001-08-17 18:55 6144 c:\windows\system32\dllcache\kbd101c.dll
+ 2009-09-17 00:07 . 2001-08-17 18:55 6144 c:\windows\system32\dllcache\kbd101b.dll
+ 2008-04-14 12:00 . 2006-11-03 15:59 7680 c:\windows\system32\dllcache\asferror.dll
- 2006-07-27 19:44 . 2006-07-27 19:44 5120 c:\windows\system32\CHdAudPropres.dll
+ 2006-07-27 19:44 . 2006-06-02 21:02 5120 c:\windows\system32\CHdAudPropres.dll
+ 2008-04-14 12:00 . 2006-11-03 15:59 7680 c:\windows\system32\asferror.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 6656 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 6656 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\laprxy.dll
+ 2009-10-28 23:43 . 2009-10-28 23:43 3638 c:\windows\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\NewShortcut38_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-10-14 01:59 . 2009-10-14 01:59 6318 c:\windows\Installer\{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}\ICO_ARPProductIcon.exe
+ 2009-09-18 22:35 . 2009-09-18 22:35 3638 c:\windows\Installer\{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}\NewShortcut38_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-10-24 20:22 . 2009-10-24 20:22 3638 c:\windows\Installer\{4D612FB2-1AE7-4E46-9377-35BB2F06A787}\NewShortcut38_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-12-15 02:23 . 2009-03-08 10:35 2048 c:\windows\ie8updates\KB975364-IE8\iecompat.dll
+ 2010-02-09 20:17 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 485 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware