Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help to get rid of ohtgnoenriga redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 5th, 2010, 6:29 pm

- 2009-08-09 08:07 . 2009-08-09 08:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 4096 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ProjectAggregator\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ProjectAggregator.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-08-09 08:07 . 2009-08-09 08:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-07-15 21:09 . 2009-07-15 21:09 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2010-01-26 01:54 . 2010-01-26 01:54 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 8704 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp80.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 8704 c:\windows\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\microsoft.visualstudio.designer.interfaces.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2010-01-24 04:37 . 2008-04-14 12:00 8192 c:\windows\$NtUninstallwmp11$\asferror.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 6656 c:\windows\$NtUninstallWMFDist11$\laprxy.dll
+ 2010-02-10 09:01 . 2009-07-14 19:52 8192 c:\windows\$NtUninstallKB977914$\tsbyuv.dll
+ 2010-02-09 20:17 . 2009-11-27 16:28 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2006-12-02 03:54 . 2006-12-02 03:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 04:54 . 2006-12-02 04:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 04:54 . 2006-12-02 04:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-02 03:54 . 2006-12-02 03:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 04:54 . 2006-12-02 04:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-02 03:54 . 2006-12-02 03:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
- 2005-09-23 12:29 . 2005-09-23 12:29 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
- 2005-09-23 12:29 . 2005-09-23 12:29 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
- 2005-09-23 12:29 . 2005-09-23 12:29 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2009-07-12 07:12 . 2009-07-12 07:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 07:09 . 2009-07-12 07:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 07:08 . 2009-07-12 07:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 121856 c:\windows\system32\xmllite.dll
+ 2008-04-14 12:00 . 2009-01-08 00:21 121856 c:\windows\system32\xmllite.dll
+ 2009-07-15 17:02 . 2009-08-07 01:24 209632 c:\windows\system32\wuweb.dll
+ 2006-09-29 00:56 . 2006-09-29 00:56 316416 c:\windows\system32\WUDFx.dll
+ 2006-09-29 00:56 . 2006-09-29 00:56 165376 c:\windows\system32\WudfPlatform.dll
+ 2006-09-29 00:56 . 2006-09-29 00:56 146432 c:\windows\system32\WudfHost.exe
+ 2009-07-15 17:02 . 2009-08-07 01:24 327896 c:\windows\system32\wucltui.dll
+ 2009-07-15 17:02 . 2009-08-07 01:23 575704 c:\windows\system32\wuapi.dll
+ 2005-01-28 19:44 . 2006-10-19 03:47 356352 c:\windows\system32\wpdsp.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 133632 c:\windows\system32\WPDShServiceObj.dll
+ 2005-01-28 19:44 . 2005-01-28 19:44 331776 c:\windows\system32\wpdmtpdr.dll
+ 2005-01-28 19:44 . 2006-10-19 03:47 154624 c:\windows\system32\wpdmtp.dll
+ 2005-01-28 19:44 . 2006-10-19 03:47 629760 c:\windows\system32\wpd_ci.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 656896 c:\windows\system32\WMVXENCD.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 767488 c:\windows\system32\WMVSENCD.dll
+ 2006-10-18 09:32 . 2006-10-18 09:32 807032 c:\windows\system32\wmv9dmod.dll
+ 2008-04-14 12:00 . 2009-04-02 05:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 204288 c:\windows\system32\wmpsrcwp.dll
+ 2008-04-14 12:00 . 2006-11-03 16:01 100352 c:\windows\system32\wmpshell.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 130048 c:\windows\system32\wmpps.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 613376 c:\windows\system32\wmpmde.dll
+ 2006-10-19 03:47 . 2008-06-25 00:12 295936 c:\windows\system32\wmpeffects.dll
+ 2008-04-14 12:00 . 2009-07-14 05:43 286208 c:\windows\system32\wmpdxm.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 242688 c:\windows\system32\wmpasf.dll
+ 2009-07-14 19:37 . 2008-06-18 11:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 157184 c:\windows\system32\wmidx.dll
+ 2008-04-14 12:00 . 2006-11-03 16:01 272896 c:\windows\system32\wmerror.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 535040 c:\windows\system32\wmdrmsdk.dll
+ 2005-01-28 19:44 . 2006-10-19 03:47 348672 c:\windows\system32\wmdrmnet.dll
+ 2005-01-28 19:44 . 2006-10-19 03:47 429056 c:\windows\system32\wmdrmdev.dll
+ 2008-04-14 12:00 . 2007-10-27 23:40 222720 c:\windows\system32\wmasf.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 757248 c:\windows\system32\wmadmod.dll
+ 2006-10-26 19:45 . 2006-10-26 19:45 293376 c:\windows\system32\WISPTIS.EXE
+ 2008-04-14 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2009-07-14 19:39 . 2009-08-25 09:27 354816 c:\windows\system32\winhttp.dll
+ 2009-03-08 10:34 . 2009-03-08 10:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2008-04-14 12:00 . 2009-03-08 10:34 236544 c:\windows\system32\webcheck.dll
+ 2010-03-05 09:29 . 2010-03-06 07:49 195072 c:\windows\system32\wbem\Down(0).exe
+ 2007-03-26 07:00 . 2009-12-01 19:14 100848 c:\windows\system32\vxblock.dll
+ 2009-07-14 19:37 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
+ 2010-02-28 05:08 . 1999-03-26 06:00 101888 c:\windows\system32\Vb6stkit.dll
+ 2008-04-14 12:00 . 2009-03-08 10:34 105984 c:\windows\system32\url.dll
+ 2006-10-16 10:44 . 2006-10-16 10:44 196608 c:\windows\system32\TVUAx\ssleay32.dll
+ 2006-10-18 09:32 . 2006-10-18 09:32 348160 c:\windows\system32\TVUAx\msvcr71.dll
+ 2006-10-18 09:32 . 2006-10-18 09:32 499712 c:\windows\system32\TVUAx\msvcp71.dll
+ 2007-05-17 05:58 . 2007-05-17 05:58 143360 c:\windows\system32\TVUAx\libexpatw.dll
+ 2008-03-04 10:52 . 2008-03-04 10:52 286720 c:\windows\system32\TVUAx\libcurl.dll
- 2009-07-14 19:41 . 2009-07-14 19:41 119808 c:\windows\system32\t2embed.dll
+ 2009-07-14 19:41 . 2009-10-15 16:39 119808 c:\windows\system32\t2embed.dll
+ 2009-07-14 19:37 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
- 2009-07-14 19:37 . 2009-07-14 19:37 247326 c:\windows\system32\strmdll.dll
+ 2008-06-11 00:04 . 2008-06-11 00:04 200704 c:\windows\system32\ssldivx.dll
+ 2010-01-26 00:54 . 2008-11-10 17:41 864144 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2010-01-26 00:54 . 2008-11-10 17:41 864144 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2008-04-14 12:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 474112 c:\windows\system32\shlwapi.dll
+ 2010-06-27 18:17 . 2006-03-16 22:06 118784 c:\windows\system32\ReinstallBackups\0016\DriverFiles\UCI32105.dll
+ 2010-06-27 18:17 . 2008-04-14 03:49 146048 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\portcls.sys
+ 2010-06-27 18:17 . 2008-04-14 03:46 141056 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\ks.sys
+ 2010-06-27 18:17 . 2006-06-09 15:58 659456 c:\windows\system32\ReinstallBackups\0016\DriverFiles\HXFSetup.exe
+ 2010-06-27 18:17 . 2006-07-27 19:44 581632 c:\windows\system32\ReinstallBackups\0016\DriverFiles\CHDAud.sys
+ 2008-04-14 12:00 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 211456 c:\windows\system32\qasf.dll
+ 2007-04-04 23:08 . 2009-12-01 19:14 440816 c:\windows\system32\PxWave.dll
+ 2007-04-04 23:08 . 2009-12-01 19:14 219632 c:\windows\system32\PxMas.dll
+ 2007-05-01 22:48 . 2009-12-01 19:14 125424 c:\windows\system32\pxinsi64.exe
+ 2009-06-18 07:02 . 2009-06-18 07:02 559600 c:\windows\system32\pxdrv.dll
+ 2007-05-01 22:48 . 2007-05-01 22:48 120056 c:\windows\system32\pxcpyi64.exe
- 2009-08-06 07:27 . 2009-05-13 21:56 120056 c:\windows\system32\pxcpyi64.exe
+ 2009-08-06 07:27 . 2009-12-01 19:14 133616 c:\windows\system32\pxafs.dll
+ 2007-04-04 23:08 . 2009-12-01 19:14 678384 c:\windows\system32\Px.dll
+ 2010-05-01 15:07 . 2008-04-14 09:42 159232 c:\windows\system32\ptpusd.dll
+ 2010-03-31 06:10 . 2010-03-31 06:10 295264 c:\windows\system32\PresentationHost.exe
+ 2006-10-19 03:47 . 2006-10-19 03:47 199168 c:\windows\system32\PortableDeviceWMDRM.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 132096 c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 166912 c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 101888 c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 284160 c:\windows\system32\PortableDeviceApi.dll
+ 2008-04-14 12:00 . 2010-07-01 15:47 435828 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2010-05-06 10:36 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 270336 c:\windows\system32\oakley.dll
+ 2009-12-14 16:53 . 2008-04-14 12:00 124928 c:\windows\system32\nt.exe
+ 2009-10-13 20:45 . 2009-04-06 13:24 225280 c:\windows\system32\net_rim_plazmic_flint_dialog.dll
+ 2008-12-06 12:14 . 2009-08-07 01:23 215920 c:\windows\system32\muweb.dll
+ 2009-07-15 22:17 . 2009-08-07 01:23 274288 c:\windows\system32\mucltui.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 321536 c:\windows\system32\mswmdm.dll
- 2003-02-21 09:42 . 2006-08-11 01:00 348160 c:\windows\system32\msvcr71.dll
+ 2006-07-12 00:35 . 2006-07-12 00:35 348160 c:\windows\system32\msvcr71.dll
+ 2006-07-12 00:35 . 2006-07-12 00:35 503808 c:\windows\system32\msvcp71.dll
- 2008-04-14 12:00 . 2009-06-25 08:41 136704 c:\windows\system32\msv1_0.dll
+ 2008-04-14 12:00 . 2009-09-11 14:13 136704 c:\windows\system32\msv1_0.dll
+ 2008-04-14 12:00 . 2010-05-06 10:36 611840 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2006-12-04 22:21 414720 c:\windows\system32\msscp.dll
+ 2008-04-14 12:00 . 2009-03-08 10:34 193536 c:\windows\system32\msrating.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 175616 c:\windows\system32\mspmsp.dll
+ 2009-07-15 16:59 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
- 2009-07-15 16:59 . 2008-04-14 12:00 343040 c:\windows\system32\mspaint.exe
+ 2008-04-14 12:00 . 2006-10-19 03:47 179712 c:\windows\system32\msnetobj.dll
+ 2008-04-14 12:00 . 2009-03-08 10:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 10:32 . 2010-05-06 10:36 599040 c:\windows\system32\msfeeds.dll
+ 2009-01-08 00:20 . 2009-01-08 00:20 265720 c:\windows\system32\msdbg2.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 297808 c:\windows\system32\mscoree.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 259072 c:\windows\system32\MPG4DECD.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 259072 c:\windows\system32\MP43DECD.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 212992 c:\windows\system32\MFPLAT.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2009-07-14 19:35 . 2008-06-18 07:09 100864 c:\windows\system32\logagent.exe
+ 2009-11-15 18:29 . 2009-07-20 18:26 117264 c:\windows\system32\KemWnd.dll
+ 2009-11-15 18:29 . 2009-07-20 18:26 145936 c:\windows\system32\KemUtil.dll
+ 2009-11-15 18:29 . 2009-07-20 18:26 170512 c:\windows\system32\kemutb.dll
+ 2009-07-14 19:35 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2006-10-26 19:45 . 2006-10-26 19:45 207360 c:\windows\system32\INKED.DLL
- 2009-07-15 17:01 . 2009-07-14 19:35 691712 c:\windows\system32\inetcomm.dll
+ 2009-07-15 17:01 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
+ 2009-03-08 10:22 . 2009-03-08 10:22 164352 c:\windows\system32\ieui.dll
+ 2008-04-14 12:00 . 2010-05-06 10:36 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2010-05-06 10:36 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 10:11 . 2009-03-08 10:11 445952 c:\windows\system32\ieapfltr.dll
+ 2008-04-14 12:00 . 2009-03-08 10:32 163840 c:\windows\system32\ieakui.dll
+ 2008-04-14 12:00 . 2009-03-08 10:33 229376 c:\windows\system32\ieaksie.dll
+ 2008-04-14 12:00 . 2009-03-08 10:33 125952 c:\windows\system32\ieakeng.dll
+ 2008-04-14 12:00 . 2010-05-05 13:55 173056 c:\windows\system32\ie4uinit.exe
+ 2009-07-15 11:47 . 2010-06-10 09:37 321928 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 12:00 . 2009-03-08 10:31 216064 c:\windows\system32\dxtrans.dll
+ 2008-04-14 12:00 . 2009-03-08 10:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-06-11 00:03 . 2008-06-11 00:03 196608 c:\windows\system32\dtu100.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 991744 c:\windows\system32\drmv2clt.dll
+ 2006-10-19 02:00 . 2006-10-19 02:00 249856 c:\windows\system32\drmupgds.exe
+ 2008-04-14 12:00 . 2005-01-28 19:44 258296 c:\windows\system32\drmclien.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
+ 2009-07-14 19:37 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2009-07-14 19:37 . 2009-12-31 16:50 353792 c:\windows\system32\drivers\srv.sys
+ 2009-07-15 19:27 . 2008-04-14 04:49 146048 c:\windows\system32\drivers\portcls.sys
- 2009-07-15 19:27 . 2008-04-14 03:49 146048 c:\windows\system32\drivers\portcls.sys
+ 2009-07-14 19:35 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
- 2008-04-13 22:46 . 2008-04-14 03:46 141056 c:\windows\system32\drivers\ks.sys
+ 2008-04-13 22:46 . 2008-04-14 04:46 141056 c:\windows\system32\drivers\ks.sys
+ 2009-12-14 00:26 . 2009-02-18 20:41 186128 c:\windows\system32\drivers\klif.sys
+ 2008-04-14 12:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
+ 2006-07-27 19:44 . 2006-06-02 21:02 572928 c:\windows\system32\drivers\CHDAud.sys
+ 2009-07-15 18:55 . 2010-03-11 23:41 216200 c:\windows\system32\drivers\avgldx86.sys
+ 2008-06-11 00:03 . 2008-06-11 00:03 344064 c:\windows\system32\dpus11.dll
+ 2008-06-11 00:03 . 2008-06-11 00:03 593920 c:\windows\system32\dpuGUI11.dll
+ 2008-06-11 00:03 . 2008-06-11 00:03 294912 c:\windows\system32\dpu11.dll
+ 2008-06-11 00:03 . 2008-06-11 00:03 294912 c:\windows\system32\dpu10.dll
+ 2009-07-15 17:02 . 2009-08-07 01:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-07-15 17:02 . 2009-08-07 01:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-07-15 17:02 . 2009-08-07 01:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2008-04-14 12:00 . 2009-04-02 05:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2008-04-14 12:00 . 2006-11-03 16:01 100352 c:\windows\system32\dllcache\wmpshell.dll
+ 2008-04-14 12:00 . 2009-07-14 05:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 242688 c:\windows\system32\dllcache\wmpasf.dll
+ 2009-07-14 19:37 . 2008-06-18 11:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 157184 c:\windows\system32\dllcache\wmidx.dll
+ 2008-04-14 12:00 . 2006-11-03 16:01 272896 c:\windows\system32\dllcache\wmerror.dll
+ 2008-04-14 12:00 . 2007-10-27 23:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 757248 c:\windows\system32\dllcache\WMADMOD.dll
+ 2008-04-14 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2009-07-14 19:40 . 2010-05-06 10:36 919040 c:\windows\system32\dllcache\wininet.dll
+ 2009-07-14 19:39 . 2009-08-25 09:27 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-04-14 12:00 . 2009-03-08 10:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2009-07-15 17:02 . 2009-03-08 10:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2009-07-14 19:37 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 12:00 . 2009-12-23 23:25 218624 c:\windows\system32\dllcache\uxtheme.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 218624 c:\windows\system32\dllcache\uxtheme.dll
+ 2008-04-14 12:00 . 2009-03-08 10:34 105984 c:\windows\system32\dllcache\url.dll
+ 2008-04-14 12:00 . 2007-06-27 04:10 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2009-07-15 17:01 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
- 2009-07-15 17:01 . 2008-04-14 12:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-07-14 19:37 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2009-07-14 19:41 . 2009-10-15 16:39 119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-07-14 19:41 . 2009-07-14 19:41 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-07-14 19:37 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
- 2009-07-14 19:37 . 2009-07-14 19:37 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2009-07-14 19:37 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2009-01-08 00:20 . 2009-01-08 00:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2008-04-14 12:00 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 12:00 . 2009-06-19 04:11 106859 c:\windows\system32\dllcache\sethc.exe
+ 2008-04-14 12:00 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 211456 c:\windows\system32\dllcache\qasf.dll
- 2009-07-15 19:27 . 2008-04-14 03:49 146048 c:\windows\system32\dllcache\portcls.sys
+ 2009-07-15 19:27 . 2008-04-14 04:49 146048 c:\windows\system32\dllcache\portcls.sys
+ 2008-04-14 12:00 . 2010-05-06 10:36 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 270336 c:\windows\system32\dllcache\oakley.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 321536 c:\windows\system32\dllcache\mswmdm.dll
- 2008-04-14 12:00 . 2009-06-25 08:41 136704 c:\windows\system32\dllcache\msv1_0.dll
+ 2008-04-14 12:00 . 2009-09-11 14:13 136704 c:\windows\system32\dllcache\msv1_0.dll
+ 2008-04-14 12:00 . 2010-05-06 10:36 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 12:00 . 2006-12-04 22:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2008-04-14 12:00 . 2009-03-08 10:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 175616 c:\windows\system32\dllcache\mspmsp.dll
- 2009-07-15 16:59 . 2008-04-14 12:00 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2009-07-15 16:59 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2008-04-14 12:00 . 2006-10-19 03:47 179712 c:\windows\system32\dllcache\msnetobj.dll
+ 2009-09-28 02:12 . 2010-05-06 10:36 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-02-09 20:17 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-07-15 17:02 . 2006-11-03 15:59 244224 c:\windows\system32\dllcache\mpvis.dll
+ 2009-07-14 19:35 . 2008-06-18 07:09 100864 c:\windows\system32\dllcache\logagent.exe
- 2008-04-13 22:46 . 2008-04-14 03:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2008-04-13 22:46 . 2008-04-14 04:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2009-07-14 19:35 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-07-15 17:01 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2009-07-15 17:01 . 2009-07-14 19:35 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-07-15 17:01 . 2009-03-08 20:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2009-09-28 02:12 . 2010-05-06 10:36 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-14 12:00 . 2010-05-06 10:36 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2010-05-06 10:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2009-03-08 10:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2008-04-14 12:00 . 2009-03-08 10:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2008-04-14 12:00 . 2009-03-08 10:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2008-04-14 12:00 . 2010-05-05 13:55 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-07-15 17:01 . 2008-04-14 12:00 221184 c:\windows\system32\dllcache\icwhelp.dll
+ 2009-12-08 21:55 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2008-04-14 12:00 . 2009-03-08 10:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2008-04-14 12:00 . 2009-03-08 10:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2008-04-14 12:00 . 2005-01-28 19:44 258296 c:\windows\system32\dllcache\drmclien.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2008-04-14 12:00 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2008-04-14 12:00 . 2009-03-08 10:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2008-04-14 12:00 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2008-04-14 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 843776 c:\windows\system32\divx_xx16.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 839680 c:\windows\system32\divx_xx11.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx0c.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 847872 c:\windows\system32\divx_xx0a.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx07.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 720384 c:\windows\system32\DivX.dll
+ 2009-12-15 03:01 . 2004-02-22 16:11 719872 c:\windows\system32\devil.dll
+ 2009-12-14 16:53 . 2009-07-14 19:35 135168 c:\windows\system32\csc.exe
+ 2008-04-14 12:00 . 2006-10-19 03:47 229376 c:\windows\system32\cewmdm.dll
+ 2007-09-04 18:04 . 2007-09-04 18:04 113136 c:\windows\system32\cdrtc.dll
+ 2007-09-04 18:04 . 2007-09-04 18:04 100848 c:\windows\system32\cdral.dll
+ 2009-06-30 03:37 . 2009-06-30 03:37 507904 c:\windows\system32\btwapi.dll
+ 2009-11-15 18:29 . 2009-07-20 18:25 301656 c:\windows\system32\BtCoreIf.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 542720 c:\windows\system32\blackbox.dll
+ 2009-12-15 03:01 . 2007-05-17 23:30 318976 c:\windows\system32\avisynth.dll
+ 2010-05-24 20:36 . 2007-04-12 20:19 129024 c:\windows\system32\AVERM.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 276992 c:\windows\system32\audiodev.dll
+ 2010-01-23 06:02 . 2008-02-29 20:18 655360 c:\windows\system32\app2srv.exe
+ 2008-04-14 12:00 . 2009-03-08 10:32 128512 c:\windows\system32\advpack.dll
+ 2008-04-14 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2010-02-03 23:40 . 2010-02-03 23:40 473600 c:\windows\Replay Video Capture\uninstall.exe
+ 2010-02-03 23:51 . 2010-02-03 23:51 473600 c:\windows\Replay Media Catcher\uninstall.exe
+ 2009-10-28 23:38 . 2005-01-28 19:44 142336 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 502272 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 258296 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 294912 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 259072 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\msnetobj.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 695808 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 299520 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 286720 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 940544 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 150016 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 290816 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 335872 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 224768 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 716288 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 221184 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 897024 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmspdmoe.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 151552 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmidx.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 230912 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmasf.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 670720 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmadmoe.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 237568 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll
+ 2009-09-18 22:29 . 2009-07-14 19:35 103936 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
+ 2009-10-28 23:38 . 2005-01-28 19:44 895736 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 413944 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 774904 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 396528 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 809984 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 485376 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 759296 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 408064 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 331264 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 331776 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 114176 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 315904 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 364784 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 173568 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 164864 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2009-09-18 22:30 . 2008-04-14 12:00 245760 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSWMDM.dll
+ 2009-09-18 22:30 . 2008-04-14 12:00 356352 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSSCP.dll
+ 2009-09-18 22:30 . 2008-04-14 12:00 201728 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSP.dll
+ 2009-09-18 22:30 . 2008-04-14 12:00 159232 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll
+ 2010-03-31 06:16 . 2010-03-31 06:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 11:31 . 2010-03-23 11:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 18:22 . 2010-02-09 18:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2009-08-08 05:51 . 2009-08-08 05:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2006-10-26 19:45 . 2006-10-26 19:45 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Conversion.dll
+ 2009-10-14 01:05 . 2009-10-14 01:05 824832 c:\windows\Installer\ec9244.msi
+ 2009-11-06 03:09 . 2009-11-06 03:09 424448 c:\windows\Installer\c4a3a7c.msi
+ 2009-05-28 00:07 . 2009-05-28 00:07 585728 c:\windows\Installer\BBMediaSyncUninstall.exe
+ 2010-03-20 16:51 . 2010-03-20 16:51 169472 c:\windows\Installer\8fcd026.msi
+ 2009-10-13 23:20 . 2009-10-13 23:20 941568 c:\windows\Installer\8becdf.msi
+ 2009-11-15 18:31 . 2009-11-15 18:31 193536 c:\windows\Installer\4a9231.msi
+ 2009-11-15 18:31 . 2009-11-15 18:31 331264 c:\windows\Installer\4a922b.msi
+ 2010-01-26 00:45 . 2010-01-26 00:45 501248 c:\windows\Installer\461ea71.msi
+ 2010-01-26 00:45 . 2010-01-26 00:45 501248 c:\windows\Installer\461ea59.msi
+ 2010-01-26 00:44 . 2010-01-26 00:44 506880 c:\windows\Installer\461ea53.msi
+ 2010-01-26 00:44 . 2010-01-26 00:44 516608 c:\windows\Installer\461ea4b.msi
+ 2010-01-26 00:44 . 2010-01-26 00:44 513024 c:\windows\Installer\461ea44.msi
+ 2010-01-26 00:44 . 2010-01-26 00:44 501248 c:\windows\Installer\461ea38.msi
+ 2010-01-26 00:43 . 2010-01-26 00:43 501248 c:\windows\Installer\461ea0f.msi
+ 2009-05-27 00:53 . 2009-05-27 00:53 579072 c:\windows\Installer\42eb685.msp
+ 2010-02-25 06:14 . 2010-02-25 06:14 543232 c:\windows\Installer\41f141b.msp
+ 2009-11-15 18:14 . 2009-11-15 18:14 165888 c:\windows\Installer\3d49fa.msi
+ 2009-11-25 09:00 . 2009-11-25 09:00 429568 c:\windows\Installer\26023ee.msi
+ 2009-11-09 23:52 . 2009-11-09 23:52 735744 c:\windows\Installer\18a138.msi
+ 2009-11-09 23:51 . 2009-11-09 23:51 430080 c:\windows\Installer\18a105.msi
+ 2009-11-09 23:50 . 2009-11-09 23:50 155648 c:\windows\Installer\18a0e6.msi
+ 2010-01-26 06:21 . 2010-01-26 06:21 470528 c:\windows\Installer\11c4840.msi
+ 2007-10-15 05:44 . 2007-10-15 05:44 324608 c:\windows\Installer\11c47d7.msp
+ 2007-10-15 05:46 . 2007-10-15 05:46 324608 c:\windows\Installer\11c47d0.msp
+ 2009-10-14 01:59 . 2009-10-14 01:59 974848 c:\windows\Installer\10fb240.msi
+ 2009-08-14 19:06 . 2009-11-02 04:43 102400 c:\windows\Installer\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}\iTunesIco.exe
- 2009-08-14 19:06 . 2009-08-14 19:06 102400 c:\windows\Installer\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}\iTunesIco.exe
+ 2010-01-27 09:12 . 2010-01-27 09:12 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2010-01-26 00:54 . 2010-06-10 09:20 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-26 00:54 . 2010-06-10 09:20 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-01-26 00:54 . 2010-06-10 09:20 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-26 00:54 . 2010-06-10 09:20 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-01-26 00:54 . 2010-06-10 09:20 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-26 00:54 . 2010-06-10 09:20 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-01-26 00:54 . 2010-06-10 09:20 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-06-08 01:51 . 2007-06-08 01:51 125320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SSGEN.DLL
+ 2009-03-06 10:26 . 2009-03-06 10:26 770464 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\REGFORM.EXE
+ 2009-03-06 09:41 . 2009-03-06 09:41 589704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PUBCONV.DLL
+ 2009-01-08 16:59 . 2009-01-08 16:59 624520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PTXT9.DLL
+ 2008-10-25 12:21 . 2008-10-25 12:21 136072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PRTF9.DLL
+ 2010-01-27 09:21 . 2010-01-27 09:21 350064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTPIA.DLL
+ 2009-04-04 00:04 . 2009-04-04 00:04 521064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\POWERPNT.EXE
+ 2007-06-08 01:51 . 2007-06-08 01:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLFLTR.DLL
+ 2008-10-25 13:52 . 2008-10-25 13:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 13:52 . 2008-10-25 13:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
+ 2000-05-24 03:45 . 2000-05-24 03:45 118784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSSTDFMT.DLL
+ 2008-11-04 06:04 . 2008-11-04 06:04 498072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MORPH9.DLL
+ 2008-10-25 15:27 . 2008-10-25 15:27 177040 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPOLK.DLL
+ 2006-10-26 20:05 . 2006-10-26 20:05 530760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2006-10-27 02:49 . 2006-10-27 02:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2010-01-26 00:49 . 2010-01-26 00:49 781104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 21:23 . 2006-10-27 21:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-26 20:05 . 2006-10-26 20:05 126784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-07-28 21:21 . 2006-07-28 21:21 277320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 03:18 . 2006-10-27 03:18 502608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-10-27 02:06 . 2006-10-27 02:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 02:13 . 2006-10-27 02:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 02:55 . 2006-10-27 02:55 272744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 263520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-27 21:16 . 2006-10-27 21:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-27 03:42 . 2006-10-27 03:42 744808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-27 02:09 . 2006-10-27 02:09 590144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 21:04 . 2006-10-27 21:04 624456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 413472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 02:09 . 2006-10-27 02:09 136008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2010-01-26 00:49 . 2010-01-26 00:49 248632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-27 03:07 . 2006-10-27 03:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 21:04 . 2006-10-27 21:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 03:30 . 2006-10-27 03:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 21:16 . 2006-10-27 21:16 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 21:16 . 2006-10-27 21:16 594256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-07-27 00:53 . 2006-07-27 00:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 21:16 . 2006-10-27 21:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
+ 2006-10-26 19:58 . 2006-10-26 19:58 540008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORGCHART.EXE
+ 2006-10-27 02:23 . 2006-10-27 02:23 782720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-27 21:39 . 2006-10-27 21:39 687432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 02:32 . 2006-10-27 02:32 604000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 02:34 . 2006-10-27 02:34 192848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-27 02:34 . 2006-10-27 02:34 660792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
+ 2006-10-27 02:00 . 2006-10-27 02:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 02:00 . 2006-10-27 02:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 02:00 . 2006-10-27 02:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-20 14:37 . 2006-10-20 14:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2010-01-26 00:49 . 2010-01-26 00:49 416544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICE.DLL
+ 2006-10-27 02:06 . 2006-10-27 02:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-27 01:55 . 2006-10-27 01:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-27 01:55 . 2006-10-27 01:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 19:56 . 2006-10-26 19:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-27 01:50 . 2006-10-27 01:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 20:47 . 2006-10-26 20:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 19:56 . 2006-10-26 19:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 01:56 . 2006-10-27 01:56 864080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPDRV.DLL
+ 2006-10-27 02:12 . 2006-10-27 02:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 20:59 . 2006-10-27 20:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 19:58 . 2006-10-26 19:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-26 19:58 . 2006-10-26 19:58 290576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCDM.DLL
+ 2006-10-27 21:04 . 2006-10-27 21:04 497504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 01:52 . 2006-10-27 01:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODHELP.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 340248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-27 01:58 . 2006-10-27 01:58 525664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIVWCTL.DLL
+ 2006-10-27 01:58 . 2006-10-27 01:58 274776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIINK.DLL
+ 2010-01-26 00:50 . 2010-01-26 00:50 118112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2010-01-26 00:50 . 2010-01-26 00:50 609104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2006-10-27 03:42 . 2006-10-27 03:42 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 02:00 . 2006-10-27 02:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2006-10-27 02:12 . 2006-10-27 02:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 631080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL
+ 2006-10-27 06:48 . 2006-10-27 06:48 572216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 268080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL
+ 2006-10-27 06:48 . 2006-10-27 06:48 955680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 06:48 . 2006-10-27 06:48 222512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-27 06:48 . 2006-10-27 06:48 363304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL
+ 2006-10-27 06:48 . 2006-10-27 06:48 224048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL
+ 2006-10-27 06:48 . 2006-10-27 06:48 317736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
+ 2006-10-27 06:48 . 2006-10-27 06:48 197920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 284976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL
+ 2006-10-27 06:48 . 2006-10-27 06:48 377136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 768304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 117584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 300336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 284448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 338216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2010-01-26 00:49 . 2010-01-26 00:49 150320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL
+ 2006-10-27 21:09 . 2006-10-27 21:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2006-10-27 01:48 . 2006-10-27 01:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 01:48 . 2006-10-27 01:48 439568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-27 02:12 . 2006-10-27 02:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2006-10-27 06:48 . 2006-10-27 06:48 234784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-27 02:12 . 2006-10-27 02:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 21:16 . 2006-10-27 21:16 133936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-27 01:59 . 2006-10-27 01:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 21:41 . 2006-10-27 21:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 21:40 . 2006-10-27 21:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 21:00 . 2006-10-27 21:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 21:00 . 2006-10-27 21:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 21:00 . 2006-10-27 21:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 03:18 . 2006-10-27 03:18 162616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 21:00 . 2006-10-27 21:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-27 01:49 . 2006-10-27 01:49 970528 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2008-04-14 12:00 . 2007-06-27 04:10 317440 c:\windows\inf\unregmp2.exe
+ 2010-06-10 09:16 . 2010-02-25 06:19 919040 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-10 09:16 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-10 09:16 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-10 09:16 . 2010-02-25 06:19 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-10 09:16 . 2010-02-25 06:19 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-10 09:16 . 2010-02-25 06:19 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-10 09:16 . 2010-02-25 06:19 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-10 09:16 . 2010-02-25 06:19 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-10 09:16 . 2009-03-08 10:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-10 09:16 . 2010-02-25 06:19 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-10 09:16 . 2010-02-24 09:34 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-04-15 09:01 . 2009-03-08 10:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-04-15 09:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-04-15 09:01 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-03-31 03:18 . 2009-12-21 19:09 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-03-31 03:18 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-03-31 03:18 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-03-31 03:18 . 2009-12-21 19:09 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-03-31 03:18 . 2009-03-08 10:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-03-31 03:18 . 2009-12-21 19:09 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-03-31 03:18 . 2009-12-21 19:09 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-03-31 03:18 . 2009-12-21 19:09 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-03-31 03:18 . 2009-12-21 19:09 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-03-31 03:18 . 2009-12-21 13:22 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-01-22 09:01 . 2009-10-29 07:45 916480 c:\windows\ie8updates\KB978207-IE8\wininet.dll
+ 2010-01-22 09:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-01-22 09:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-01-22 09:01 . 2009-10-29 07:45 206848 c:\windows\ie8updates\KB978207-IE8\occache.dll
+ 2010-01-22 09:01 . 2009-10-29 07:45 594432 c:\windows\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-01-22 09:01 . 2009-10-29 07:45 246272 c:\windows\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-01-22 09:01 . 2009-10-29 07:45 184320 c:\windows\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-01-22 09:01 . 2009-10-29 07:45 387584 c:\windows\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-01-22 09:01 . 2009-10-28 14:10 173056 c:\windows\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2010-02-24 09:01 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-24 09:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-24 09:01 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2009-12-15 02:23 . 2009-06-26 16:42 668160 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2009-12-15 02:23 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2009-12-15 02:23 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2009-12-15 02:23 . 2009-10-29 07:45 206848 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2009-12-15 02:23 . 2009-03-08 10:32 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2009-12-15 02:23 . 2009-03-08 10:33 246784 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2009-12-15 02:23 . 2008-04-14 12:00 251904 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2009-12-15 02:23 . 2009-10-29 07:45 387584 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2009-12-15 02:23 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB975364-IE8\spuninst\updspapi.dll
+ 2009-12-15 02:23 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB975364-IE8\spuninst\spuninst.exe
+ 2009-12-15 02:22 . 2009-06-26 16:42 668160 c:\windows\ie8\wininet.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 851968 c:\windows\ie8\vgx.dll
+ 2009-12-15 02:22 . 2009-07-14 19:37 430080 c:\windows\ie8\vbscript.dll
+ 2009-12-15 02:22 . 2009-01-08 00:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-12-15 02:22 . 2009-01-08 00:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-09-28 02:13 . 2009-01-08 00:21 382496 c:\windows\ie8\spuninst\_000005_.tmp.dll
+ 2009-09-28 02:13 . 2009-01-08 00:20 231456 c:\windows\ie8\spuninst\_000001_.tmp.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 146432 c:\windows\ie8\msrating.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 146432 c:\windows\ie8\msls31.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 251904 c:\windows\ie8\iepeers.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 221184 c:\windows\ie8\ieakui.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 216576 c:\windows\ie8\ieaksie.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 143360 c:\windows\ie8\ieakeng.dll
+ 2009-12-15 02:22 . 2008-04-14 12:00 205312 c:\windows\ie8\dxtrans.dll
+ 2010-02-09 20:17 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-12-08 21:55 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2008-10-24 15:14 . 2008-10-24 15:14 488736 c:\windows\Downloaded Program Files\isusweb.dll
+ 2006-06-30 18:00 . 2006-06-30 18:00 201648 c:\windows\Downloaded Program Files\dwusplay.exe
+ 2010-01-29 16:33 . 2009-09-20 14:40 393216 c:\windows\Debug\UserMode\gamecc\CCProxy.exe
+ 2010-06-10 09:19 . 2010-06-10 09:19 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-24 09:06 . 2010-06-24 09:06 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2009-11-13 09:18 . 2009-11-13 09:18 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2010-06-24 09:04 . 2010-06-24 09:04 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-06-10 09:16 . 2010-06-10 09:16 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll
+ 2010-06-10 09:24 . 2010-06-10 09:24 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-06-10 09:23 . 2010-06-10 09:23 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-06-10 09:23 . 2010-06-10 09:23 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-10 09:23 . 2010-06-10 09:23 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-10 09:23 . 2010-06-10 09:23 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-06-10 09:23 . 2010-06-10 09:23 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-06-10 09:23 . 2010-06-10 09:23 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-10 09:23 . 2010-06-10 09:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-06-10 09:17 . 2010-06-10 09:17 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-10 09:19 . 2010-06-10 09:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-10 09:15 . 2010-06-10 09:15 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-06-10 09:19 . 2010-06-10 09:19 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-10 09:19 . 2010-06-10 09:19 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-10 09:19 . 2010-06-10 09:19 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-24 09:06 . 2010-06-24 09:06 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-06-24 09:06 . 2010-06-24 09:06 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-06-24 09:06 . 2010-06-24 09:06 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-06-24 09:06 . 2010-06-24 09:06 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-06-10 09:19 . 2010-06-10 09:19 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-10 09:19 . 2010-06-10 09:19 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-11-13 09:21 . 2009-11-13 09:21 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2010-06-10 09:19 . 2010-06-10 09:19 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-10 09:19 . 2010-06-10 09:19 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-10 09:11 . 2010-06-10 09:11 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-10 09:11 . 2010-06-10 09:11 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-10 09:11 . 2010-06-10 09:11 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-08-09 08:04 . 2009-08-09 08:04 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 294912 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio\2.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 360448 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Windows.Forms\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Windows.Forms.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 330520 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 105248 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 211736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 376832 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 249856 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Design.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 806912 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Publish\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Publish.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 344064 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Package.LanguageService\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 434176 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 106496 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Configuration\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Configuration.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 733184 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.commonide.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-01-27 09:21 . 2010-01-27 09:21 609160 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 367400 c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
+ 2010-01-27 09:04 . 2010-01-27 09:04 117144 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2010-01-27 09:20 . 2010-01-27 09:20 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2010-01-26 01:54 . 2010-01-26 01:54 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
- 2009-07-15 21:09 . 2009-07-15 21:09 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2010-01-26 00:51 . 2010-01-26 00:51 114688 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextManager.Interop.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 249856 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 167936 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.shell.interop.8.0.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 118784 c:\windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 176128 c:\windows\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.Interop.dll
+ 2010-01-26 00:49 . 2010-01-26 00:49 371496 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2010-01-27 09:20 . 2010-01-27 09:20 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2010-01-26 00:49 . 2010-01-26 00:49 232248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2010-01-27 09:24 . 2010-01-27 09:24 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2010-01-26 00:49 . 2010-01-26 00:49 920376 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2010-01-26 00:49 . 2010-01-26 00:49 146232 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 404296 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
+ 2010-01-27 09:20 . 2010-01-27 09:20 149352 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 135168 c:\windows\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\envdte80.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 245760 c:\windows\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\envdte.dll
+ 2010-01-26 01:54 . 2010-01-26 01:54 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
- 2009-07-15 21:09 . 2009-07-15 21:09 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-04-14 12:00 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm
Advertisement
Register to Remove

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 5th, 2010, 6:30 pm

+ 2010-01-24 04:36 . 2006-09-16 07:05 379184 c:\windows\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2010-01-24 04:36 . 2006-09-16 07:05 221488 c:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2010-01-24 04:37 . 2008-04-14 12:00 102400 c:\windows\$NtUninstallwmp11$\wmpshell.dll
+ 2010-01-24 04:37 . 2009-07-12 17:21 233472 c:\windows\$NtUninstallwmp11$\wmpdxm.dll
+ 2010-01-24 04:37 . 2008-04-14 12:00 114688 c:\windows\$NtUninstallwmp11$\wmpasf.dll
+ 2010-01-24 04:37 . 2008-04-14 12:00 168448 c:\windows\$NtUninstallwmp11$\wmerror.dll
+ 2010-01-24 04:37 . 2008-04-14 12:00 208896 c:\windows\$NtUninstallwmp11$\unregmp2.exe
+ 2010-01-24 04:37 . 2006-05-17 00:11 389856 c:\windows\$NtUninstallwmp11$\spuninst\updspapi.dll
+ 2010-01-24 04:37 . 2006-05-17 00:11 213216 c:\windows\$NtUninstallwmp11$\spuninst\spuninst.exe
+ 2010-01-24 04:37 . 2008-04-14 12:00 774144 c:\windows\$NtUninstallwmp11$\setup_wm.exe
+ 2010-01-24 04:37 . 2008-04-14 12:00 368640 c:\windows\$NtUninstallwmp11$\mpvis.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 331264 c:\windows\$NtUninstallWMFDist11$\wpdsp.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 114176 c:\windows\$NtUninstallWMFDist11$\wpdmtp.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 895736 c:\windows\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 940544 c:\windows\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2010-01-24 04:36 . 2009-04-10 07:01 413032 c:\windows\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 819200 c:\windows\$NtUninstallWMFDist11$\wmsetsdk.exe
+ 2010-01-24 04:36 . 2005-01-28 19:44 774904 c:\windows\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 150016 c:\windows\$NtUninstallWMFDist11$\wmidx.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 290816 c:\windows\$NtUninstallWMFDist11$\wmdrmnet.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 335872 c:\windows\$NtUninstallWMFDist11$\wmdrmdev.dll
+ 2010-01-24 04:36 . 2007-10-27 23:40 227328 c:\windows\$NtUninstallWMFDist11$\wmasf.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 716288 c:\windows\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 396528 c:\windows\$NtUninstallWMFDist11$\wmadmod.dll
+ 2010-01-24 04:36 . 2006-05-17 00:11 371424 c:\windows\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2010-01-24 04:36 . 2006-05-17 00:11 213216 c:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2010-01-24 04:36 . 2005-01-28 19:44 221184 c:\windows\$NtUninstallWMFDist11$\qasf.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 315904 c:\windows\$NtUninstallWMFDist11$\mswmdm.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 364784 c:\windows\$NtUninstallWMFDist11$\msscp.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 173568 c:\windows\$NtUninstallWMFDist11$\mspmsp.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 142336 c:\windows\$NtUninstallWMFDist11$\msnetobj.dll
+ 2010-01-24 04:36 . 2008-04-14 12:00 240640 c:\windows\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2010-01-24 04:36 . 2008-04-14 12:00 384512 c:\windows\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2010-01-24 04:36 . 2008-04-14 12:00 310272 c:\windows\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 502272 c:\windows\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 164864 c:\windows\$NtUninstallWMFDist11$\cewmdm.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 294912 c:\windows\$NtUninstallWMFDist11$\blackbox.dll
+ 2010-05-27 09:00 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-05-27 09:00 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-04-15 09:03 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll
+ 2010-04-15 09:03 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2010-04-15 09:03 . 2009-12-04 18:22 455424 c:\windows\$NtUninstallKB980232$\mrxsmb.sys
+ 2010-04-15 09:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll
+ 2010-04-15 09:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2010-04-14 09:00 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll
+ 2010-04-14 09:00 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2010-02-24 09:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll
+ 2010-02-24 09:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
+ 2010-02-10 09:01 . 2009-05-26 23:10 382840 c:\windows\$NtUninstallKB978706$\spuninst\updspapi.dll
+ 2010-02-10 09:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978706$\spuninst\spuninst.exe
+ 2010-02-10 09:01 . 2008-04-14 12:00 343040 c:\windows\$NtUninstallKB978706$\mspaint.exe
+ 2010-04-14 09:00 . 2008-04-14 12:00 176640 c:\windows\$NtUninstallKB978601$\wintrust.dll
+ 2010-04-14 09:00 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll
+ 2010-04-14 09:00 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2010-05-12 09:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-05-12 09:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-05-12 09:01 . 2009-07-14 19:35 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-04-15 09:02 . 2009-07-14 19:37 225856 c:\windows\$NtUninstallKB978338$\tcpip6.sys
+ 2010-04-15 09:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
+ 2010-04-15 09:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2010-04-15 09:02 . 2008-04-14 12:00 100352 c:\windows\$NtUninstallKB978338$\6to4svc.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978262$\spuninst\updspapi.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978262$\spuninst\spuninst.exe
+ 2010-02-10 09:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978251$\spuninst\updspapi.dll
+ 2010-02-10 09:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978251$\spuninst\spuninst.exe
+ 2010-02-10 09:02 . 2009-07-14 19:35 455296 c:\windows\$NtUninstallKB978251$\mrxsmb.sys
+ 2010-02-10 09:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978037$\spuninst\updspapi.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe
+ 2010-02-10 09:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977914$\spuninst\updspapi.dll
+ 2010-02-10 09:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe
+ 2010-04-15 09:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
+ 2010-04-15 09:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
+ 2010-02-10 09:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977165$\spuninst\updspapi.dll
+ 2010-02-10 09:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977165$\spuninst\spuninst.exe
+ 2009-11-25 09:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB976098-v2$\spuninst\updspapi.dll
+ 2009-11-25 09:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB976098-v2$\spuninst\spuninst.exe
+ 2010-02-10 09:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975713$\spuninst\updspapi.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe
+ 2010-02-10 09:03 . 2008-04-14 12:00 474112 c:\windows\$NtUninstallKB975713$\shlwapi.dll
+ 2010-03-10 09:03 . 2009-05-26 23:10 382840 c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll
+ 2010-03-10 09:03 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe
+ 2010-02-10 09:02 . 2009-05-26 23:10 382840 c:\windows\$NtUninstallKB975560$\spuninst\updspapi.dll
+ 2010-02-10 09:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe
+ 2009-11-13 09:01 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB975467$\spuninst\updspapi.dll
+ 2009-11-13 09:01 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975467$\spuninst\spuninst.exe
+ 2009-11-13 09:01 . 2009-06-25 08:41 136704 c:\windows\$NtUninstallKB975467$\msv1_0.dll
+ 2009-11-13 09:04 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975025$\spuninst\updspapi.dll
+ 2009-11-13 09:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975025$\spuninst\spuninst.exe
+ 2009-11-13 09:04 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974571$\spuninst\updspapi.dll
+ 2009-11-13 09:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974571$\spuninst\spuninst.exe
+ 2009-12-09 09:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974392$\spuninst\updspapi.dll
+ 2009-12-09 09:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974392$\spuninst\spuninst.exe
+ 2009-12-09 09:00 . 2008-04-14 12:00 270336 c:\windows\$NtUninstallKB974392$\oakley.dll
+ 2009-12-09 09:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974318$\spuninst\updspapi.dll
+ 2009-12-09 09:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974318$\spuninst\spuninst.exe
+ 2009-12-09 09:01 . 2008-04-14 12:00 150016 c:\windows\$NtUninstallKB974318$\rastls.dll
+ 2009-11-13 09:05 . 2009-07-14 19:37 247326 c:\windows\$NtUninstallKB974112$\strmdll.dll
+ 2009-11-13 09:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974112$\spuninst\updspapi.dll
+ 2009-11-13 09:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974112$\spuninst\spuninst.exe
+ 2009-12-09 09:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973904$\spuninst\updspapi.dll
+ 2009-12-09 09:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973904$\spuninst\spuninst.exe
+ 2009-11-25 09:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973687$\spuninst\updspapi.dll
+ 2009-11-25 09:00 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973687$\spuninst\spuninst.exe
+ 2009-11-13 09:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973525$\spuninst\updspapi.dll
+ 2009-11-13 09:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973525$\spuninst\spuninst.exe
+ 2010-01-13 09:00 . 2009-07-14 19:41 119808 c:\windows\$NtUninstallKB972270$\t2embed.dll
+ 2010-01-13 09:00 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB972270$\spuninst\updspapi.dll
+ 2010-01-13 09:00 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB972270$\spuninst\spuninst.exe
+ 2009-12-09 09:00 . 2009-07-14 19:39 354304 c:\windows\$NtUninstallKB971737$\winhttp.dll
+ 2009-12-09 09:00 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB971737$\spuninst\updspapi.dll
+ 2009-12-09 09:00 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971737$\spuninst\spuninst.exe
+ 2009-11-13 09:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971486$\spuninst\updspapi.dll
+ 2009-11-13 09:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB971486$\spuninst\spuninst.exe
+ 2010-02-10 09:03 . 2009-07-14 19:37 333952 c:\windows\$NtUninstallKB971468$\srv.sys
+ 2010-02-10 09:03 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB971468$\spuninst\updspapi.dll
+ 2010-02-10 09:03 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971468$\spuninst\spuninst.exe
+ 2009-12-09 09:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970430$\spuninst\updspapi.dll
+ 2009-12-09 09:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970430$\spuninst\spuninst.exe
+ 2009-12-09 09:02 . 2008-04-14 12:00 264832 c:\windows\$NtUninstallKB970430$\http.sys
+ 2009-11-13 09:01 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB969947$\spuninst\updspapi.dll
+ 2009-11-13 09:01 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969947$\spuninst\spuninst.exe
+ 2009-11-13 09:07 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB969059$\spuninst\updspapi.dll
+ 2009-11-13 09:07 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969059$\spuninst\spuninst.exe
+ 2009-11-13 09:07 . 2007-07-27 16:41 382840 c:\windows\$NtUninstallKB968816_WM9$\spuninst\updspapi.dll
+ 2009-11-13 09:07 . 2007-07-27 16:41 231288 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe
+ 2009-11-13 09:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB958869$\spuninst\updspapi.dll
+ 2009-11-13 09:07 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB958869$\spuninst\spuninst.exe
+ 2009-11-13 09:05 . 2008-04-14 12:00 153088 c:\windows\$NtUninstallKB956844$\triedit.dll
+ 2009-11-13 09:05 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956844$\spuninst\updspapi.dll
+ 2009-11-13 09:05 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe
+ 2010-01-13 09:01 . 2009-05-26 23:10 382840 c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll
+ 2010-01-13 09:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2010-01-13 09:01 . 2008-04-14 12:00 451072 c:\windows\$NtUninstallKB955759$\aclayers.dll
+ 2009-11-13 09:06 . 2005-01-28 19:44 413944 c:\windows\$NtUninstallKB954155_WM9$\wmspdmod.dll
+ 2009-11-13 09:06 . 2007-07-27 16:41 382840 c:\windows\$NtUninstallKB954155_WM9$\spuninst\updspapi.dll
+ 2009-11-13 09:06 . 2007-07-27 16:41 231288 c:\windows\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe
+ 2010-01-25 09:00 . 2006-10-19 03:47 295936 c:\windows\$NtUninstallKB954154_WM11$\wmpeffects.dll
+ 2010-01-25 09:00 . 2007-07-27 16:41 382840 c:\windows\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll
+ 2010-01-25 09:00 . 2007-07-27 16:41 231288 c:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe
+ 2009-11-13 09:04 . 2005-01-28 19:44 224768 c:\windows\$NtUninstallKB941569$\wmasf.dll
+ 2009-11-13 09:04 . 2007-10-27 22:39 371424 c:\windows\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2009-11-13 09:04 . 2007-10-27 22:39 213216 c:\windows\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2010-01-25 09:01 . 2006-11-03 16:01 317952 c:\windows\$NtUninstallKB939683$\unregmp2.exe
+ 2010-01-25 09:01 . 2005-06-28 16:23 371424 c:\windows\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2010-01-25 09:01 . 2005-06-28 16:23 213216 c:\windows\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2010-01-25 09:01 . 2005-06-28 16:23 371424 c:\windows\$NtUninstallKB929399$\spuninst\updspapi.dll
+ 2010-01-25 09:01 . 2005-06-28 16:23 213216 c:\windows\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2010-01-25 09:01 . 2006-10-19 03:47 414208 c:\windows\$NtUninstallKB929399$\msscp.dll
+ 2010-04-15 09:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981332-IE8\update\updspapi.dll
+ 2010-04-15 09:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981332-IE8\update\update.exe
+ 2010-04-15 09:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981332-IE8\spuninst.exe
+ 2010-04-15 03:58 . 2010-03-10 06:18 420352 c:\windows\$hf_mig$\KB981332-IE8\SP3QFE\vbscript.dll
+ 2010-04-15 09:03 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB980232\update\updspapi.dll
+ 2010-04-15 09:03 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB980232\update\update.exe
+ 2010-04-15 09:03 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB980232\spuninst.exe
+ 2010-04-15 03:59 . 2010-02-24 11:57 457216 c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
+ 2010-04-14 09:00 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB979309\update\updspapi.dll
+ 2010-04-14 09:00 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB979309\update\update.exe
+ 2010-04-14 09:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB979309\spuninst.exe
+ 2010-02-10 09:01 . 2009-05-26 23:10 382840 c:\windows\$hf_mig$\KB978706\update\updspapi.dll
+ 2010-02-10 09:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978706\update\update.exe
+ 2010-02-10 09:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978706\spuninst.exe
+ 2010-02-09 20:17 . 2009-12-16 18:27 343040 c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe
+ 2010-04-14 09:00 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB978601\update\updspapi.dll
+ 2010-04-14 09:00 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB978601\update\update.exe
+ 2010-04-14 09:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB978601\spuninst.exe
+ 2010-04-13 23:59 . 2009-12-24 06:42 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll
+ 2010-05-12 09:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-05-12 09:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-05-12 09:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-05-11 17:51 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2010-04-15 09:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978338\update\updspapi.dll
+ 2010-04-15 09:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2010-04-15 09:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-04-15 03:59 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
+ 2010-04-15 03:59 . 2010-02-12 04:27 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978262\update\updspapi.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978262\update\update.exe
+ 2010-02-10 09:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978262\spuninst.exe
+ 2010-02-10 09:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978251\update\updspapi.dll
+ 2010-02-10 09:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978251\update\update.exe
+ 2010-02-10 09:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978251\spuninst.exe
+ 2010-02-09 20:17 . 2009-12-04 17:25 456832 c:\windows\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
+ 2010-02-10 09:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978037\update\updspapi.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978037\update\update.exe
+ 2010-02-10 09:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978037\spuninst.exe
+ 2010-02-10 09:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977914\update\updspapi.dll
+ 2010-02-10 09:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977914\update\update.exe
+ 2010-02-10 09:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977914\spuninst.exe
+ 2010-04-15 09:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2010-04-15 09:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-04-15 09:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2009-11-14 09:00 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB976749-IE8\update\updspapi.dll
+ 2009-11-14 09:00 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB976749-IE8\update\update.exe
+ 2009-11-14 09:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB976749-IE8\spuninst.exe
+ 2010-02-24 09:01 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB976662-IE8\update\updspapi.dll
+ 2010-02-24 09:01 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB976662-IE8\update\update.exe
+ 2010-02-24 09:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB976662-IE8\spuninst.exe
+ 2010-02-23 18:45 . 2009-12-09 05:51 726528 c:\windows\$hf_mig$\KB976662-IE8\SP3QFE\jscript.dll
+ 2009-12-09 09:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB976325-IE8\update\updspapi.dll
+ 2009-12-09 09:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB976325-IE8\update\update.exe
+ 2009-12-09 09:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB976325-IE8\spuninst.exe
+ 2009-12-08 21:54 . 2009-10-29 07:45 916480 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
+ 2009-12-08 21:54 . 2009-10-29 07:45 206848 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\occache.dll
+ 2009-12-08 21:54 . 2009-10-29 07:45 594432 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\msfeeds.dll
+ 2009-12-08 21:54 . 2009-10-29 07:45 246272 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ieproxy.dll
+ 2009-12-08 21:54 . 2009-10-29 07:45 184320 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iepeers.dll
+ 2009-12-08 21:54 . 2009-10-29 07:45 387584 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iedkcs32.dll
+ 2009-12-08 21:54 . 2009-10-28 14:10 173056 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ie4uinit.exe
+ 2010-02-10 09:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975713\update\updspapi.dll
+ 2010-02-10 09:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975713\update\update.exe
+ 2010-02-10 09:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975713\spuninst.exe
+ 2010-02-09 20:18 . 2009-12-08 09:01 474112 c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll
+ 2010-03-10 09:03 . 2009-05-26 23:10 382840 c:\windows\$hf_mig$\KB975561\update\updspapi.dll
+ 2010-03-10 09:03 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB975561\update\update.exe
+ 2010-03-10 09:03 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975561\spuninst.exe
+ 2009-12-15 02:23 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975364-IE8\update\updspapi.dll
+ 2009-12-15 02:23 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975364-IE8\update\update.exe
+ 2009-12-15 02:23 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975364-IE8\spuninst.exe
+ 2009-11-13 09:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975025\update\updspapi.dll
+ 2009-11-13 09:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975025\update\update.exe
+ 2009-11-13 09:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975025\spuninst.exe
+ 2009-11-13 09:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll
+ 2009-11-13 09:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe
+ 2009-11-13 09:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe
+ 2009-11-13 09:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974455-IE8\update\updspapi.dll
+ 2009-11-13 09:08 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB974455-IE8\update\update.exe
+ 2009-11-13 09:08 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB974455-IE8\spuninst.exe
+ 2009-11-13 04:39 . 2009-08-29 08:01 916480 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
+ 2009-11-13 04:39 . 2009-08-29 08:01 206848 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\occache.dll
+ 2009-11-13 04:39 . 2009-08-29 08:01 594432 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\msfeeds.dll
+ 2009-11-13 04:39 . 2009-08-29 08:01 246272 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\ieproxy.dll
+ 2009-11-13 04:39 . 2009-08-29 08:01 184320 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\iepeers.dll
+ 2009-11-13 04:39 . 2009-08-29 08:01 387584 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\iedkcs32.dll
+ 2009-11-13 04:39 . 2009-08-28 10:07 173056 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\ie4uinit.exe
+ 2009-12-09 09:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2009-12-09 09:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2009-12-09 09:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-12-08 21:55 . 2009-10-13 10:38 270336 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2009-12-09 09:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2009-12-09 09:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2009-12-09 09:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-13 00:58 . 2009-10-13 00:58 150016 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2009-11-13 09:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974112\update\updspapi.dll
+ 2009-11-13 09:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974112\update\update.exe
+ 2009-11-13 09:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974112\spuninst.exe
+ 2009-11-13 04:40 . 2009-08-26 08:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll
+ 2009-09-28 02:14 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB973874-IE8\update\updspapi.dll
+ 2009-09-28 02:14 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973874-IE8\update\update.exe
+ 2009-09-28 02:14 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973874-IE8\spuninst.exe
+ 2009-09-28 02:12 . 2009-08-07 08:00 100352 c:\windows\$hf_mig$\KB973874-IE8\SP3QFE\iecompat.dll
+ 2009-11-25 09:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973687\update\updspapi.dll
+ 2009-11-25 09:00 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973687\update\update.exe
+ 2009-11-25 09:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973687\spuninst.exe
+ 2009-11-13 09:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973525\update\updspapi.dll
+ 2009-11-13 09:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973525\update\update.exe
+ 2009-11-13 09:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973525\spuninst.exe
+ 2009-09-28 02:14 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB972260-IE8\update\updspapi.dll
+ 2009-09-28 02:14 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB972260-IE8\update\update.exe
+ 2009-09-28 02:14 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB972260-IE8\spuninst.exe
+ 2009-09-28 02:12 . 2009-07-03 17:06 915456 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
+ 2009-09-28 02:12 . 2009-07-03 17:06 206848 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\occache.dll
+ 2009-09-28 02:12 . 2009-07-03 17:06 594432 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\msfeeds.dll
+ 2009-09-28 02:12 . 2009-07-03 17:06 246272 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\ieproxy.dll
+ 2009-09-28 02:12 . 2009-07-03 17:06 184320 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\iepeers.dll
+ 2009-09-28 02:12 . 2009-07-03 17:06 386048 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\iedkcs32.dll
+ 2009-09-28 02:12 . 2009-07-03 11:38 173056 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\ie4uinit.exe
+ 2009-11-13 09:01 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB971961-IE8\update\updspapi.dll
+ 2009-11-13 09:01 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971961-IE8\update\update.exe
+ 2009-11-13 09:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971961-IE8\spuninst.exe
+ 2009-11-13 04:34 . 2009-06-22 06:47 726528 c:\windows\$hf_mig$\KB971961-IE8\SP3QFE\jscript.dll
+ 2010-02-10 09:03 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB971468\update\updspapi.dll
+ 2010-02-10 09:03 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971468\update\update.exe
+ 2010-02-10 09:03 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971468\spuninst.exe
+ 2010-02-09 20:17 . 2010-01-01 07:58 353792 c:\windows\$hf_mig$\KB971468\SP3QFE\srv.sys
+ 2009-12-09 09:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB970430\update\updspapi.dll
+ 2009-12-09 09:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB970430\update\update.exe
+ 2009-12-09 09:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB970430\spuninst.exe
+ 2009-12-08 21:55 . 2009-10-20 15:21 265728 c:\windows\$hf_mig$\KB970430\SP3QFE\http.sys
+ 2009-11-13 09:07 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB969059\update\updspapi.dll
+ 2009-11-13 09:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969059\update\update.exe
+ 2009-11-13 09:07 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969059\spuninst.exe
+ 2009-11-13 09:05 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956844\update\updspapi.dll
+ 2009-11-13 09:05 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB956844\update\update.exe
+ 2009-11-13 09:05 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956844\spuninst.exe
+ 2009-11-13 04:37 . 2009-06-21 21:49 153088 c:\windows\$hf_mig$\KB956844\SP3QFE\triedit.dll
+ 2010-01-13 09:01 . 2009-05-26 23:10 382840 c:\windows\$hf_mig$\KB955759\update\updspapi.dll
+ 2010-01-13 09:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2010-01-13 09:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2010-01-13 06:24 . 2009-11-21 15:40 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll
+ 2009-11-13 04:38 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2006-12-02 06:25 . 2006-12-02 06:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-02 05:25 . 2006-12-02 05:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-02 05:25 . 2006-12-02 05:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 06:25 . 2006-12-02 06:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2009-07-12 02:46 . 2009-07-12 02:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 02:46 . 2009-07-12 02:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-07-21 06:03 . 2009-07-21 06:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-10-28 23:42 . 2009-10-28 23:42 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2009-07-15 17:02 . 2009-08-07 01:23 1929952 c:\windows\system32\wuaueng.dll
+ 2010-01-23 06:02 . 2009-09-04 04:04 1077248 c:\windows\system32\wuauclts.exe
+ 2006-10-19 03:47 . 2006-10-19 03:47 2603008 c:\windows\system32\WpdShext.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 1382912 c:\windows\system32\WMVSDECD.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 1574912 c:\windows\system32\WMVENCOD.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 1543680 c:\windows\system32\WMVDECOD.dll
+ 2009-07-14 19:37 . 2010-04-06 10:52 2462720 c:\windows\system32\WMVCore.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 1329152 c:\windows\system32\WMSPDMOE.dll
+ 2008-04-14 12:00 . 2006-11-03 16:04 8287232 c:\windows\system32\wmploc.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 1661440 c:\windows\system32\wmpencen.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 1117696 c:\windows\system32\WMADMOE.dll
+ 2008-04-14 12:00 . 2008-04-14 12:00 2565632 c:\windows\system32\usmt\migwiza.exe
+ 2009-07-14 19:40 . 2010-05-06 10:36 1209856 c:\windows\system32\urlmon.dll
+ 2009-10-16 07:50 . 2009-10-16 07:50 2520888 c:\windows\system32\TVUAx\npTVUAx.dll
+ 2006-10-16 10:44 . 2006-10-16 10:44 1028096 c:\windows\system32\TVUAx\libeay32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 1435648 c:\windows\system32\query.dll
+ 2008-04-14 12:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
+ 2009-07-14 19:41 . 2010-02-05 18:29 1291776 c:\windows\system32\quartz.dll
+ 2008-06-11 00:07 . 2008-06-11 00:07 3596288 c:\windows\system32\qt-dx331.dll
+ 2009-08-06 07:27 . 2009-12-01 19:14 2083312 c:\windows\system32\pxsfs.dll
+ 2009-07-14 19:38 . 2010-02-16 12:50 2146304 c:\windows\system32\ntoskrnl.exe
+ 2009-02-06 10:30 . 2010-02-16 12:12 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2009-07-14 19:35 . 2009-07-31 16:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\system32\msxml4.dll
+ 2009-07-14 19:35 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2009-07-14 19:40 . 2010-05-06 10:36 5953024 c:\windows\system32\mshtml.dll
+ 2006-07-12 01:02 . 2006-07-12 01:02 1053184 c:\windows\system32\mfc71u.dll
+ 2006-07-12 00:43 . 2006-07-12 00:43 1060864 c:\windows\system32\mfc71.dll
- 2003-03-19 02:20 . 2003-03-19 02:20 1060864 c:\windows\system32\mfc71.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-06-11 00:04 . 2008-06-11 00:04 1044480 c:\windows\system32\libdivx.dll
+ 2009-03-08 10:32 . 2010-05-06 10:36 1986048 c:\windows\system32\iertutil.dll
+ 2009-02-07 03:07 . 2009-02-07 03:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2009-08-18 05:33 . 2009-08-18 05:33 1193832 c:\windows\system32\FM20.DLL
+ 2009-07-15 17:02 . 2009-08-07 01:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2009-07-14 19:37 . 2010-04-06 10:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 1329152 c:\windows\system32\dllcache\WMSPDMOE.dll
+ 2008-04-14 12:00 . 2006-11-03 16:04 8287232 c:\windows\system32\dllcache\wmploc.dll
+ 2008-04-14 12:00 . 2006-10-19 03:47 1117696 c:\windows\system32\dllcache\WMADMOE.dll
+ 2009-07-14 19:40 . 2010-05-02 18:04 1860352 c:\windows\system32\dllcache\win32k.sys
+ 2009-07-14 19:40 . 2010-05-06 10:36 1209856 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-15 17:02 . 2006-11-03 16:02 1678848 c:\windows\system32\dllcache\setup_wm.exe
+ 2008-04-14 12:00 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 1435648 c:\windows\system32\dllcache\query.dll
+ 2009-07-14 19:41 . 2010-02-05 18:29 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-11-13 04:35 . 2010-02-16 12:52 2190080 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-02-06 10:30 . 2010-02-16 12:12 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-08-05 00:47 . 2010-02-16 12:12 2066944 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-07-14 19:38 . 2010-02-16 12:50 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-07-14 19:35 . 2009-07-31 16:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2009-07-14 19:35 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-07-15 17:01 . 2010-01-30 02:31 1315328 c:\windows\system32\dllcache\msoe.dll
- 2009-07-15 17:01 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-07-14 19:40 . 2010-05-06 10:36 5953024 c:\windows\system32\dllcache\mshtml.dll
- 2009-07-15 17:02 . 2008-04-14 12:00 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-07-15 17:02 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2008-04-14 12:00 . 2008-04-14 12:00 2565632 c:\windows\system32\dllcache\migwiza.exe
+ 2009-09-28 02:12 . 2010-05-06 10:36 1986048 c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-07 07:06 . 2009-11-07 07:06 1130824 c:\windows\system32\dfshim.dll
+ 2009-11-11 11:37 . 2009-11-11 11:37 2542458 c:\windows\system32\abgx360.exe
+ 2009-10-28 23:38 . 2005-01-28 19:44 1003008 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 2370296 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 1512448 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2009-10-28 23:38 . 2005-01-28 19:44 1119744 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 1027072 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 1001472 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvdmoe2.dll
+ 2009-09-18 22:29 . 2009-07-14 19:37 2174976 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvcore.dll
+ 2009-09-18 22:29 . 2008-04-14 12:00 1119744 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmsdmoe2.dll
+ 2009-09-18 22:29 . 2009-07-14 19:37 1053696 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmnetmgr.dll
+ 2009-10-28 23:38 . 2005-01-28 19:44 1218808 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 11:32 . 2010-03-23 11:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 11:32 . 2010-03-23 11:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2009-08-08 05:51 . 2009-08-08 05:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-08 05:51 . 2009-08-08 05:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-06-28 18:42 . 2010-06-28 18:42 1094656 c:\windows\Installer\918260.msi
+ 2010-05-09 04:16 . 2010-05-09 04:16 3940352 c:\windows\Installer\847577b.msi
+ 2010-01-15 03:26 . 2010-01-15 03:26 5027840 c:\windows\Installer\76a5d58.msp
+ 2009-11-09 06:25 . 2009-11-09 06:25 1935360 c:\windows\Installer\7684bc2.msp
+ 2010-02-21 07:03 . 2010-02-21 07:03 4472832 c:\windows\Installer\516c021.msp
+ 2010-02-21 07:02 . 2010-02-21 07:02 4195840 c:\windows\Installer\516c004.msp
+ 2010-03-12 05:59 . 2010-03-12 05:59 5031424 c:\windows\Installer\516bfed.msp
+ 2009-11-15 18:30 . 2009-11-15 18:30 3225600 c:\windows\Installer\4a9225.msi
+ 2009-11-15 18:28 . 2009-11-15 18:28 2715648 c:\windows\Installer\4a921e.msi
+ 2007-04-12 13:41 . 2007-04-12 13:41 4582912 c:\windows\Installer\461f837.msp
+ 2010-01-26 00:45 . 2010-01-26 00:45 1640960 c:\windows\Installer\461ea77.msi
+ 2010-01-26 00:45 . 2010-01-26 00:45 1652736 c:\windows\Installer\461ea6b.msi
+ 2010-01-26 00:45 . 2010-01-26 00:45 1652736 c:\windows\Installer\461ea65.msi
+ 2010-01-26 00:45 . 2010-01-26 00:45 1652736 c:\windows\Installer\461ea5f.msi
+ 2010-01-26 00:44 . 2010-01-26 00:44 2319872 c:\windows\Installer\461ea3e.msi
+ 2010-01-26 00:44 . 2010-01-26 00:44 1647616 c:\windows\Installer\461ea32.msi
+ 2010-01-26 00:44 . 2010-01-26 00:44 1640960 c:\windows\Installer\461ea22.msi
+ 2010-01-26 00:43 . 2010-01-26 00:43 2022912 c:\windows\Installer\461ea1c.msi
+ 2010-01-26 00:43 . 2010-01-26 00:43 1713152 c:\windows\Installer\461ea15.msi
+ 2010-01-26 00:43 . 2010-01-26 00:43 2397184 c:\windows\Installer\461ea09.msi
+ 2009-05-27 00:54 . 2009-05-27 00:54 4192768 c:\windows\Installer\42eb92d.msp
+ 2009-08-18 18:58 . 2009-08-18 18:58 8301056 c:\windows\Installer\42eb911.msp
+ 2009-04-24 18:30 . 2009-04-24 18:30 2583552 c:\windows\Installer\42eb8f9.msp
+ 2009-08-05 13:49 . 2009-08-05 13:49 3457024 c:\windows\Installer\42eb8e0.msp
+ 2009-04-24 18:28 . 2009-04-24 18:28 4450816 c:\windows\Installer\42eb8c7.msp
+ 2009-07-27 10:31 . 2009-07-27 10:31 3738624 c:\windows\Installer\42eb8ae.msp
+ 2009-04-04 23:10 . 2009-04-04 23:10 1282560 c:\windows\Installer\42eb897.msp
+ 2009-04-04 23:10 . 2009-04-04 23:10 7888384 c:\windows\Installer\42eb88f.msp
+ 2009-04-04 23:10 . 2009-04-04 23:10 9926144 c:\windows\Installer\42eb885.msp
+ 2009-04-04 16:14 . 2009-04-04 16:14 1094656 c:\windows\Installer\42eb6a9.msp
+ 2009-08-18 18:57 . 2009-08-18 18:57 9122304 c:\windows\Installer\42eb69d.msp
+ 2009-10-16 13:09 . 2009-10-16 13:09 2518016 c:\windows\Installer\42eb66e.msp
+ 2009-08-18 19:08 . 2009-08-18 19:08 1373696 c:\windows\Installer\42eb657.msp
+ 2009-04-24 18:29 . 2009-04-24 18:29 9013760 c:\windows\Installer\42eb604.msp
+ 2010-04-24 23:08 . 2010-04-24 23:08 9129984 c:\windows\Installer\41f14c9.msp
+ 2010-03-25 00:54 . 2010-03-25 00:54 3126272 c:\windows\Installer\41f14b1.msp
+ 2010-03-25 00:54 . 2010-03-25 00:54 2516992 c:\windows\Installer\41f14b0.msp
+ 2010-04-24 23:07 . 2010-04-24 23:07 4667392 c:\windows\Installer\41f1494.msp
+ 2010-04-24 23:05 . 2010-04-24 23:05 4199424 c:\windows\Installer\41f147d.msp
+ 2010-05-19 05:35 . 2010-05-19 05:35 5023744 c:\windows\Installer\41f1466.msp
+ 2010-04-12 04:17 . 2010-04-12 04:17 2607104 c:\windows\Installer\41f1440.msp
+ 2010-04-12 04:17 . 2010-04-12 04:17 4210688 c:\windows\Installer\41f143f.msp
+ 2010-04-24 23:10 . 2010-04-24 23:10 8486400 c:\windows\Installer\41f140e.msp
+ 2010-02-04 23:24 . 2010-02-04 23:24 9122304 c:\windows\Installer\2b35c3c.msp
+ 2010-02-21 07:00 . 2010-02-21 07:00 8480768 c:\windows\Installer\2b35c25.msp
+ 2010-02-04 06:59 . 2010-02-04 06:59 5031936 c:\windows\Installer\2b35c0e.msp
+ 2009-10-16 13:08 . 2009-10-16 13:08 2237952 c:\windows\Installer\1ee97d5.msp
+ 2010-04-09 21:21 . 2010-04-09 21:21 5025792 c:\windows\Installer\1ee97be.msp
+ 2009-10-25 21:50 . 2009-10-25 21:50 1022464 c:\windows\Installer\1b7f4b37.msi
+ 2009-07-27 00:40 . 2009-07-27 00:40 3279872 c:\windows\Installer\18a109.msi
+ 2009-12-03 20:15 . 2009-12-03 20:15 5004288 c:\windows\Installer\11c489d.msp
+ 2008-04-12 00:08 . 2008-04-12 00:08 6302720 c:\windows\Installer\11c4839.msp
+ 2008-04-12 00:48 . 2008-04-12 00:48 6774272 c:\windows\Installer\11c4806.msp
+ 2009-02-26 01:08 . 2009-02-26 01:08 8311808 c:\windows\Installer\11c47ed.msp
+ 2007-10-15 05:43 . 2007-10-15 05:43 5749760 c:\windows\Installer\11c47ac.msp
+ 2008-05-21 06:45 . 2008-05-21 06:45 5246976 c:\windows\Installer\11c4695.msp
+ 2007-06-01 21:54 . 2007-06-01 21:54 9626624 c:\windows\Installer\11c4639.msp
+ 2008-10-20 16:18 . 2008-10-20 16:18 6474240 c:\windows\Installer\11c4622.msp
+ 2010-01-26 00:54 . 2010-06-10 09:20 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-26 00:54 . 2010-06-10 09:20 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-03 23:57 . 2009-04-03 23:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2008-11-21 09:12 . 2008-11-21 09:12 3750256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWER.DLL
+ 2008-10-25 15:35 . 2008-10-25 15:35 1847160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL
+ 2008-08-26 04:50 . 2008-08-26 04:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2009-04-04 00:04 . 2009-04-04 00:04 8468840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPCORE.DLL
+ 2009-03-06 10:00 . 2009-03-06 10:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 16:49 . 2008-11-10 16:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-25 04:16 . 2008-11-25 04:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2009-02-05 17:36 . 2009-02-05 17:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OGL.DLL
+ 2009-03-06 09:41 . 2009-03-06 09:41 9589096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPUB.EXE
+ 2009-03-06 10:26 . 2009-03-06 10:26 5466488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPDESIGN.DLL
+ 2008-11-04 06:40 . 2008-11-04 06:40 1442160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\INFOPATH.EXE
+ 2006-10-26 20:05 . 2006-10-26 20:05 1181520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-27 21:11 . 2006-10-27 21:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 04:58 . 2006-10-27 04:58 3732792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 05:00 . 2006-10-27 05:00 1841984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-09-30 06:42 . 2006-09-30 06:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 20:57 . 2006-10-27 20:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-27 01:52 . 2006-10-27 01:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-27 21:04 . 2006-10-27 21:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-09-15 22:25 . 2006-09-15 22:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 02:07 . 2006-10-27 02:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-10-27 21:03 . 2006-10-27 21:03 6579512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-27 02:24 . 2006-10-27 02:24 1165112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 21:03 . 2006-10-27 21:03 1018664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 21:16 . 2006-10-27 21:16 2939704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 21:18 . 2006-10-27 21:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 02:14 . 2006-10-27 02:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 02:42 . 2006-10-27 02:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 20:47 . 2006-10-26 20:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2006-10-27 21:04 . 2006-10-27 21:04 9581360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-27 01:58 . 2006-10-27 01:58 1057632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPCORE.DLL
+ 2006-10-27 02:00 . 2006-10-27 02:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-27 21:10 . 2006-10-27 21:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 21:10 . 2006-10-27 21:10 5456704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 21:10 . 2006-10-27 21:10 1439032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 21:37 . 2006-10-27 21:37 1396008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL
+ 2006-10-27 21:38 . 2006-10-27 21:38 4746536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 1163048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 2738472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL
+ 2006-10-27 06:48 . 2006-10-27 06:48 2210608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-27 21:38 . 2006-10-27 21:38 7053096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL
+ 2006-10-27 06:48 . 2006-10-27 06:48 1555232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 3071288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 1359648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL
+ 2006-10-27 21:38 . 2006-10-27 21:38 3508544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2006-10-27 21:37 . 2006-10-27 21:37 2689336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL
+ 2006-10-27 21:38 . 2006-10-27 21:38 6191400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL
+ 2006-10-27 02:02 . 2006-10-27 02:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-27 01:21 . 2006-10-27 01:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-26 20:10 . 2006-10-26 20:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2010-01-26 00:49 . 2010-01-26 00:49 1276720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPIA.DLL
+ 2006-10-27 21:00 . 2006-10-27 21:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 01:49 . 2006-10-27 01:49 1011488 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2010-06-10 09:16 . 2010-02-25 06:19 1209856 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 5th, 2010, 6:31 pm

+ 2010-06-10 09:16 . 2010-02-25 06:19 5946880 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-10 09:16 . 2010-02-25 06:19 1986048 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-03-31 03:18 . 2009-12-21 19:09 1209344 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-03-31 03:18 . 2009-12-21 19:09 5945856 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-03-31 03:18 . 2009-12-21 19:09 1986048 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2010-01-22 09:01 . 2009-10-29 07:45 1208832 c:\windows\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-01-22 09:01 . 2009-10-29 07:45 5940736 c:\windows\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-01-22 09:01 . 2009-10-29 07:45 1985536 c:\windows\ie8updates\KB978207-IE8\iertutil.dll
+ 2009-12-15 02:23 . 2009-10-29 07:45 1208832 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2009-12-15 02:23 . 2009-10-29 07:45 5940736 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2009-12-15 02:23 . 2009-10-29 07:45 1985536 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
+ 2009-11-13 04:35 . 2010-02-16 12:52 2190080 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-11-13 04:35 . 2010-02-16 12:12 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-08-05 00:47 . 2010-02-16 12:12 2066944 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-11-13 04:35 . 2010-02-16 12:50 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-06-10 09:11 . 2010-06-10 09:11 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-06-24 09:05 . 2010-06-24 09:05 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-06-24 09:06 . 2010-06-24 09:06 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-06-10 09:16 . 2010-06-10 09:16 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-06-10 09:08 . 2010-06-10 09:08 2178048 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP289.tmp\System.Core.dll
+ 2010-06-10 09:11 . 2010-06-10 09:11 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-10 09:15 . 2010-06-10 09:15 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-10 09:24 . 2010-06-10 09:24 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-10 09:24 . 2010-06-10 09:24 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-10 09:24 . 2010-06-10 09:24 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-10 09:23 . 2010-06-10 09:23 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-10 09:23 . 2010-06-10 09:23 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-10 09:23 . 2010-06-10 09:23 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-10 09:23 . 2010-06-10 09:23 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-10 09:15 . 2010-06-10 09:15 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-10 09:17 . 2010-06-10 09:17 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-24 09:06 . 2010-06-24 09:06 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-06-10 09:17 . 2010-06-10 09:17 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-10 09:15 . 2010-06-10 09:15 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-10 09:14 . 2010-06-10 09:14 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-10 09:14 . 2010-06-10 09:14 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-10 09:21 . 2010-06-10 09:21 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-10 09:13 . 2010-06-10 09:13 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-24 09:06 . 2010-06-24 09:06 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-06-24 09:06 . 2010-06-24 09:06 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-06-10 09:11 . 2010-06-10 09:11 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-10 09:19 . 2010-06-10 09:19 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-10 09:22 . 2010-06-10 09:22 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-10 09:20 . 2010-06-10 09:20 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-24 09:04 . 2010-06-24 09:04 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-08-09 08:08 . 2009-08-09 08:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-10 09:11 . 2010-06-10 09:11 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-24 09:04 . 2010-06-24 09:04 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 4202496 c:\windows\assembly\GAC_MSIL\Microsoft.VSDesigner\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VSDesigner.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 1859584 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Editors\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Editors.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-09 08:04 . 2009-08-09 08:04 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-24 09:04 . 2010-06-24 09:04 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-08-09 08:07 . 2009-08-09 08:07 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-24 09:02 . 2010-06-24 09:02 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-01-26 00:51 . 2010-01-26 00:51 1662976 c:\windows\assembly\GAC_32\mscorcfg\2.0.0.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2010-01-27 09:20 . 2010-01-27 09:20 1279848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2010-01-26 00:49 . 2010-01-26 00:49 1612592 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2010-01-26 00:50 . 2010-01-26 00:50 1215328 c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2010-01-24 04:37 . 2008-04-14 12:00 2940928 c:\windows\$NtUninstallwmp11$\wmploc.dll
+ 2010-01-24 04:37 . 2009-07-12 17:21 4874240 c:\windows\$NtUninstallwmp11$\wmp.dll
+ 2010-01-24 04:36 . 2006-05-20 22:16 1184984 c:\windows\$NtUninstallWMFDist11$\wvc1dmod.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 1003008 c:\windows\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2010-01-24 04:36 . 2009-05-20 18:24 2373504 c:\windows\$NtUninstallWMFDist11$\wmvcore.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 1512448 c:\windows\$NtUninstallWMFDist11$\wmvadve.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 1218808 c:\windows\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2010-01-24 04:36 . 2005-01-28 19:44 1119744 c:\windows\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2010-01-24 04:36 . 2008-06-10 12:28 1028096 c:\windows\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2010-04-15 09:03 . 2009-12-08 18:20 2145280 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
+ 2010-04-15 09:03 . 2009-12-08 17:40 2023936 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe
+ 2010-04-15 09:03 . 2009-12-08 17:40 2023936 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
+ 2010-04-15 09:03 . 2009-12-08 18:20 2145280 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe
+ 2010-05-12 09:01 . 2009-07-10 13:27 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-02-10 09:00 . 2009-08-04 13:54 2145280 c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
+ 2010-02-10 09:00 . 2009-08-04 13:17 2023936 c:\windows\$NtUninstallKB977165$\ntkrpamp.exe
+ 2010-02-10 09:00 . 2009-08-04 13:17 2023936 c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
+ 2010-02-10 09:00 . 2009-08-04 13:54 2145280 c:\windows\$NtUninstallKB977165$\ntkrnlmp.exe
+ 2010-03-10 09:03 . 2008-04-14 12:00 3558912 c:\windows\$NtUninstallKB975561$\moviemk.exe
+ 2010-02-10 09:02 . 2009-07-14 19:41 1291264 c:\windows\$NtUninstallKB975560$\quartz.dll
+ 2009-11-25 09:00 . 2009-07-14 19:35 1307648 c:\windows\$NtUninstallKB973687$\msxml6.dll
+ 2009-11-25 09:00 . 2009-07-14 19:35 1106944 c:\windows\$NtUninstallKB973687$\msxml3.dll
+ 2009-11-13 09:01 . 2009-07-14 19:38 2145280 c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
+ 2009-11-13 09:01 . 2009-07-14 19:54 2023936 c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
+ 2009-11-13 09:01 . 2009-07-14 19:40 1847808 c:\windows\$NtUninstallKB969947$\win32k.sys
+ 2009-11-13 09:07 . 2008-04-14 12:00 1435648 c:\windows\$NtUninstallKB969059$\query.dll
+ 2009-11-13 09:07 . 2008-06-10 13:07 2376760 c:\windows\$NtUninstallKB968816_WM9$\wmvcore.dll
+ 2010-01-25 04:10 . 2010-01-25 04:11 1077248 c:\windows\$hf_mig$\wuauclts.exe
+ 2010-05-11 17:51 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2009-11-14 01:41 . 2009-10-22 09:18 5943296 c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
+ 2009-12-08 21:54 . 2009-10-29 07:45 1209344 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\urlmon.dll
+ 2009-12-08 21:54 . 2009-10-29 07:45 5944320 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
+ 2009-12-08 21:54 . 2009-10-29 07:45 1986048 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iertutil.dll
+ 2010-03-10 00:51 . 2009-10-23 14:53 3558912 c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe
+ 2009-11-13 04:39 . 2009-08-29 08:01 1209344 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\urlmon.dll
+ 2009-11-13 04:39 . 2009-08-29 08:01 5942272 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
+ 2009-11-13 04:39 . 2009-08-29 08:01 1986048 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\iertutil.dll
+ 2009-11-24 22:00 . 2009-07-31 04:24 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll
+ 2009-11-24 22:00 . 2009-07-31 04:24 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll
+ 2009-09-28 02:12 . 2009-07-03 17:06 1208832 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\urlmon.dll
+ 2009-09-28 02:12 . 2009-07-19 13:17 5938176 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
+ 2009-09-28 02:12 . 2009-07-03 17:06 1985536 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\iertutil.dll
+ 2009-11-13 04:40 . 2009-07-17 16:01 1435648 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll
+ 2008-04-14 12:00 . 2009-07-14 05:43 10841088 c:\windows\system32\wmp.dll
+ 2009-03-08 10:39 . 2010-05-06 22:06 11078144 c:\windows\system32\ieframe.dll
+ 2008-04-14 12:00 . 2009-07-14 05:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-20 00:48 . 2010-05-06 22:06 11078144 c:\windows\system32\dllcache\ieframe.dll
+ 2009-10-28 23:43 . 2009-10-28 23:43 28059648 c:\windows\Installer\c61d0e2.msi
+ 2009-10-28 23:34 . 2009-10-28 23:34 17000448 c:\windows\Installer\c61c5ef.msi
+ 2010-03-31 07:23 . 2010-03-31 07:23 15638528 c:\windows\Installer\7684bcf.msp
+ 2010-01-20 09:00 . 2010-01-20 09:00 15710720 c:\windows\Installer\528bdc4.msp
+ 2009-11-01 18:13 . 2009-11-01 18:13 33273344 c:\windows\Installer\523610c.msp
+ 2010-03-22 22:03 . 2010-03-22 22:03 11732992 c:\windows\Installer\516c038.msp
+ 2010-01-26 00:54 . 2010-01-26 00:54 18181632 c:\windows\Installer\461f836.msi
+ 2009-04-04 23:09 . 2009-04-04 23:09 15190016 c:\windows\Installer\42eb6ca.msp
+ 2009-04-04 17:36 . 2009-04-04 17:36 21390848 c:\windows\Installer\42eb6aa.msp
+ 2009-08-18 18:50 . 2009-08-18 18:50 12022272 c:\windows\Installer\42eb640.msp
+ 2010-04-24 23:09 . 2010-04-24 23:09 11750912 c:\windows\Installer\41f14e0.msp
+ 2010-04-12 04:17 . 2010-04-12 04:17 14599680 c:\windows\Installer\41f144f.msp
+ 2010-04-24 23:07 . 2010-04-24 23:07 10118144 c:\windows\Installer\41f1433.msp
+ 2010-06-05 09:00 . 2010-06-05 09:00 20242432 c:\windows\Installer\4129b9e.msp
+ 2009-11-21 05:46 . 2009-11-21 05:46 11524608 c:\windows\Installer\2b35c53.msp
+ 2009-08-15 02:32 . 2009-08-15 02:32 11110912 c:\windows\Installer\1cf3df5.msp
+ 2009-11-13 09:03 . 2009-11-13 09:03 15709696 c:\windows\Installer\1cf3d8e.msp
+ 2008-09-24 18:05 . 2008-09-24 18:05 16381440 c:\windows\Installer\11c48b4.msp
+ 2008-08-11 17:51 . 2008-08-11 17:51 15916544 c:\windows\Installer\11c4886.msp
+ 2008-10-20 16:16 . 2008-10-20 16:16 13211648 c:\windows\Installer\11c486f.msp
+ 2008-08-11 17:49 . 2008-08-11 17:49 22457344 c:\windows\Installer\11c4856.msp
+ 2009-02-26 01:05 . 2009-02-26 01:05 11840000 c:\windows\Installer\11c481e.msp
+ 2007-10-15 05:43 . 2007-10-15 05:43 12743168 c:\windows\Installer\11c47be.msp
+ 2007-10-15 05:43 . 2007-10-15 05:43 21981184 c:\windows\Installer\11c4764.msp
+ 2008-05-21 07:30 . 2008-05-21 07:30 14308864 c:\windows\Installer\11c4679.msp
+ 2009-02-26 01:07 . 2009-02-26 01:07 11646464 c:\windows\Installer\11c4650.msp
+ 2009-10-14 02:01 . 2009-10-14 02:01 16245760 c:\windows\Installer\10fb248.msi
+ 2009-04-04 00:01 . 2009-04-04 00:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-04-04 00:46 . 2009-04-04 00:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSO.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 21:23 . 2006-10-27 21:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 21:16 . 2006-10-27 21:16 12813096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 21:14 . 2006-10-27 21:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 21:26 . 2006-10-27 21:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 21:01 . 2006-10-27 21:01 10371880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 21:07 . 2006-10-27 21:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2010-06-10 09:16 . 2010-02-25 06:19 11073024 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-03-31 03:18 . 2009-12-22 20:09 11070976 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
+ 2010-01-22 09:01 . 2009-10-29 07:45 11069952 c:\windows\ie8updates\KB978207-IE8\ieframe.dll
+ 2009-12-15 02:23 . 2009-10-29 07:45 11069952 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
+ 2010-06-10 09:15 . 2010-06-10 09:15 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-10 09:23 . 2010-06-10 09:23 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-10 09:18 . 2010-06-10 09:18 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-10 09:14 . 2010-06-10 09:14 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-24 09:06 . 2010-06-24 09:06 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-06-24 09:05 . 2010-06-24 09:05 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
+ 2009-11-13 09:14 . 2009-11-13 09:14 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
+ 2009-10-29 19:15 . 2009-10-29 19:15 11070464 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ieframe.dll
+ 2009-08-29 19:31 . 2009-08-29 19:31 11069952 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\ieframe.dll
+ 2009-09-28 02:12 . 2009-07-19 13:17 11068416 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\ieframe.dll
+ 2009-04-04 23:08 . 2009-04-04 23:08 343058432 c:\windows\Installer\42eb87a.msp
+ 2007-10-15 05:43 . 2007-10-15 05:43 229852160 c:\windows\Installer\11c475b.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-21 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-21 86016]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-11 23:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris House^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Chris House\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 17:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 15:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 19:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 21:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 08:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-21 01:58 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 18:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Plazmic CDK 4.7\\_jvm\\bin\\javaw.exe"=
"c:\\Program Files\\Plazmic CDK 4.7\\_jvm\\bin\\java.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 5.0.0\\5.0.0.252 (9500)\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 4.7.0\\4.7.0.76 (9530)\\fledge.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R1 SuperMounter;SuperMounter; [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2009-04-02 16512]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-11 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-02 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-11 308064]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2009-06-17 10384]
S2 Network_Server;Network_Server;c:\windows\system32\srvany.exe [2009-05-04 15360]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: &Search
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-DriverMax - c:\program files\Innovative Solutions\DriverMax\devices.exe
MSConfigStartUp-Flashget - c:\program files\FlashGet\flashget.exe
MSConfigStartUp-GM4IE - c:\program files\GM4IE\gm4ie.exe
MSConfigStartUp-PerfectSpeed - c:\program files\Raxco\PerfectSpeed20\PerfectSpeed.exe
MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
MSConfigStartUp-VistaStartMenu - c:\program files\Vista Start Menu\VistaStartMenu.exe
MSConfigStartUp-WeatherEye - c:\documents and settings\Chris House\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
ActiveSetup-{872B340C-F315-4883-AB6C-7F177F233488} - c:\windows\system32:host32.exe
AddRemove-FlashGet - c:\program files\FlashGet\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 11:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2652)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wuauclts.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2010-07-05 11:26:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-05 17:26

Pre-Run: 55,804,788,736 bytes free
Post-Run: 55,721,037,824 bytes free

- - End Of File - - 3DE9DAF0EB19BC7B82D5ECBA83ADAEED




OTL.exe


All processes killed
========== OTL ==========
Error: No service named help service was found to stop!
Service\Driver key help service not found.
File C:\WINDOWS\System32\comine.exe not found.
Error: No service named WebClient was found to stop!
Service\Driver key WebClient not found.
File C:\WINDOWS\System32\inetinfo.exe not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Chris House
->Temp folder emptied: 66326 bytes
->Temporary Internet Files folder emptied: 35749 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25748183 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 25.00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 07052010_113345

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Chris House\Local Settings\Temp\hsperfdata_Chris House\3760 not found!

Registry entries deleted on Reboot...
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 6th, 2010, 5:36 pm

Hi



SystemLook

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network_Server
    
    :service
    Network_Server

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Check a file
  • Go to VirusTotal
    c:\windows\system32\wbem\Down(0).exe
  • Copy/Paste the file above into the white Upload a file box.
  • Click Send, and the file will upload to VirusTotal, where it will be scanned by several anti-virus programmes.
    NOTE: if you receive a message stating:
    • File has already been analyzed, click Reanalyze file Now.
  • After a while, a window will open, with details of what the scans found.
  • Copy and paste the results into your next reply.



COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    KillAll::
    
    FCOPY::
    c:\windows\ERDNT\cache\qmgr.dll c:\windows\system32\qmgr.dll
    c:\windows\ERDNT\cache\qmgr.dll c:\windows\system32\dllcache\qmgr.dll
    
    File:: 
    c:\windows\Debug\UserMode\gamecc\CCProxy.exe
    c:\windows\Fonts\server.bat
    C:\WINDOWS\system32\wuauclts.exe
    c:\windows\$hf_mig$\wuauclts.exe
    
    Filelook::
    c:\windows\system32\sc.exe
    c:\windows\system32\sethc.exe
    c:\windows\Debug\UserMode\sc.exe
    c:\windows\Debug\UserMode\look.dll
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



After Combofix has rebooted and produced its logfile:


ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)




In your next reply:
  1. SystemLook.txt
  2. VirusTotal results
  3. Combofix.txt
  4. Eset Online Scan log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 7th, 2010, 12:56 am

SystemLook

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:32 on 06/07/2010 by Chris House (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network_Server]
"DisplayName"="Network_Server"
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="%SystemRoot%\system32\srvany.exe"
"ObjectName"="LocalSystem"
"Start"= 0x0000000002 (2)
"Type"= 0x0000000010 (16)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network_Server\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network_Server\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network_Server\Security]


========== service ==========

Network_Server
Network_Server
(No Description)
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: C:\WINDOWS\system32\srvany.exe
Group: (none)
SafeBoot:
Dependencies:
(none)
Dependant Services:
(none)

-=End Of File=-


VirusTotal:


a-squared 5.0.0.31 2010.07.07 Trojan-Dropper.Delf!IK
AhnLab-V3 2010.07.07.00 2010.07.06 Backdoor/Win32.Hupigon
AntiVir 8.2.4.10 2010.07.07 BDS/Hupigon.Gen
Antiy-AVL 2.0.3.7 2010.07.06 -
Authentium 5.2.0.5 2010.07.07 W32/Hupigon.C.gen!Eldorado
Avast 4.8.1351.0 2010.07.06 Win32:Crypt-ECL
Avast5 5.0.332.0 2010.07.06 Win32:Crypt-ECL
AVG 9.0.0.836 2010.07.06 -
BitDefender 7.2 2010.07.07 Packer.Cryptocrack.A
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.07 -
Comodo 5344 2010.07.07 Heur.Pck.CRYPToCRACk
DrWeb 5.0.2.03300 2010.07.07 BackDoor.Pigeon.49698
eSafe 7.0.17.0 2010.07.06 Win32.BDSHupigon
eTrust-Vet 36.1.7689 2010.07.06 -
F-Prot 4.6.1.107 2010.07.07 W32/Hupigon.C.gen!Eldorado
F-Secure 9.0.15370.0 2010.07.07 Packer.Cryptocrack.A
Fortinet 4.1.133.0 2010.07.04 -
GData 21 2010.07.07 Packer.Cryptocrack.A
Ikarus T3.1.1.84.0 2010.07.07 Trojan-Dropper.Delf
Jiangmin 13.0.900 2010.07.06 Backdoor/Hupigon.bevr
Kaspersky 7.0.0.125 2010.07.07 Backdoor.Win32.Hupigon.aspg
McAfee 5.400.0.1158 2010.07.07 Artemis!21BE45DD4023
McAfee-GW-Edition 2010.1 2010.07.05 Artemis!21BE45DD4023
Microsoft 1.5902 2010.07.06 Backdoor:Win32/Blackhole.U
NOD32 5257 2010.07.07 -
Norman 6.05.11 2010.07.06 Overpacked.gen3.dam
nProtect 2010-07-06.01 2010.07.07 Packer.Cryptocrack.A
Panda 10.0.2.7 2010.07.06 Malicious Packer
PCTools 7.0.3.5 2010.07.07 HeurEngine.Packed-CryptoCrack
Prevx 3.0 2010.07.07 High Risk Cloaked Malware
Rising 22.55.02.01 2010.07.07 -
Sophos 4.54.0 2010.07.07 Sus/UnkPack-C
Sunbelt 6554 2010.07.07 Trojan.Win32.Packer.PEProtectorV0.9.3 (v)
Symantec 20101.1.0.89 2010.07.06 Packed.Generic.48
TheHacker 6.5.2.1.309 2010.07.06 Backdoor/Hupigon.aspg
TrendMicro 9.120.0.1004 2010.07.07 BKDR_HUPIGO.ATW
TrendMicro-HouseCall 9.120.0.1004 2010.07.07 BKDR_HUPIGO.ATW
VBA32 3.12.12.5 2010.07.05 Backdoor.Win32.BlackHole.cik
ViRobot 2010.6.29.3912 2010.07.07 Backdoor.Win32.Hupigon.195072.C
VirusBuster 5.0.27.0 2010.07.06 -
Additional information
File size: 195072 bytes
MD5...: 21be45dd4023768b544e909b7709923b
SHA1..: b67db86dee0479d4bb02b129317128f195cd880e
SHA256: cdb3791edf4a33f04ec83dc5a42fa55cf9cc5a3830d9de452087a39ebf3bac50
ssdeep: 3072:+Yj0A7JxzEwmTg40kmjRUSdjz3P5ho/t5OQeYs3Tp7HuLGp3i/iSPzuT:DH
AUXBjnP5h0tUQrCTp7OLGJciS7uT
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x8a000
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 30 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x46000 0x1d200 8.00 dcf126caad8d0bcd69eacb2166a37948
DATA 0x47000 0x9000 0x5000 7.99 298f0a3d2c07d04a6a112826a3a45d8c
BSS 0x50000 0x4000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x54000 0x2000 0x1000 7.93 55b01e618df6b48e4134b085cc80d80d
.tls 0x56000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x57000 0x1000 0x400 7.34 04a7d9dbc11703ddacd4e8661b75f801
.reloc 0x58000 0x5000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x5d000 0x4000 0x1400 6.71 1fb43f615bf46b69a6ea6c94a29288ed
.Amoeba 0x61000 0x1000 0x400 7.79 1a091d7c78fd9f8c8685d4021b2b4d7d
.aspack 0x62000 0x3000 0x1200 7.96 e941de201aa95f16a0058c13e58c2ff8
.adata 0x65000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x66000 0x3000 0x1000 7.93 8df785a42adf711f3df2c34a895910cf
.adata 0x69000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x6a000 0x3000 0x1000 7.94 f1785f0617f4f4b2e41ecab56fdad34a
.adata 0x6d000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x6e000 0x3000 0x1000 7.93 b4959e96c258be8fe8ddceb689e10afd
.adata 0x71000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x72000 0x3000 0xe00 7.95 8015cfd756a7f51cd618b2da35843bd6
.adata 0x75000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x76000 0x3000 0xe00 7.94 3f1e9db1bf56f36ca513792667b7beaf
.adata 0x79000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x7a000 0x3000 0xe00 7.94 d18613c1c40c905cbebbb05462c81f8b
.adata 0x7d000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x7e000 0x3000 0xe00 7.94 725ce4cc480c695833eda8f3ca506ee4
.adata 0x81000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x82000 0x3000 0xe00 7.93 d5c489f7cb28e73e5eb1c8be67c95579
.adata 0x85000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.aspack 0x86000 0x3000 0x2200 7.71 5fe309ff43fb9d304be2d3c9278795b8
.adata 0x89000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.ccp3p 0x8a000 0x1000 0x600 7.20 9d2ce2ed5ed8563437c52fb7ab797bf1

( 1 imports )
> kernel32.dll: FatalExit

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Dynamic Link Library (generic) (55.4%)
Win16/32 Executable Delphi generic (15.1%)
Generic Win/DOS Executable (14.6%)
DOS Executable Generic (14.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): Cryptocrack, ASPack, ASPack, ASPack, ASPack, ASPack, ASPack, ASPack, ASPack, ASPack, ASPack
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Cryptocrack, Aspack
packers (Authentium): Cryptocrack, Aspack
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=7AA3ED28003E5404FA3402667427AB00E769C007' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=7AA3ED28003E5404FA3402667427AB00E769C007</a>
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 7th, 2010, 12:57 am

ComboFix


ComboFix 10-07-06.02 - Chris House 07/06/2010 22:43:53.3.2 - x86
Running from: c:\documents and settings\Chris House\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris House\Desktop\CFScript.txt

FILE ::
"c:\windows\$hf_mig$\wuauclts.exe"
"c:\windows\Debug\UserMode\gamecc\CCProxy.exe"
"c:\windows\Fonts\server.bat"
"c:\windows\system32\wuauclts.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\$hf_mig$\wuauclts.exe
c:\windows\Debug\UserMode\gamecc\CCProxy.exe
c:\windows\Fonts\server.bat
c:\windows\system32\wuauclts.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-07-02 17:14 . 2010-07-02 17:14 -------- d-----w- C:\_OTL
2010-06-28 18:42 . 2010-06-28 18:42 388096 ----a-r- c:\documents and settings\Chris House\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-28 18:42 . 2010-06-28 18:42 -------- d-----w- c:\program files\Trend Micro
2010-06-26 21:47 . 2010-06-26 21:53 -------- d-----w- c:\documents and settings\Chris House\Application Data\Uniblue
2010-06-10 09:01 . 2010-06-10 09:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-10 09:01 . 2010-06-10 09:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-06-10 04:12 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 21:04 . 2009-11-10 00:04 0 ----a-w- c:\documents and settings\Chris House\Local Settings\Application Data\prvlcl.dat
2010-07-04 02:06 . 2009-07-15 19:15 -------- d-----w- c:\documents and settings\Chris House\Application Data\Vso
2010-07-03 20:55 . 2010-02-07 22:57 -------- d-----w- c:\documents and settings\Chris House\Application Data\vlc
2010-07-02 17:24 . 2010-01-17 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-26 22:08 . 2010-02-05 05:39 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-26 22:08 . 2009-07-15 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-26 22:07 . 2009-07-15 19:15 -------- d-----w- c:\program files\VSO
2010-06-26 22:07 . 2009-07-15 19:15 47360 ----a-w- c:\documents and settings\Chris House\Application Data\pcouffin.sys
2010-06-26 22:07 . 2009-07-15 19:15 47360 ----a-w- c:\documents and settings\Chris House\Application Data\pcouffin.sys
2010-06-26 22:06 . 2010-02-28 05:04 -------- d-----w- c:\program files\eGames
2010-06-26 17:35 . 2009-09-18 22:49 256 ----a-w- c:\windows\system32\pool.bin
2010-06-10 09:20 . 2010-01-26 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-07 03:23 . 2010-06-06 17:44 -------- d-----w- c:\program files\JDownloader
2010-06-06 18:01 . 2010-06-01 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-06 18:01 . 2010-06-01 23:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 17:24 . 2009-07-15 20:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 15:40 . 2009-07-15 18:55 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 15:40 . 2009-07-15 18:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 22:38 . 2009-11-06 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-24 20:41 . 2010-05-24 20:36 -------- d-----w- c:\program files\Ultra Video Joiner
2010-05-19 00:56 . 2009-08-24 14:17 -------- d-----w- c:\documents and settings\Chris House\Application Data\dvdcss
2010-05-09 04:16 . 2009-07-31 17:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-06 10:36 . 2009-07-14 19:40 919040 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 18:04 . 2009-07-14 19:40 1860352 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 21:39 . 2010-01-17 19:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39 . 2010-01-17 19:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-10 17:06 . 2010-02-03 23:53 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-04-10 17:06 . 2010-02-03 23:53 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-04-10 17:05 . 2010-02-03 23:51 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-01-23 05:33 . 2009-07-15 17:02 21580288 --sha-w- c:\windows\system32\qmgr.dll
2009-07-14 19:38 . 2009-07-14 19:38 35328 --sha-w- c:\windows\system32\sc.exe
2009-06-19 04:11 . 2008-04-14 12:00 106859 --sha-r- c:\windows\system32\sethc.exe
2010-01-23 05:33 . 2009-07-15 17:02 21580288 -csha-w- c:\windows\system32\dllcache\qmgr.dll
2009-12-15 02:17 . 2009-12-14 00:47 3266848 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-15 02:17 . 2009-12-14 00:47 25376 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\Debug\UserMode\look.dll ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 11264
Created time: 2010-01-29 16:33
Modified time: 2006-02-02 23:58
MD5: 45C0D88990386CCB357C1EFB74EF05B6
SHA1: 0BA618B1C0E61298D18DD68B58AF746DC7EC06F8


--- c:\windows\Debug\UserMode\sc.exe ---
Company: Microsoft Corporation
File Description: A tool to aid in developing services for WindowsNT
File Version: 5.00.1932.1
Product Name: Microsoft(R) Windows (R) 2000 Operating System
Copyright: Copyright (C) Microsoft Corp. 1981-1998
Original Filename: sc.exe
File size: 63488
Created time: 2010-01-29 16:33
Modified time: 2006-02-02 23:58
MD5: 36A1BC33A920A3120BCADCC6AEFF9C5E
SHA1: 7BBADF74F3028EC14CF680F189839A70039D2F79


--- c:\windows\system32\sc.exe ---
Company: Microsoft Corporation
File Description: A tool to aid in developing services for WindowsNT
File Version: 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: sc.exe
File size: 35328
Created time: 2009-07-14 19:38
Modified time: 2009-07-14 19:38
MD5: FB6A2AD43B478FC9E306C32DF975DE50
SHA1: 77EDFC3F8A61548AC0B8C8DC019A90D86A1CB9F7


--- c:\windows\system32\sethc.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 106859
Created time: 2008-04-14 12:00
Modified time: 2009-06-19 04:11
MD5: 60FFD5E9B69CCD3182E2C127B540CD51
SHA1: 085FF760586E4D6B1BB1CBFCC24783C84648B417


------- Sigcheck -------

[-] 2010-01-23 05:33 . 4A8E7E8B7D8FAD9F2F3F166D0471CC9E . 21580288 . . [1.0.0.1] . . c:\windows\system32\qmgr.dll
[-] 2010-01-23 05:33 . 4A8E7E8B7D8FAD9F2F3F166D0471CC9E . 21580288 . . [1.0.0.1] . . c:\windows\system32\dllcache\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-07-05_17.22.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-07 04:49 . 2010-07-07 04:49 16384 c:\windows\temp\Perflib_Perfdata_768.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-21 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-21 86016]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-11 23:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris House^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Chris House\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 17:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 15:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 19:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 21:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 08:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-21 01:58 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 18:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Plazmic CDK 4.7\\_jvm\\bin\\javaw.exe"=
"c:\\Program Files\\Plazmic CDK 4.7\\_jvm\\bin\\java.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 5.0.0\\5.0.0.252 (9500)\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 4.7.0\\4.7.0.76 (9530)\\fledge.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R1 SuperMounter;SuperMounter; [x]
R2 Network_Server;Network_Server;c:\windows\system32\srvany.exe [2009-05-04 15360]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2009-04-02 16512]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-11 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-02 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-11 308064]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2009-06-17 10384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: &Search
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 22:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(852)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2010-07-06 22:54:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-07 04:54
ComboFix2.txt 2010-07-05 17:26

Pre-Run: 55,261,163,520 bytes free
Post-Run: 55,256,920,064 bytes free

- - End Of File - - 44027AFE5202331846EAA54022568F86
Last edited by kayakman on July 7th, 2010, 11:22 am, edited 1 time in total.
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 7th, 2010, 1:24 am

ESET scan is taking a long time. I will post results in the morning.
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 7th, 2010, 11:22 am

ESET Scanner:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=219d7f0ea746374fb87bb10f9f5c92fb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-07 06:07:08
# local_time=2010-07-07 12:07:08 (-0600, Canada Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 641944 641944 0 0
# compatibility_mode=1024 16777191 100 0 9358328 9358328 0 0
# compatibility_mode=2048 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=75623
# found=13
# cleaned=0
# scan_time=3916
C:\Documents and Settings\Administrator\Application Data\esnvt\esnvt.dll probably a variant of Win32/Redosdru.AW trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Chris House\Desktop\Unused\Magic DVD Ripper 5.4.0.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Program Files\AVG\wuauclts.exe a variant of Win32/CCProxy application 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\wuauclts.exe a variant of Win32/CCProxy application 00000000000000000000000000000000 I
C:\Program Files\Replay Media Catcher\MediaCatcher.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\[4]-Submit_2010-07-06_22.43.37.zip a variant of Win32/CCProxy application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir a variant of Win32/Kryptik.ADD trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\msb.exe.vir a variant of Win32/Kryptik.ADD trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\msc.exe.vir a variant of Win32/Kryptik.ADD trojan 00000000000000000000000000000000 I
C:\WINDOWS\run2.vbs probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\qmgr.dll a variant of Win32/Delf.NPP trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\dllcache\qmgr.dll a variant of Win32/Delf.NPP trojan 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\07052010_110714\C_WINDOWS\system32\inetinfo.exe a variant of Win32/CCProxy application 00000000000000000000000000000000 I
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 7th, 2010, 1:15 pm

Hi

Did you create this service yourself?
Network_Server



Check a file
  • Go to VirusTotal
    c:\windows\system32\sethc.exe
  • Copy/Paste the file above into the white Upload a file box.
  • Click Send file, and the file will upload to VirusTotal where it will be scanned by several anti-virus programmes.
    NOTE: if you receive a message stating:
    • File has already been analyzed, click Reanalyze file Now.
  • After a while, a window will open, with details of what the scans found.
  • Copy and paste the results into your next reply.



COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File:: 
    C:\Documents and Settings\Administrator\Application Data\esnvt\esnvt.dll
    C:\Program Files\AVG\wuauclts.exe
    C:\Program Files\AVG\AVG9\wuauclts.exe
    C:\WINDOWS\run2.vbs
    c:\windows\Debug\UserMode\look.dll
    c:\windows\Debug\UserMode\sc.exe
    c:\windows\system32\wbem\Down(0).exe
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

======================

After combofix has rebooted and the logfile has been produced:


The Avenger

  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy the text inside the codebox below to the clipboard by highlighting it and then pressing Ctrl+C. (DO NOT include Code: )
    Code: Select all
    Files to move:
    c:\windows\ERDNT\cache\qmgr.dll | c:\windows\system32\qmgr.dll
    c:\windows\ERDNT\cache\qmgr.dll | c:\windows\system32\dllcache\qmgr.dll
    
  • In the avenger window, click the Paste Script from Clipboard, Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at:
    %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.


In your next reply:
  1. VirusTotal results
  2. combofix.txt
  3. avenger.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 7th, 2010, 10:40 pm

No i did not add Network_Setup


VirusTotal



a-squared 5.0.0.31 2010.07.08 -
AhnLab-V3 2010.07.08.00 2010.07.07 -
AntiVir 8.2.4.10 2010.07.07 -
Antiy-AVL 2.0.3.7 2010.07.08 -
Authentium 5.2.0.5 2010.07.08 -
Avast 4.8.1351.0 2010.07.07 -
Avast5 5.0.332.0 2010.07.07 -
AVG 9.0.0.836 2010.07.08 -
BitDefender 7.2 2010.07.08 -
CAT-QuickHeal 11.00 2010.07.07 -
ClamAV 0.96.0.3-git 2010.07.08 -
Comodo 5354 2010.07.08 -
DrWeb 5.0.2.03300 2010.07.08 -
eSafe 7.0.17.0 2010.07.07 -
eTrust-Vet 36.1.7691 2010.07.07 -
F-Prot 4.6.1.107 2010.07.07 -
F-Secure 9.0.15370.0 2010.07.08 -
Fortinet 4.1.133.0 2010.07.07 -
GData 21 2010.07.08 -
Ikarus T3.1.1.84.0 2010.07.08 -
Jiangmin 13.0.900 2010.07.07 -
Kaspersky 7.0.0.125 2010.07.08 -
McAfee 5.400.0.1158 2010.07.08 Artemis!60FFD5E9B69C
McAfee-GW-Edition 2010.1 2010.07.05 Heuristic.LooksLike.Win32.Chifrax.I
Microsoft 1.5902 2010.07.08 -
NOD32 5260 2010.07.07 -
Norman 6.05.11 2010.07.07 -
nProtect 2010-07-07.02 2010.07.07 -
Panda 10.0.2.7 2010.07.07 -
PCTools 7.0.3.5 2010.07.07 -
Prevx 3.0 2010.07.08 -
Rising 22.55.02.04 2010.07.07 -
Sophos 4.54.0 2010.07.08 -
Sunbelt 6557 2010.07.07 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.07.07 -
TheHacker 6.5.2.1.309 2010.07.07 -
TrendMicro 9.120.0.1004 2010.07.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.08 -
VBA32 3.12.12.6 2010.07.07 -
ViRobot 2010.6.29.3912 2010.07.08 -
VirusBuster 5.0.27.0 2010.07.07 -
Additional information
File size: 106859 bytes
MD5...: 60ffd5e9b69ccd3182e2c127b540cd51
SHA1..: 085ff760586e4d6b1bb1cbfcc24783c84648b417
SHA256: e8653425d9e737a75c99b82c3b40ad1145fde566c0d8ebc0692c871695d4e0d3
ssdeep: 3072:twxVMhOC/dTDbq91+mno3t4QZQ3rt8iJkTs:tTfFDbRnOTrt5JEs
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x48cfc008 (Tue Sep 16 14:17:44 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x14000 0x13a00 6.48 d9c3b0b82d7da6d18b0896fb360cea84
.data 0x15000 0x8000 0xa00 4.93 568dd221456d807ca821813c84d65e70
.idata 0x1d000 0x2000 0x1200 4.79 bc7806e1c1ce9ebfd00ad834c1f7a647
.rsrc 0x1f000 0x4000 0x3c00 4.70 c2941ee253aef92319f64ef6b5fd8bda

( 8 imports )
> ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, SetFileSecurityA, SetFileSecurityW
> KERNEL32.DLL: CloseHandle, CompareStringA, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, ExpandEnvironmentStringsA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FreeLibrary, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetDateFormatA, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocaleInfoA, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetNumberFormatA, GetProcAddress, GetProcessHeap, GetStdHandle, GetSystemTime, GetTempPathA, GetTickCount, GetTimeFormatA, GetVersionExA, GlobalAlloc, HeapAlloc, HeapFree, HeapReAlloc, IsDBCSLeadByte, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, MultiByteToWideChar, ReadFile, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetLastError, Sleep, SystemTimeToFileTime, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpiA, lstrlenA
> COMCTL32.DLL: -
> COMDLG32.DLL: CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA
> GDI32.DLL: DeleteObject
> SHELL32.DLL: SHBrowseForFolderA, SHChangeNotify, SHFileOperationA, SHGetFileInfoA, SHGetMalloc, SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA
> USER32.DLL: CharToOemA, CharToOemBuffA, CharUpperA, CopyRect, CreateWindowExA, DefWindowProcA, DestroyIcon, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, FindWindowExA, GetClassNameA, GetClientRect, GetDlgItem, GetDlgItemTextA, GetMessageA, GetParent, GetSysColor, GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowRect, GetWindowTextA, IsWindow, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadIconA, LoadStringA, MapWindowPoints, MessageBoxA, OemToCharA, OemToCharBuffA, PeekMessageA, PostMessageA, RegisterClassExA, SendDlgItemMessageA, SendMessageA, SetDlgItemTextA, SetFocus, SetMenu, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow, WaitForInputIdle, wsprintfA, wvsprintfA
> OLE32.DLL: CLSIDFromString, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize

( 0 exports )
RDS...: NSRL Reference Data Set
-
trid..: WinRAR Self Extracting archive (95.7%)
Win32 Executable Generic (1.5%)
Win32 Dynamic Link Library (generic) (1.4%)
Win32 Executable Watcom C++ (generic) (0.4%)
Generic Win/DOS Executable (0.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_respon ... 23-0550-99
packers (F-Prot): RAR
pdfid.: -
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 7th, 2010, 10:53 pm

ComboFix:

ComboFix 10-07-06.02 - Chris House 07/07/2010 20:43:03.4.2 - x86
Running from: c:\documents and settings\Chris House\Desktop\Virus Fix\ComboFix.exe
Command switches used :: c:\documents and settings\Chris House\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\Administrator\Application Data\esnvt\esnvt.dll"
"c:\program files\AVG\AVG9\wuauclts.exe"
"c:\program files\AVG\wuauclts.exe"
"c:\windows\Debug\UserMode\look.dll"
"c:\windows\Debug\UserMode\sc.exe"
"c:\windows\run2.vbs"
"c:\windows\system32\wbem\Down(0).exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\esnvt\esnvt.dll
c:\program files\AVG\AVG9\wuauclts.exe
c:\program files\AVG\wuauclts.exe
c:\windows\Debug\UserMode\look.dll
c:\windows\Debug\UserMode\sc.exe
c:\windows\run2.vbs
c:\windows\system32\wbem\Down(0).exe

.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-07 04:58 . 2010-07-07 04:58 -------- d-----w- c:\program files\ESET
2010-07-02 17:14 . 2010-07-02 17:14 -------- d-----w- C:\_OTL
2010-06-28 18:42 . 2010-06-28 18:42 388096 ----a-r- c:\documents and settings\Chris House\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-28 18:42 . 2010-06-28 18:42 -------- d-----w- c:\program files\Trend Micro
2010-06-26 21:47 . 2010-06-26 21:53 -------- d-----w- c:\documents and settings\Chris House\Application Data\Uniblue
2010-06-10 09:01 . 2010-06-10 09:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-10 09:01 . 2010-06-10 09:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-06-10 04:12 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 02:47 . 2009-07-15 18:55 -------- d-----w- c:\program files\AVG
2010-07-07 21:04 . 2009-11-10 00:04 0 ----a-w- c:\documents and settings\Chris House\Local Settings\Application Data\prvlcl.dat
2010-07-07 18:17 . 2009-07-15 19:15 -------- d-----w- c:\documents and settings\Chris House\Application Data\Vso
2010-07-03 20:55 . 2010-02-07 22:57 -------- d-----w- c:\documents and settings\Chris House\Application Data\vlc
2010-07-02 17:24 . 2010-01-17 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-26 22:08 . 2010-02-05 05:39 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-26 22:08 . 2009-07-15 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-26 22:07 . 2009-07-15 19:15 -------- d-----w- c:\program files\VSO
2010-06-26 22:07 . 2009-07-15 19:15 47360 ----a-w- c:\documents and settings\Chris House\Application Data\pcouffin.sys
2010-06-26 22:07 . 2009-07-15 19:15 47360 ----a-w- c:\documents and settings\Chris House\Application Data\pcouffin.sys
2010-06-26 22:06 . 2010-02-28 05:04 -------- d-----w- c:\program files\eGames
2010-06-26 17:35 . 2009-09-18 22:49 256 ----a-w- c:\windows\system32\pool.bin
2010-06-10 09:20 . 2010-01-26 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-07 03:23 . 2010-06-06 17:44 -------- d-----w- c:\program files\JDownloader
2010-06-06 18:01 . 2010-06-01 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-06 18:01 . 2010-06-01 23:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 17:24 . 2009-07-15 20:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 15:40 . 2009-07-15 18:55 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 15:40 . 2009-07-15 18:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 22:38 . 2009-11-06 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-24 20:41 . 2010-05-24 20:36 -------- d-----w- c:\program files\Ultra Video Joiner
2010-05-19 00:56 . 2009-08-24 14:17 -------- d-----w- c:\documents and settings\Chris House\Application Data\dvdcss
2010-05-09 04:16 . 2009-07-31 17:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-06 10:36 . 2009-07-14 19:40 919040 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 18:04 . 2009-07-14 19:40 1860352 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 21:39 . 2010-01-17 19:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39 . 2010-01-17 19:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-10 17:06 . 2010-02-03 23:53 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-04-10 17:06 . 2010-02-03 23:53 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-04-10 17:05 . 2010-02-03 23:51 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-01-23 05:33 . 2009-07-15 17:02 21580288 --sha-w- c:\windows\system32\qmgr.dll
2009-07-14 19:38 . 2009-07-14 19:38 35328 --sha-w- c:\windows\system32\sc.exe
2009-06-19 04:11 . 2008-04-14 12:00 106859 --sha-r- c:\windows\system32\sethc.exe
2010-01-23 05:33 . 2009-07-15 17:02 21580288 -csha-w- c:\windows\system32\dllcache\qmgr.dll
2009-12-15 02:17 . 2009-12-14 00:47 3266848 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-15 02:17 . 2009-12-14 00:47 25376 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[-] 2010-01-23 05:33 . 4A8E7E8B7D8FAD9F2F3F166D0471CC9E . 21580288 . . [1.0.0.1] . . c:\windows\system32\qmgr.dll
[-] 2010-01-23 05:33 . 4A8E7E8B7D8FAD9F2F3F166D0471CC9E . 21580288 . . [1.0.0.1] . . c:\windows\system32\dllcache\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-07-05_17.22.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-08 02:36 . 2010-07-08 02:36 16384 c:\windows\temp\Perflib_Perfdata_6d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-21 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-21 86016]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-11 23:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris House^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Chris House\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 17:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 15:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 19:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 21:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 08:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-21 01:58 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 18:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Plazmic CDK 4.7\\_jvm\\bin\\javaw.exe"=
"c:\\Program Files\\Plazmic CDK 4.7\\_jvm\\bin\\java.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 5.0.0\\5.0.0.252 (9500)\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 4.7.0\\4.7.0.76 (9530)\\fledge.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R1 SuperMounter;SuperMounter; [x]
R2 Network_Server;Network_Server;c:\windows\system32\srvany.exe [2009-05-04 15360]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2009-04-02 16512]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-11 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-02 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-11 308064]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2009-06-17 10384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 20:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-07-07 20:49:59
ComboFix-quarantined-files.txt 2010-07-08 02:49
ComboFix2.txt 2010-07-07 04:54
ComboFix3.txt 2010-07-05 17:26

Pre-Run: 55,461,646,336 bytes free
Post-Run: 55,452,590,080 bytes free

- - End Of File - - 24022D719CEAE16A8EB79D303902A99B
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 7th, 2010, 11:00 pm

Avenger


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\windows\ERDNT\cache\qmgr.dll|c:\windows\system32\qmgr.dll" completed successfully.

Error: file "c:\windows\ERDNT\cache\qmgr.dll" not found!
File move operation "c:\windows\ERDNT\cache\qmgr.dll|c:\windows\system32\dllcache\qmgr.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 8th, 2010, 2:58 am

Hi

SystemLook

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    qmgr.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    KillAll::
    
    File:: 
    c:\windows\system32\sethc.exe
    c:\windows\system32\srvany.exe 
    
    Driver:: 
    Network_Server

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 8th, 2010, 2:13 pm

SystemLook:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 11:56 on 08/07/2010 by Chris House (Administrator - Elevation successful)

========== filefind ==========

Searching for "qmgr.dll"
C:\WINDOWS\system32\dllcache\qmgr.dll --ahsc 21580288 bytes [17:02 15/07/2009] [05:33 23/01/2010] 4A8E7E8B7D8FAD9F2F3F166D0471CC9E
C:\WINDOWS\system32\qmgr.dll --a--- 409088 bytes [17:02 15/07/2009] [12:00 14/04/2008] 574738F61FCA2935F5265DC4E5691314

-=End Of File=-

ComboFix:


ComboFix 10-07-07.02 - Chris House 07/08/2010 12:02:36.5.2 - x86
Running from: c:\documents and settings\Chris House\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris House\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\sethc.exe"
"c:\windows\system32\srvany.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sethc.exe
c:\windows\system32\srvany.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Network_Server


((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-07 04:58 . 2010-07-07 04:58 -------- d-----w- c:\program files\ESET
2010-07-02 17:14 . 2010-07-02 17:14 -------- d-----w- C:\_OTL
2010-06-28 18:42 . 2010-06-28 18:42 388096 ----a-r- c:\documents and settings\Chris House\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-28 18:42 . 2010-06-28 18:42 -------- d-----w- c:\program files\Trend Micro
2010-06-26 21:47 . 2010-06-26 21:53 -------- d-----w- c:\documents and settings\Chris House\Application Data\Uniblue
2010-06-10 09:01 . 2010-06-10 09:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-10 09:01 . 2010-06-10 09:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-06-10 04:12 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 02:47 . 2009-07-15 18:55 -------- d-----w- c:\program files\AVG
2010-07-07 21:04 . 2009-11-10 00:04 0 ----a-w- c:\documents and settings\Chris House\Local Settings\Application Data\prvlcl.dat
2010-07-07 18:17 . 2009-07-15 19:15 -------- d-----w- c:\documents and settings\Chris House\Application Data\Vso
2010-07-03 20:55 . 2010-02-07 22:57 -------- d-----w- c:\documents and settings\Chris House\Application Data\vlc
2010-07-02 17:24 . 2010-01-17 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-26 22:08 . 2010-02-05 05:39 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-26 22:08 . 2009-07-15 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-26 22:07 . 2009-07-15 19:15 -------- d-----w- c:\program files\VSO
2010-06-26 22:07 . 2009-07-15 19:15 47360 ----a-w- c:\documents and settings\Chris House\Application Data\pcouffin.sys
2010-06-26 22:07 . 2009-07-15 19:15 47360 ----a-w- c:\documents and settings\Chris House\Application Data\pcouffin.sys
2010-06-26 22:06 . 2010-02-28 05:04 -------- d-----w- c:\program files\eGames
2010-06-26 17:35 . 2009-09-18 22:49 256 ----a-w- c:\windows\system32\pool.bin
2010-06-10 09:20 . 2010-01-26 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-07 03:23 . 2010-06-06 17:44 -------- d-----w- c:\program files\JDownloader
2010-06-06 18:01 . 2010-06-01 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-06 18:01 . 2010-06-01 23:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 17:24 . 2009-07-15 20:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 15:40 . 2009-07-15 18:55 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 15:40 . 2009-07-15 18:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 22:38 . 2009-11-06 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-24 20:41 . 2010-05-24 20:36 -------- d-----w- c:\program files\Ultra Video Joiner
2010-05-19 00:56 . 2009-08-24 14:17 -------- d-----w- c:\documents and settings\Chris House\Application Data\dvdcss
2010-05-06 10:36 . 2009-07-14 19:40 919040 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 18:04 . 2009-07-14 19:40 1860352 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 21:39 . 2010-01-17 19:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39 . 2010-01-17 19:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-10 17:06 . 2010-02-03 23:53 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-04-10 17:06 . 2010-02-03 23:53 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-04-10 17:05 . 2010-02-03 23:51 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-07-14 19:38 . 2009-07-14 19:38 35328 --sha-w- c:\windows\system32\sc.exe
2010-01-23 05:33 . 2009-07-15 17:02 21580288 -csha-w- c:\windows\system32\dllcache\qmgr.dll
2009-12-15 02:17 . 2009-12-14 00:47 3266848 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-15 02:17 . 2009-12-14 00:47 25376 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( SnapShot_2010-07-05_17.22.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-08 18:07 . 2010-07-08 18:07 16384 c:\windows\temp\Perflib_Perfdata_6c4.dat
+ 2009-07-15 17:02 . 2008-04-14 12:00 409088 c:\windows\system32\qmgr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-21 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-21 86016]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-11 23:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris House^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Chris House\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 17:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 15:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 19:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 21:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 08:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-21 01:58 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 18:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Plazmic CDK 4.7\\_jvm\\bin\\javaw.exe"=
"c:\\Program Files\\Plazmic CDK 4.7\\_jvm\\bin\\java.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 5.0.0\\5.0.0.252 (9500)\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 4.7.0\\4.7.0.76 (9530)\\fledge.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R1 SuperMounter;SuperMounter; [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2009-04-02 16512]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-11 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-02 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-11 308064]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2009-06-17 10384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: &Search
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 12:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3544)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2010-07-08 12:12:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-08 18:12
ComboFix2.txt 2010-07-08 02:49
ComboFix3.txt 2010-07-07 04:54
ComboFix4.txt 2010-07-05 17:26

Pre-Run: 55,398,150,144 bytes free
Post-Run: 55,441,944,576 bytes free

- - End Of File - - DEE5B0CCDB3DD2DD6560D06F6F2A9A05
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 8th, 2010, 6:59 pm

Hi

Good. Give me an update on how things are running after completing the instructions below.

Considering the serious nature of your infections (the backdoors), I think it prudent to get a further online scan and a full MBAM scan. Again I would re-iterate my earlier advice that there is no way to be totally sure your computer can be trusted and that the best course of action would ultimately be a reformat and reinstall of the OS.


If at any point you are prompted to update combofix, please do so.

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    FCOPY::
    c:\windows\system32\qmgr.dll | c:\windows\ERDNT\cache\qmgr.dll
    c:\windows\system32\qmgr.dll | c:\windows\system32\dllcache\qmgr.dll

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



SystemLook

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :file
    c:\windows\system32\qmgr.dll 
    c:\windows\system32\dllcache\qmgr.dll
    c:\windows\ERDNT\cache\qmgr.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform full scan, then click Scan. (Ensure ALL Drives are checked)
  • Click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items except items in the C:\System Volume Information folder... then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply
Please refer to this animation if you need further help.




In your next reply:
  1. combofix.txt
  2. Systemlook.txt
  3. MBAM log
  4. Kaspersky scan log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 490 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware