Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast keeps detecting Malware


  • Please log in to reply

#1
Aliyah

Aliyah

    New Member

  • Member
  • Pip
  • 3 posts
Hi,

This problem has been persisting for some time now. My Avast antivirus keeps detecting malware. When I try to delete it or move to chest, I get the same message again. Recently, my Avast has stopped popping up these message so frequently, but I am absolutely positive that I still have a lot of viruses. Malwarebytes isn't detecting anything.

Any help would be appreciated.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,678 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
Aliyah

Aliyah

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OTL logfile created on: 08.05.2011 19:24:03 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Admin\Мои документы\Загрузки
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

1 023,00 Mb Total Physical Memory | 112,00 Mb Available Physical Memory | 11,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 18,98 Gb Free Space | 38,87% Space Free | Partition Type: NTFS
Drive D: | 249,25 Gb Total Space | 158,62 Gb Free Space | 63,64% Space Free | Partition Type: NTFS
Drive E: | 321,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MICROSOF-2F9099 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.05.08 19:22:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Мои документы\Загрузки\OTL.exe
PRC - [2011.05.08 14:01:14 | 000,284,880 | ---- | M] () -- C:\WINDOWS\Temp\GuardGuard.exe
PRC - [2011.05.07 17:00:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.05.06 23:21:41 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011.04.11 18:11:55 | 001,472,720 | ---- | M] () -- C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
PRC - [2011.01.13 12:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.01.13 12:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.12.24 00:42:52 | 012,319,424 | ---- | M] (Mail.Ru) -- C:\Program Files\Mail.Ru\Agent\magent.exe
PRC - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.06.07 13:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010.05.14 10:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.02.12 18:35:06 | 003,276,288 | ---- | M] (The Author of QIP) -- D:\QIP\qip.exe
PRC - [2009.02.09 15:18:41 | 000,111,104 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\services.exe
PRC - [2008.12.25 22:59:10 | 001,721,344 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.15 17:00:00 | 000,509,440 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008.04.15 17:00:00 | 000,050,688 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\smss.exe
PRC - [2008.04.15 17:00:00 | 000,038,912 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\cmmon32.exe
PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe


========== Modules (SafeList) ==========

MOD - [2011.05.08 19:22:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Мои документы\Загрузки\OTL.exe
MOD - [2011.01.21 18:44:10 | 008,479,744 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\shell32.dll
MOD - [2011.01.13 12:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010.12.09 19:15:49 | 000,722,432 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2010.08.23 20:12:35 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010.07.16 16:00:53 | 001,287,680 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\ole32.dll
MOD - [2009.12.08 13:25:26 | 000,474,112 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009.03.21 18:09:06 | 000,995,840 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009.02.10 19:27:08 | 000,687,616 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008.12.25 23:00:22 | 000,579,072 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\user32.dll
MOD - [2008.12.25 22:59:04 | 000,855,040 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\comres.dll
MOD - [2008.12.25 22:55:38 | 000,219,648 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008.12.21 15:19:36 | 000,991,744 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008.04.15 17:00:00 | 000,729,600 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008.04.15 17:00:00 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll
MOD - [2008.04.15 17:00:00 | 000,297,984 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2008.04.15 17:00:00 | 000,279,040 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008.04.15 17:00:00 | 000,172,544 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008.04.15 17:00:00 | 000,146,944 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008.04.15 17:00:00 | 000,119,296 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008.04.15 17:00:00 | 000,067,584 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\srclient.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (StarWindService)
SRV - [2011.04.11 18:11:55 | 001,472,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe -- (Guard.Mail.ru)
SRV - [2011.01.13 12:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.07.28 03:19:10 | 000,135,680 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2009.07.28 03:19:10 | 000,135,680 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009.07.28 03:19:10 | 000,135,680 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009.04.20 21:08:56 | 000,045,568 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.02.10 19:27:08 | 000,687,616 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi) Расширения драйверов WMI (Windows Management Instrumentation)
SRV - [2009.02.09 15:18:41 | 000,111,104 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009.02.09 15:18:41 | 000,111,104 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008.12.25 22:54:01 | 000,483,840 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008.12.25 22:52:01 | 000,175,616 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008.12.25 22:51:41 | 000,247,296 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Служба сетевого расположения (NLA)
SRV - [2008.12.25 22:51:33 | 000,330,752 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Брандмауэр Windows/Общий доступ к Интернету (ICS)
SRV - [2008.04.15 17:00:00 | 000,436,736 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008.04.15 17:00:00 | 000,409,088 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS) Фоновая интеллектуальная служба передачи (BITS)
SRV - [2008.04.15 17:00:00 | 000,333,824 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Служба загрузки изображений (WIA)
SRV - [2008.04.15 17:00:00 | 000,295,936 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008.04.15 17:00:00 | 000,290,304 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008.04.15 17:00:00 | 000,249,856 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008.04.15 17:00:00 | 000,198,144 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008.04.15 17:00:00 | 000,193,024 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008.04.15 17:00:00 | 000,186,368 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008.04.15 17:00:00 | 000,171,008 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008.04.15 17:00:00 | 000,171,008 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV - [2008.04.15 17:00:00 | 000,150,528 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008.04.15 17:00:00 | 000,145,408 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008.04.15 17:00:00 | 000,141,824 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008.04.15 17:00:00 | 000,126,464 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008.04.15 17:00:00 | 000,126,464 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008.04.15 17:00:00 | 000,113,664 | ---- | M] (Корпорация Майкрософт) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.15 17:00:00 | 000,113,664 | ---- | M] (Корпорация Майкрософт) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.15 17:00:00 | 000,096,768 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008.04.15 17:00:00 | 000,091,648 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008.04.15 17:00:00 | 000,073,216 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008.04.15 17:00:00 | 000,024,064 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008.04.15 17:00:00 | 000,018,944 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV - [2011.01.13 12:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.01.13 12:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.01.13 12:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.01.13 12:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.01.13 12:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.01.13 12:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.05.15 23:50:14 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2009.05.15 15:12:59 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.12.25 22:54:01 | 000,080,128 | ---- | M] (Корпорация Майкрософт) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008.12.25 22:54:01 | 000,030,208 | ---- | M] (Корпорация Майкрософт) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008.12.25 22:54:01 | 000,023,296 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.17 18:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.15 17:00:00 | 000,188,288 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008.04.15 17:00:00 | 000,125,440 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2008.04.15 17:00:00 | 000,120,192 | ---- | M] (Корпорация Майкрософт) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008.04.15 17:00:00 | 000,073,472 | ---- | M] (Корпорация Майкрософт) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008.04.15 17:00:00 | 000,068,480 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008.04.15 17:00:00 | 000,065,024 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008.04.15 17:00:00 | 000,053,120 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008.04.15 17:00:00 | 000,051,968 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008.04.15 17:00:00 | 000,044,544 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008.04.15 17:00:00 | 000,037,504 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008.04.15 17:00:00 | 000,024,832 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008.04.15 17:00:00 | 000,011,776 | ---- | M] (Корпорация Майкрософт) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2008.04.15 17:00:00 | 000,006,912 | ---- | M] (Корпорация Майкрософт) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2008.04.15 17:00:00 | 000,003,328 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2008.04.15 01:11:48 | 000,058,368 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008.04.14 22:17:58 | 000,014,720 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008.01.25 20:01:06 | 000,132,096 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts3.sys -- (nvgts3)
DRV - [2007.07.12 18:43:56 | 000,042,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvefd2k.sys -- (NVENETFD)
DRV - [2006.02.26 19:02:48 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006.02.20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2001.10.19 20:33:10 | 000,012,160 | ---- | M] (Корпорация Майкрософт) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smaxi.net

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yandex.ru/?clid=123048
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?clid=174303
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.yandex.ru/?clid=123048
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yandex.ru/?clid=123048
IE - HKCU\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
IE - HKCU\..\URLSearchHook: {a4d09ede-8a9c-4090-a54d-5ada4f7fff35} - C:\Program Files\Freez_Online_TV\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.07 17:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.07 17:00:55 | 000,000,000 | ---D | M]

[2009.12.30 22:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2009.07.28 18:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0g1qeqgc.default\extensions
[2009.05.26 16:42:25 | 000,000,000 | ---D | M] (Спутник @Mail.Ru) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0g1qeqgc.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2009.05.15 22:11:24 | 000,000,000 | ---D | M] ("Text Link") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0g1qeqgc.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}
[2009.07.28 18:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0g1qeqgc.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009.05.15 22:11:25 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0g1qeqgc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.05.15 22:11:24 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0g1qeqgc.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009.07.05 19:50:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0g1qeqgc.default\extensions\[email protected]
[2009.06.23 00:04:00 | 000,000,000 | ---D | M] (ImgLikeOpera) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0g1qeqgc.default\extensions\[email protected]
[2009.07.28 18:19:46 | 000,000,000 | ---D | M] (Яндекс.Бар) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0g1qeqgc.default\extensions\[email protected]
[2009.07.28 18:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0g1qeqgc.default\extensions\[email protected]\chrome\skin\extensions-hacks
[2011.05.08 19:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\usk6az7f.default\extensions
[2011.01.12 11:08:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\usk6az7f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.24 00:42:58 | 000,000,000 | ---D | M] (Спутник @Mail.Ru) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\usk6az7f.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2011.04.11 18:42:49 | 000,000,000 | ---D | M] (BittorrentBar_RU Community Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\usk6az7f.default\extensions\{7b6de06c-7013-4a87-957e-d27d7b977d21}
[2010.12.29 23:40:07 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\usk6az7f.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
[2011.01.12 11:08:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\usk6az7f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.29 23:40:34 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\usk6az7f.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.04.11 18:42:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\usk6az7f.default\extensions\[email protected]
[2011.05.08 19:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\usk6az7f.default\extensions\staged
[2011.05.02 19:41:13 | 000,000,000 | ---D | M] (Яндекс.Бар) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\usk6az7f.default\extensions\[email protected]
[2010.09.05 19:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\usk6az7f.default\extensions\[email protected]\chrome\skin\extensions-hacks
[2011.05.07 16:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.05.07 17:00:50 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.05.07 17:00:52 | 000,002,549 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mailru.xml
[2011.05.07 17:00:52 | 000,005,568 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ozonru.xml
[2011.05.07 17:00:52 | 000,001,133 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\priceru.xml
[2010.09.15 01:16:22 | 000,001,945 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\torgmailru.xml
[2011.05.07 17:00:52 | 000,001,304 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-ru.xml
[2011.05.07 17:00:52 | 000,001,548 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yandex-slovari.xml
[2011.05.07 17:00:52 | 000,001,719 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yandex.xml

O1 HOSTS File: ([2011.05.06 23:24:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O2 - BHO: (WitBHO Class) - {9B5FB65F-631E-4564-ABF2-AD71845B28E0} - C:\Program Files\Get-Styles 2.0\ie\jsloader.dll (Trioris)
O2 - BHO: (AlterGeoBHO Class) - {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - C:\Program Files\AlterGeo\AlterGeo Magic Scanner\2.8.8.615\AlterGeo.BrowserPlugin.dll (Wi2Geo)
O2 - BHO: (My_comp4690 Toolbar) - {a4d09ede-8a9c-4090-a54d-5ada4f7fff35} - C:\Program Files\Freez_Online_TV\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKLM\..\Toolbar: (Get-Styles Toolbar) - {5BCDC9E9-A980-4B53-B2E8-60CFF484DA61} - C:\Program Files\Get-Styles 2.0\ie\toolbar.dll (Trioris)
O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (My_comp4690 Toolbar) - {a4d09ede-8a9c-4090-a54d-5ada4f7fff35} - C:\Program Files\Freez_Online_TV\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Адрес) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O3 - HKCU\..\Toolbar\WebBrowser: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKCU\..\Toolbar\WebBrowser: (My_comp4690 Toolbar) - {A4D09EDE-8A9C-4090-A54D-5ADA4F7FFF35} - C:\Program Files\Freez_Online_TV\prxtbFre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe ()
O4 - HKLM..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe (Mail.Ru)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\Admin\Главное меню\Программы\Автозагрузка\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\Ускоренный запуск Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.21.1.16 172.21.1.4 172.21.1.9 172.21.1.21
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\Get-Styles 2.0\ie\tdataprotocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\Get-Styles 2.0\ie\tdataprotocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Корпорация Майкрософт)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Предзагрузчик Browseui - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Демон кэша категорий компонентов - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O24 - Desktop Components:0 (Моя текущая домашняя страница) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Корпорация Майкрософт)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Корпорация Майкрософт)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.15 15:10:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.06.06 03:07:33 | 000,506,749 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.08 02:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
[2011.05.08 02:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011.05.08 01:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Главное меню\Программы\HP
[2011.05.08 01:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011.05.07 16:24:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011.05.02 19:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\StatusMania
[2011.05.02 19:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Bromium
[2011.05.02 19:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Главное меню\Программы\StatusMania
[2011.05.02 19:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\StatusMania
[2011.05.01 00:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Рабочий стол\хочу и куплю
[2011.04.15 20:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\BittorrentBar_RU
[2011.04.13 20:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Рабочий стол\шамат
[2011.04.13 02:39:03 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2011.04.11 21:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Рабочий стол\Новая папка
[2011.04.11 21:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011.04.11 21:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.04.11 21:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Главное меню\Программы\Skype
[2011.04.11 18:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2011.04.11 18:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\BitTorrent
[2011.04.10 14:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\skypePM
[2011.04.10 14:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Рабочий стол\тяк
[2011.04.10 12:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Skype
[2011.04.10 12:45:28 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011.04.10 12:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.05.08 19:12:05 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.08 19:12:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.08 19:07:05 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1292428093-1417001333-500UA.job
[2011.05.08 18:07:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1292428093-1417001333-500Core.job
[2011.05.08 14:03:09 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Admin\Рабочий стол\Google Chrome.lnk
[2011.05.08 14:03:09 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.05.08 14:01:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.08 14:00:35 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.05.08 13:59:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.08 13:59:50 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.08 02:24:35 | 000,152,971 | ---- | M] () -- C:\WINDOWS\hpoins14.dat
[2011.05.08 02:24:01 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\All Users\Рабочий стол\Приобретение расходных материалов HP.lnk
[2011.05.08 02:23:39 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\HP Digital Imaging Monitor.lnk
[2011.05.08 02:23:22 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Рабочий стол\Центр решений HP.lnk
[2011.05.08 02:21:05 | 000,125,776 | ---- | M] () -- C:\WINDOWS\hpoins14.dat.temp
[2011.05.08 02:17:42 | 000,019,180 | ---- | M] () -- C:\WINDOWS\hpqins13.dat
[2011.05.08 02:16:12 | 000,019,564 | ---- | M] () -- C:\WINDOWS\hpqins13.dat.temp
[2011.05.08 01:26:40 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Рабочий стол\HP Photosmart Essential 3.5.lnk
[2011.05.06 23:21:00 | 000,002,503 | ---- | M] () -- C:\Documents and Settings\Admin\Рабочий стол\Microsoft Office Word 2007.lnk
[2011.05.06 23:11:47 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\StatusManiaStatusMania.ini
[2011.05.05 19:20:03 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.05.05 19:19:49 | 000,224,256 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.04 05:30:19 | 000,008,628 | -H-- | M] () -- C:\WINDOWS\System32\CMMGR32.GID
[2011.05.02 19:41:05 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\All Users\Рабочий стол\StatusMania.lnk
[2011.04.26 19:07:18 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Рабочий стол\Skype.lnk
[2011.04.20 07:45:21 | 000,068,944 | ---- | M] () -- C:\Documents and Settings\Admin\Рабочий стол\Ошибка установки HP - XP.hta
[2011.04.14 20:51:35 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.14 20:32:35 | 000,484,782 | ---- | M] () -- C:\WINDOWS\System32\perfh019.dat
[2011.04.14 20:32:35 | 000,441,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.14 20:32:35 | 000,084,502 | ---- | M] () -- C:\WINDOWS\System32\perfc019.dat
[2011.04.14 20:32:35 | 000,071,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.11 18:41:15 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011.04.11 18:41:15 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Рабочий стол\BitTorrent.lnk
[2011.04.11 11:57:56 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\All Users\Рабочий стол\Ярлык для Multinex VPN.lnk
[2011.04.10 14:29:22 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.05.08 02:24:01 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\All Users\Рабочий стол\Приобретение расходных материалов HP.lnk
[2011.05.08 02:23:39 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\HP Digital Imaging Monitor.lnk
[2011.05.08 02:23:22 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Рабочий стол\Центр решений HP.lnk
[2011.05.08 01:26:40 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Рабочий стол\HP Photosmart Essential 3.5.lnk
[2011.05.08 01:26:14 | 000,019,564 | ---- | C] () -- C:\WINDOWS\hpqins13.dat.temp
[2011.05.08 01:21:14 | 000,152,971 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2011.05.08 01:21:14 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2011.05.08 01:21:06 | 000,308,621 | ---- | C] () -- C:\WINDOWS\System32\autorun.inf
[2011.05.07 21:40:45 | 000,019,180 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011.05.07 17:00:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Главное меню\Программы\Mozilla Firefox.lnk
[2011.05.02 19:41:39 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\StatusManiaStatusMania.ini
[2011.05.02 19:41:05 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\All Users\Рабочий стол\StatusMania.lnk
[2011.04.26 03:55:14 | 000,008,628 | -H-- | C] () -- C:\WINDOWS\System32\CMMGR32.GID
[2011.04.20 07:45:21 | 000,068,944 | ---- | C] () -- C:\Documents and Settings\Admin\Рабочий стол\Ошибка установки HP - XP.hta
[2011.04.11 21:13:09 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Рабочий стол\Skype.lnk
[2011.04.11 18:41:15 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011.04.11 18:41:15 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Рабочий стол\BitTorrent.lnk
[2011.04.11 11:57:56 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\All Users\Рабочий стол\Ярлык для Multinex VPN.lnk
[2011.04.10 14:29:22 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.10.26 23:05:19 | 000,000,501 | ---- | C] () -- C:\Program Files\Common Files\jqyrg4inedzz13m
[2010.04.19 21:03:48 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\FieryAdsEx.dat
[2009.08.25 19:35:41 | 000,000,084 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009.07.28 19:06:49 | 000,019,748 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.06.15 17:09:25 | 000,125,776 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp
[2009.06.15 17:09:24 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp
[2009.05.15 19:06:08 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.05.15 19:06:08 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009.05.15 19:06:08 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.05.15 19:06:08 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009.05.15 19:06:08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.05.15 19:06:08 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.05.15 19:06:08 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009.05.15 19:06:08 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009.05.15 19:05:14 | 000,004,337 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.05.15 19:03:36 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009.05.15 19:03:07 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.05.15 19:02:45 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.05.15 18:45:33 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.05.15 18:44:55 | 000,224,256 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.15 15:24:20 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\hidcon.exe
[2009.05.15 15:22:23 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.05.15 15:22:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.05.15 15:22:22 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.05.15 15:22:22 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.05.15 15:22:22 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.05.15 15:22:21 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.05.15 15:14:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.05.15 15:12:47 | 000,357,376 | ---- | C] () -- C:\WINDOWS\innounp.exe
[2009.05.15 15:10:40 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\vbrun100.dll
[2009.05.15 15:10:40 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2009.05.15 15:10:40 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009.05.15 15:08:12 | 000,022,564 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.15 17:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.15 17:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.15 17:00:00 | 000,484,782 | ---- | C] () -- C:\WINDOWS\System32\perfh019.dat
[2008.04.15 17:00:00 | 000,441,544 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.15 17:00:00 | 000,305,414 | ---- | C] () -- C:\WINDOWS\System32\perfi019.dat
[2008.04.15 17:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.15 17:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.15 17:00:00 | 000,084,502 | ---- | C] () -- C:\WINDOWS\System32\perfc019.dat
[2008.04.15 17:00:00 | 000,071,480 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.15 17:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.15 17:00:00 | 000,036,176 | ---- | C] () -- C:\WINDOWS\System32\perfd019.dat
[2008.04.15 17:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.15 17:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.15 17:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.15 17:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.15 17:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >









OTL Extras logfile created on: 08.05.2011 19:24:03 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Admin\Мои документы\Загрузки
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

1 023,00 Mb Total Physical Memory | 112,00 Mb Available Physical Memory | 11,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 18,98 Gb Free Space | 38,87% Space Free | Partition Type: NTFS
Drive D: | 249,25 Gb Total Space | 158,62 Gb Free Space | 63,64% Space Free | Partition Type: NTFS
Drive E: | 321,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MICROSOF-2F9099 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Корпорация Майкрософт)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Корпорация Майкрософт)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Корпорация Майкрософт)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Корпорация Майкрософт)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Корпорация Майкрософт)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Корпорация Майкрософт)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Корпорация Майкрософт)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Корпорация Майкрософт)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Корпорация Майкрософт)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Корпорация Майкрософт)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\OperaAC\opera.exe"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Корпорация Майкрософт)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Корпорация Майкрософт)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Корпорация Майкрософт)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Корпорация Майкрософт)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Корпорация Майкрософт)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Корпорация Майкрософт)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Корпорация Майкрософт)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Корпорация Майкрософт)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Корпорация Майкрософт)
regfile [open] -- regedit.exe "%1" (Корпорация Майкрософт)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Корпорация Майкрософт)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Корпорация Майкрософт)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Корпорация Майкрософт)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Корпорация Майкрософт)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Корпорация Майкрософт)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Корпорация Майкрософт)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Корпорация Майкрософт)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Корпорация Майкрософт)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Корпорация Майкрософт)
Directory [find] -- %SystemRoot%\Explorer.exe (Корпорация Майкрософт)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Корпорация Майкрософт)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Корпорация Майкрософт)
Drive [find] -- %SystemRoot%\Explorer.exe (Корпорация Майкрософт)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
"UpdatesOverride" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Корпорация Майкрософт)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Корпорация Майкрософт)
"C:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe" = C:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe:*:Enabled:[email protected] flash player -- ()
"C:\Program Files\Mail.Ru\Sputnik\SputnikHelper.exe" = C:\Program Files\Mail.Ru\Sputnik\SputnikHelper.exe:*:Enabled:[email protected] helper object -- (Mail.Ru)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}" = Microsoft .NET Framework 1.1 Russian Language Pack
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C9419-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41dbfc7d-f007-4e4a-b126-b1afb27c6d5a}_is1" = StatusMania-1.4
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{90120000-0010-0419-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Russian) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0419-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Russian) 2007
"{90120000-0016-0419-0000-0000000FF1CE}_EXCEL_{DCB382C1-7F1B-42B2-9D47-EDC4262E832F}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0018-0419-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Russian) 2007
"{90120000-0018-0419-0000-0000000FF1CE}_POWERPOINT_{DCB382C1-7F1B-42B2-9D47-EDC4262E832F}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0419-0000-0000000FF1CE}" = Microsoft Office Word MUI (Russian) 2007
"{90120000-001B-0419-0000-0000000FF1CE}_WORD_{DCB382C1-7F1B-42B2-9D47-EDC4262E832F}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_POWERPOINT_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_EXCEL_{57A92C5E-E76A-49CC-9EC2-A7B6CE1255EA}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0419-0000-0000000FF1CE}_POWERPOINT_{57A92C5E-E76A-49CC-9EC2-A7B6CE1255EA}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0419-0000-0000000FF1CE}_WORD_{57A92C5E-E76A-49CC-9EC2-A7B6CE1255EA}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2007
"{90120000-001F-0422-0000-0000000FF1CE}_EXCEL_{6F177D09-F21D-4F50-9436-353972D1D232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0422-0000-0000000FF1CE}_POWERPOINT_{6F177D09-F21D-4F50-9436-353972D1D232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0422-0000-0000000FF1CE}_WORD_{6F177D09-F21D-4F50-9436-353972D1D232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0419-0000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2007
"{90120000-006E-0419-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2007
"{90120000-006E-0419-0000-0000000FF1CE}_EXCEL_{37317C49-30C4-412C-B0B9-D95090F330D8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0419-0000-0000000FF1CE}_POWERPOINT_{37317C49-30C4-412C-B0B9-D95090F330D8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0419-0000-0000000FF1CE}_WORD_{37317C49-30C4-412C-B0B9-D95090F330D8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 2.0
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1049-7B44-A70900000002}" = Adobe Reader 7.0.9 - Russian
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB48851B-96A4-489f-9F95-29F3731E9764}" = F2100_doccd
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F142376D-C1CC-4F66-9AF2-BECEDC1B3A15}" = AlterGeo Magic Scanner
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4D0F248-2BF7-4912-814E-4FD751923838}" = Microsoft .NET Framework 2.0 Language Pack - RUS
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Пакет драйверов Windows - Nokia Modem (02/15/2007 3.1)
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Пакет драйверов Windows - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Пакет драйверов Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Пакет драйверов Windows - Nokia Modem (02/15/2007 3.1)
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Пакет драйверов Windows - Nokia Modem (05/24/2007 6.84.0.1)
"Daemon Tools Lite_addon" = Daemon Tools Lite
"Digalo 2000 Russian" = Digalo 2000 Russian
"EADM" = EA Download Manager
"EEEE705096F837B7907659F100C9FE6DA001970F" = Пакет драйверов Windows - Nokia Modem (06/09/2010 7.01.0.7)
"ERUNT_is1" = ERUNT 1.1j
"EXCEL" = Microsoft Office Excel 2007
"FlylinkDC_is1" = FlylinkDC
"Freez_Online_TV Toolbar" = Freez_Online_TV Toolbar
"Get-Styles для ВКонтакте" = Get-Styles для ВКонтакте
"Guard.Mail.ru" = Guard.Mail.ru
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"ie8" = Windows Internet Explorer 8
"jetAudio 7.1x Russian Language Pack" = jetAudio 7.1x Russian Language Pack 1.01
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.4.2
"mailrusputnik" = Mail.Ru Спутник 2.3.0.301
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 ru)" = Mozilla Firefox 4.0.1 (x86 ru)
"MRA" = Mail.Ru Агент 5.7 (сборка 3796, для всех пользователей)
"Nero - Burning Rom!UninstallKey" = Nero 6
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Paint.NET_addon" = Paint.NET v 3.36
"POWERPOINT" = Microsoft Office PowerPoint 2007
"QIP.Online" = QIP.Online
"STREET RACER EUROPE_is1" = STREET RACER EUROPE v.1.0
"UltraISO_is1" = UltraISO Premium (only 32bit) v9.3.2.2656
"Vista Drive Icon_addon" = Vista Drive Icon
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = Архиватор WinRAR
"WORD" = Microsoft Office Word 2007
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP 2005" = QIP 2005 8092
"QIP Infium" = QIP Infium 2.0.9032 RC4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.04.2011 23:26:48 | Computer Name = MICROSOF-2F9099 | Source = MsiInstaller | ID = 11904
Description = Продукт: SolutionCenter -- Ошибка 1904. Не удалось зарегистрировать
модуль C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx. HRESULT -2147220473. Обратитесь
в службу поддержки.

Error - 07.05.2011 18:23:24 | Computer Name = MICROSOF-2F9099 | Source = MsiInstaller | ID = 11904
Description = Продукт: SolutionCenter -- Ошибка 1904. Не удалось зарегистрировать
модуль C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx. HRESULT -2147220473. Обратитесь
в службу поддержки.

[ OSession Events ]
Error - 15.04.2010 11:57:21 | Computer Name = MICROSOF-2F9099 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 13941 seconds with 60 seconds of active time. This session ended with a
crash.

Error - 15.04.2010 18:52:33 | Computer Name = MICROSOF-2F9099 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 85 seconds with 0 seconds of active time. This session ended with a crash.

Error - 16.04.2010 3:21:25 | Computer Name = MICROSOF-2F9099 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3355 seconds with 1740 seconds of active time. This session ended with a
crash.

Error - 16.04.2010 6:32:17 | Computer Name = MICROSOF-2F9099 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2550 seconds with 2160 seconds of active time. This session ended with a
crash.

Error - 27.04.2010 17:04:34 | Computer Name = MICROSOF-2F9099 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 5695 seconds with 2820 seconds of active time. This session ended with a
crash.

Error - 01.05.2010 17:55:36 | Computer Name = MICROSOF-2F9099 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1880 seconds with 1200 seconds of active time. This session ended with a
crash.

Error - 08.06.2010 14:45:45 | Computer Name = MICROSOF-2F9099 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02.09.2010 14:05:17 | Computer Name = MICROSOF-2F9099 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error - 06.01.2011 9:09:44 | Computer Name = MICROSOF-2F9099 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24.02.2011 19:28:30 | Computer Name = MICROSOF-2F9099 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06.05.2011 11:47:54 | Computer Name = MICROSOF-2F9099 | Source = Srv | ID = 2000
Description = Неожиданный сбой при вызове системной службы сервером.

Error - 07.05.2011 4:00:31 | Computer Name = MICROSOF-2F9099 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "StarWind iSCSI Service" из-за ошибки %%2

Error - 07.05.2011 8:24:03 | Computer Name = MICROSOF-2F9099 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "StarWind iSCSI Service" из-за ошибки %%2

Error - 07.05.2011 10:43:25 | Computer Name = MICROSOF-2F9099 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "StarWind iSCSI Service" из-за ошибки %%2

Error - 07.05.2011 10:47:07 | Computer Name = MICROSOF-2F9099 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "StarWind iSCSI Service" из-за ошибки %%2

Error - 07.05.2011 14:32:11 | Computer Name = MICROSOF-2F9099 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "StarWind iSCSI Service" из-за ошибки %%2

Error - 07.05.2011 14:43:03 | Computer Name = MICROSOF-2F9099 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "StarWind iSCSI Service" из-за ошибки %%2

Error - 07.05.2011 18:16:31 | Computer Name = MICROSOF-2F9099 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "StarWind iSCSI Service" из-за ошибки %%2

Error - 07.05.2011 18:27:09 | Computer Name = MICROSOF-2F9099 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "StarWind iSCSI Service" из-за ошибки %%2

Error - 08.05.2011 6:01:25 | Computer Name = MICROSOF-2F9099 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "StarWind iSCSI Service" из-за ошибки %%2


< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,678 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:Services

:OTL
[2010.10.26 23:05:19 | 000,000,501 | ---- | C] () -- C:\Program Files\Common Files\jqyrg4inedzz13m
[2010.04.19 21:03:48 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\FieryAdsEx.dat

:Files
C:\Windows\system32\borlndmm.dll
C:\ProgramFiles\FieryAds

:reg
[-HKLM\SOFTWARE\FieryAds]
     
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Your Avast is out of date. Get the free Avast!
http://www.avast.com...ivirus-download

Download, Save, and run it.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image


Ron
  • 0

#5
Aliyah

Aliyah

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Program Files\Common Files\jqyrg4inedzz13m moved successfully.
C:\Documents and Settings\Admin\Application Data\FieryAdsEx.dat moved successfully.
========== FILES ==========
File\Folder C:\Windows\system32\borlndmm.dll not found.
File\Folder C:\ProgramFiles\FieryAds not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\FieryAds\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 1039608779 bytes
->Temporary Internet Files folder emptied: 2049459 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 94446983 bytes
->Google Chrome cache emptied: 261984763 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 21038567 bytes
->Flash cache emptied: 1529 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 1738314 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3254578 bytes

User: упр

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2609176 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15808772 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 180558146 bytes

Total Files Cleaned = 1 548,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05092011_001009

Files\Folders moved on Reboot...
C:\WINDOWS\temp\_avast5_\Webshlock.txt moved successfully.

Registry entries deleted on Reboot...










Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6534

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09.05.2011 14:09:06
mbam-log-2011-05-09 (14-09-06).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 216196
Time elapsed: 56 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{2b673573-d721-4ba5-bec6-c415ed5a5f3e}\rp82\a0023796.exe (Trojan.RepackedSetup) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2b673573-d721-4ba5-bec6-c415ed5a5f3e}\RP82\A0023805.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\program files\WinRAR\original\rar slayer v1.1.exe (Malware.Tool) -> Quarantined and deleted successfully.









ComboFix 11-05-08.02 - Admin 09.05.2011 14:16:59.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.577 [GMT 4:00]
Running from: c:\documents and settings\Admin\Рабочий стол\George.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Internet Explorer\iexplore.exe
c:\windows\43.jpg
c:\windows\system32\AutoRun.inf
.
----- BITS: Possible infected sites -----
.
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))
.
.
2011-05-09 01:33 . 2010-12-20 14:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-09 01:33 . 2011-05-09 01:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-09 01:33 . 2010-12-20 14:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-08 20:10 . 2011-05-08 20:10 -------- d-----w- C:\_OTL
2011-05-08 17:06 . 2011-05-08 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-08 17:06 . 2011-05-08 17:06 -------- d-----w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com
2011-05-08 17:06 . 2011-05-08 17:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-07 22:24 . 2011-05-07 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2011-05-07 22:23 . 2011-05-07 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-05-07 21:22 . 2011-05-07 21:22 -------- d-----w- c:\program files\Hewlett-Packard
2011-05-07 13:00 . 2011-05-07 13:00 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-07 13:00 . 2011-05-07 13:00 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-07 13:00 . 2011-05-07 13:00 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-07 13:00 . 2011-05-07 13:00 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-07 13:00 . 2011-05-07 13:00 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-07 13:00 . 2011-05-07 13:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-07 13:00 . 2011-05-07 13:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-07 13:00 . 2011-05-07 13:00 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-02 15:41 . 2011-05-02 15:41 -------- d-----w- c:\documents and settings\Admin\Application Data\StatusMania
2011-05-02 15:41 . 2011-05-02 15:41 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Bromium
2011-05-02 15:41 . 2011-05-02 15:41 -------- d-----w- c:\program files\StatusMania
2011-04-15 16:58 . 2011-04-15 16:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\BittorrentBar_RU
2011-04-12 22:39 . 2008-06-20 11:59 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2011-04-11 17:14 . 2011-04-23 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-11 17:13 . 2011-04-11 17:13 -------- d-----w- c:\program files\Common Files\Skype
2011-04-11 14:41 . 2011-04-11 14:41 -------- d-----w- c:\program files\BitTorrent
2011-04-11 14:41 . 2011-05-09 10:11 -------- d-----w- c:\documents and settings\Admin\Application Data\BitTorrent
2011-04-10 10:29 . 2011-04-26 15:07 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2011-04-10 08:46 . 2011-04-26 19:02 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2011-04-10 08:45 . 2011-05-07 12:28 -------- d-----r- c:\program files\Skype
2011-04-10 08:45 . 2011-04-11 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:31 . 2009-05-15 11:08 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-12-25 18:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2008-12-25 18:52 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:07 . 2008-12-25 19:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:07 . 2008-12-25 18:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:07 . 2008-12-25 18:55 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 11:43 . 2008-12-25 18:55 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 14:24 . 2008-05-05 03:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 13:19 . 2008-12-25 18:51 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:19 . 2008-12-25 18:51 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-15 12:56 . 2008-04-15 13:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-15 13:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-15 13:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-15 13:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-15 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-07 13:00 . 2011-05-07 13:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2008-12-25 18:59 . 7F37BFDC135A7F2459DE89D9A4964F97 . 855040 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-12-25 . 23B7D3F3F5EC8FEEA75EC381C71CBD5E . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-12-25 . 5D1804D43D799F7040AC1C2DF3EE137A . 1721344 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-12-25 . 7C6B400E4984E2EE4FCFC1A99C2B6C32 . 226816 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-12-25 . E52BB415E3A7106E0308A6EE75219F30 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-12-25 . E5EB62A6443A8720F7EC4941C42FAE67 . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot_2011-01-18_17.35.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 06:59 . 2011-01-11 06:59 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
+ 2011-01-10 19:03 . 2011-01-10 19:03 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
- 2007-03-11 18:32 . 2007-03-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80KOR.dll
+ 2007-03-11 17:32 . 2007-03-11 17:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80KOR.dll
+ 2007-03-11 17:32 . 2007-03-11 17:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80JPN.dll
- 2007-03-11 18:32 . 2007-03-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80JPN.dll
- 2007-03-11 18:32 . 2007-03-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ITA.dll
+ 2007-03-11 17:32 . 2007-03-11 17:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ITA.dll
+ 2007-03-11 17:32 . 2007-03-11 17:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80FRA.dll
- 2007-03-11 18:32 . 2007-03-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80FRA.dll
+ 2007-03-11 17:32 . 2007-03-11 17:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ESP.dll
- 2007-03-11 18:32 . 2007-03-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ESP.dll
+ 2007-03-11 17:32 . 2007-03-11 17:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ENU.dll
- 2007-03-11 18:32 . 2007-03-11 18:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ENU.dll
+ 2007-03-11 17:32 . 2007-03-11 17:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80DEU.dll
- 2007-03-11 18:32 . 2007-03-11 18:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80DEU.dll
+ 2007-03-11 17:32 . 2007-03-11 17:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHT.dll
- 2007-03-11 18:32 . 2007-03-11 18:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHT.dll
+ 2007-03-11 17:32 . 2007-03-11 17:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHS.dll
- 2007-03-11 18:32 . 2007-03-11 18:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHS.dll
+ 2011-01-10 18:32 . 2011-01-10 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
+ 2011-01-10 18:32 . 2011-01-10 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
+ 2011-01-10 18:32 . 2011-01-10 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
+ 2011-01-10 18:32 . 2011-01-10 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
+ 2011-01-10 18:32 . 2011-01-10 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
+ 2011-01-10 18:32 . 2011-01-10 18:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
+ 2011-01-10 18:32 . 2011-01-10 18:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
+ 2011-01-10 18:32 . 2011-01-10 18:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
+ 2011-01-10 18:32 . 2011-01-10 18:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
+ 2011-01-11 00:05 . 2011-01-11 00:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
+ 2011-01-11 00:23 . 2011-01-11 00:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
+ 2011-01-10 17:21 . 2011-01-10 17:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
+ 2011-05-07 21:22 . 2011-05-07 21:22 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
- 2010-12-20 12:03 . 2010-12-20 12:03 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2008-04-15 13:00 . 2011-04-14 16:32 84502 c:\windows\system32\perfc019.dat
+ 2008-04-15 13:00 . 2011-04-14 16:32 71480 c:\windows\system32\perfc009.dat
- 2008-12-25 18:55 . 2010-11-06 00:22 66560 c:\windows\system32\mshtmled.dll
+ 2008-12-25 18:55 . 2011-02-22 23:07 66560 c:\windows\system32\mshtmled.dll
+ 2009-05-15 11:08 . 2011-02-22 23:07 55296 c:\windows\system32\msfeedsbs.dll
- 2009-05-15 11:08 . 2010-11-06 00:22 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-12-25 18:55 . 2011-02-22 23:07 25600 c:\windows\system32\jsproxy.dll
- 2008-12-25 18:55 . 2010-11-06 00:22 25600 c:\windows\system32\jsproxy.dll
+ 2011-02-16 17:38 . 2008-04-14 18:40 21504 c:\windows\system32\hidserv.dll
+ 2009-05-26 12:19 . 2008-04-13 20:15 15104 c:\windows\system32\drivers\usbscan.sys
- 2009-05-26 12:19 . 2008-04-13 21:15 15104 c:\windows\system32\drivers\usbscan.sys
+ 2011-02-16 17:38 . 2008-04-14 18:17 14720 c:\windows\system32\drivers\kbdhid.sys
- 2010-01-20 22:31 . 2011-01-13 08:40 47440 c:\windows\system32\drivers\aswTdi.sys
+ 2011-01-22 19:06 . 2011-01-13 08:40 47440 c:\windows\system32\drivers\aswTdi.sys
+ 2011-01-22 19:06 . 2011-01-13 08:37 23632 c:\windows\system32\drivers\aswRdr.sys
- 2010-01-20 22:31 . 2011-01-13 08:37 23632 c:\windows\system32\drivers\aswRdr.sys
+ 2011-01-22 19:06 . 2011-01-13 08:39 94544 c:\windows\system32\drivers\aswmon.sys
- 2010-01-20 22:31 . 2011-01-13 08:39 94544 c:\windows\system32\drivers\aswmon.sys
- 2010-01-20 22:31 . 2011-01-13 08:37 17744 c:\windows\system32\drivers\aswFsBlk.sys
+ 2011-01-22 19:06 . 2011-01-13 08:37 17744 c:\windows\system32\drivers\aswFsBlk.sys
- 2010-01-20 22:31 . 2011-01-13 08:37 29392 c:\windows\system32\drivers\aavmker4.sys
+ 2011-01-22 19:06 . 2011-01-13 08:37 29392 c:\windows\system32\drivers\aavmker4.sys
+ 2008-04-15 13:00 . 2009-04-20 17:08 45568 c:\windows\system32\dnsrslvr.dll
- 2008-04-15 13:00 . 2008-04-15 13:00 45568 c:\windows\system32\dnsrslvr.dll
+ 2010-08-28 17:46 . 2011-02-22 23:07 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-08-28 17:46 . 2010-11-06 00:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-05-26 12:19 . 2008-04-13 20:15 15104 c:\windows\system32\dllcache\usbscan.sys
- 2009-05-26 12:19 . 2008-04-13 21:15 15104 c:\windows\system32\dllcache\usbscan.sys
- 2008-12-25 18:55 . 2010-11-06 00:22 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-25 18:55 . 2011-02-22 23:07 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-07-21 09:58 . 2010-11-06 00:22 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-07-21 09:58 . 2011-02-22 23:07 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-25 18:55 . 2010-11-06 00:22 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-12-25 18:55 . 2011-02-22 23:07 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2011-02-16 17:38 . 2008-04-14 18:17 14720 c:\windows\system32\dllcache\kbdhid.sys
+ 2008-12-25 18:55 . 2011-02-22 23:07 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-12-25 18:55 . 2010-11-06 00:22 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-02-16 17:38 . 2008-04-14 18:40 21504 c:\windows\system32\dllcache\hidserv.dll
+ 2008-04-15 13:00 . 2009-04-20 17:08 45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2008-04-15 13:00 . 2008-04-15 13:00 45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2008-04-15 13:00 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-15 13:00 . 2010-12-09 14:29 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2008-04-15 13:00 . 2009-12-14 07:10 33280 c:\windows\system32\csrsrv.dll
+ 2008-04-15 13:00 . 2010-12-09 14:29 33280 c:\windows\system32\csrsrv.dll
- 2009-05-15 11:14 . 2010-12-20 12:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-15 11:14 . 2011-05-07 22:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-19 01:04 . 2011-05-07 22:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-05-02 15:07 . 2011-05-02 15:07 21504 c:\windows\Installer\72dac.msi
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 21:26 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 21:26 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 21:26 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 17:41 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-05-07 21:26 . 2011-05-07 21:26 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\ARPPRODUCTICON.exe
+ 2011-05-07 22:24 . 2011-05-07 22:24 65536 c:\windows\Installer\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}\ARPPRODUCTICON.exe
+ 2009-05-15 11:19 . 2011-04-14 16:28 35088 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-05-15 11:19 . 2010-12-23 09:21 35088 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-15 11:19 . 2011-04-14 16:28 18704 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-05-15 11:19 . 2010-12-23 09:21 18704 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-05-15 11:19 . 2011-04-14 16:28 20240 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-05-15 11:19 . 2010-12-23 09:21 20240 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-05-15 11:22 . 2011-04-14 16:34 35088 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-05-15 11:22 . 2010-12-23 09:21 35088 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-05-15 11:22 . 2010-12-23 09:21 18704 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-05-15 11:22 . 2011-04-14 16:34 18704 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-05-15 11:22 . 2011-04-14 16:34 20240 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-05-15 11:22 . 2010-12-23 09:21 20240 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-05-15 11:20 . 2011-04-14 16:35 35088 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-05-15 11:20 . 2010-12-23 09:21 35088 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-15 11:20 . 2011-04-14 16:35 18704 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-05-15 11:20 . 2010-12-23 09:21 18704 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-05-15 11:20 . 2011-04-14 16:35 20240 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-05-15 11:20 . 2010-12-23 09:21 20240 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-05-07 22:24 . 2011-05-07 22:24 25214 c:\windows\Installer\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}\hpqSSupply.exe
- 2009-05-26 12:22 . 2009-05-26 12:22 25214 c:\windows\Installer\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}\hpqSSupply.exe
+ 2011-05-07 22:24 . 2011-05-07 22:24 25214 c:\windows\Installer\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}\ARPPRODUCTICON.exe
- 2009-05-26 12:22 . 2009-05-26 12:22 25214 c:\windows\Installer\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}\ARPPRODUCTICON.exe
- 2010-12-20 12:04 . 2010-12-20 12:04 65536 c:\windows\Installer\{10E1E87C-656C-4D08-86D6-5443D28583BE}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2011-05-07 22:23 . 2011-05-07 22:23 65536 c:\windows\Installer\{10E1E87C-656C-4D08-86D6-5443D28583BE}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2011-04-14 16:33 . 2010-12-20 23:52 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-04-14 16:33 . 2010-12-20 23:52 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-04-14 16:33 . 2010-12-20 23:52 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-04-14 16:33 . 2010-12-20 23:52 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-04-14 16:33 . 2010-12-20 23:52 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2011-05-07 17:40 . 2011-05-07 22:17 19180 c:\windows\hpqins13.dat
- 2010-07-20 23:44 . 2011-01-13 08:47 38848 c:\windows\avastSS.scr
+ 2011-01-22 19:06 . 2011-01-13 08:47 38848 c:\windows\avastSS.scr
+ 2011-04-14 16:36 . 2011-04-14 16:36 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3f621b90371e67197bd4d0b86aa6f21d\System.Windows.Presentation.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\577b049541803541e6b00e2c36c00852\System.Web.DynamicData.Design.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\636ed65b7e5481320e3010b78a5e6cfa\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f83b1e8dd8c90490c8d924826c8b107d\System.AddIn.Contract.ni.dll
+ 2011-04-14 16:34 . 2011-04-14 16:34 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe
+ 2011-04-14 16:33 . 2011-04-14 16:33 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\108426b4dc654100c9a99bfa71f69886\Microsoft.Vsa.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8905268997c77a27c7f9c54aeba37f24\Microsoft.Build.Framework.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6d74b9308a1517bfe959e597c3dd2427\dfsvc.ni.exe
+ 2011-04-14 17:46 . 2011-04-14 17:46 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-04 06:38 . 2010-10-04 06:38 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-02-09 22:36 . 2009-12-14 07:10 33280 c:\windows\$NtUninstallKB2476687$\csrsrv.dll
+ 2011-03-07 23:00 . 2008-07-08 13:21 26488 c:\windows\$hf_mig$\KB971029\update\spcustom.dll
+ 2011-03-07 23:00 . 2008-07-08 13:21 17784 c:\windows\$hf_mig$\KB971029\spmsg.dll
+ 2011-03-30 21:09 . 2010-07-05 13:35 26488 c:\windows\$hf_mig$\KB2524375\update\spcustom.dll
+ 2011-03-30 21:09 . 2010-07-05 13:35 17784 c:\windows\$hf_mig$\KB2524375\spmsg.dll
+ 2011-02-09 22:38 . 2010-07-05 13:35 26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
+ 2011-02-09 22:38 . 2010-07-05 13:35 17784 c:\windows\$hf_mig$\KB2485376\spmsg.dll
+ 2011-02-09 22:38 . 2010-02-22 14:43 26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
+ 2011-02-09 22:38 . 2010-07-05 16:05 17784 c:\windows\$hf_mig$\KB2483185\spmsg.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 17784 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
+ 2011-03-09 23:00 . 2010-07-05 13:35 26488 c:\windows\$hf_mig$\KB2481109\update\spcustom.dll
+ 2011-03-09 23:00 . 2010-07-05 16:05 17784 c:\windows\$hf_mig$\KB2481109\spmsg.dll
+ 2011-03-09 20:07 . 2011-02-02 07:57 53248 c:\windows\$hf_mig$\KB2481109\SP3QFE\tsgqec.dll
+ 2011-03-09 23:02 . 2010-02-22 14:43 26488 c:\windows\$hf_mig$\KB2479943\update\spcustom.dll
+ 2011-03-09 23:02 . 2010-02-22 14:43 17784 c:\windows\$hf_mig$\KB2479943\spmsg.dll
+ 2011-02-09 22:38 . 2010-02-22 14:43 26488 c:\windows\$hf_mig$\KB2479628\update\spcustom.dll
+ 2011-02-09 22:38 . 2010-02-22 14:43 17784 c:\windows\$hf_mig$\KB2479628\spmsg.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 17784 c:\windows\$hf_mig$\KB2476687\spmsg.dll
+ 2011-02-09 14:43 . 2010-12-09 14:28 33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-05-07 21:21 . 2007-09-20 16:31 2000 c:\windows\hpomdl14.dat
- 2010-12-20 12:01 . 2007-06-05 23:07 2000 c:\windows\hpomdl14.dat
- 2010-10-04 06:37 . 2010-10-04 06:37 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-04 06:37 . 2010-10-04 06:37 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-04 06:37 . 2010-10-04 06:37 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
+ 2011-01-11 00:27 . 2011-01-11 00:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
+ 2011-01-11 00:24 . 2011-01-11 00:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
+ 2011-01-11 00:08 . 2011-01-11 00:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
+ 2008-04-15 13:00 . 2009-07-27 23:19 135680 c:\windows\system32\shsvcs.dll
- 2008-04-15 13:00 . 2008-04-15 13:00 135680 c:\windows\system32\shsvcs.dll
+ 2008-12-25 19:00 . 2011-01-21 14:44 440832 c:\windows\system32\shimgvw.dll
+ 2008-04-15 13:00 . 2011-04-14 16:32 484782 c:\windows\system32\perfh019.dat
+ 2008-04-15 13:00 . 2011-04-14 16:32 441544 c:\windows\system32\perfh009.dat
+ 2008-12-25 18:59 . 2011-02-22 23:07 206848 c:\windows\system32\occache.dll
- 2008-12-25 18:59 . 2010-11-06 00:22 206848 c:\windows\system32\occache.dll
+ 2008-04-15 13:00 . 2010-12-09 15:15 722432 c:\windows\system32\ntdll.dll
- 2009-05-15 11:07 . 2008-04-15 13:00 677888 c:\windows\system32\mstsc.exe
+ 2009-05-15 11:07 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe
+ 2008-12-25 18:55 . 2011-02-22 23:07 611840 c:\windows\system32\mstime.dll
- 2008-12-25 18:55 . 2010-11-06 00:22 611840 c:\windows\system32\mstime.dll
+ 2008-12-09 18:46 . 2011-02-22 23:07 602112 c:\windows\system32\msfeeds.dll
- 2008-12-09 18:46 . 2010-11-06 00:22 602112 c:\windows\system32\msfeeds.dll
- 2007-03-11 18:24 . 2007-03-11 18:24 190072 c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
+ 2007-03-11 17:24 . 2007-03-11 17:24 190072 c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
- 2008-12-25 18:51 . 2009-06-26 11:12 732160 c:\windows\system32\lsasrv.dll
+ 2008-12-25 18:51 . 2010-12-20 17:24 732160 c:\windows\system32\lsasrv.dll
+ 2008-04-15 13:00 . 2010-12-22 12:32 301568 c:\windows\system32\kerberos.dll
- 2008-04-15 13:00 . 2009-06-25 08:42 301568 c:\windows\system32\kerberos.dll
+ 2008-12-25 18:51 . 2011-03-04 06:36 726528 c:\windows\system32\jscript.dll
- 2008-12-25 18:51 . 2009-12-09 05:55 726528 c:\windows\system32\jscript.dll
- 2008-12-25 18:55 . 2010-11-06 00:22 184320 c:\windows\system32\iepeers.dll
+ 2008-12-25 18:55 . 2011-02-22 23:07 184320 c:\windows\system32\iepeers.dll
+ 2008-12-25 18:55 . 2011-02-22 23:07 387584 c:\windows\system32\iedkcs32.dll
- 2008-12-25 18:55 . 2010-11-06 00:22 387584 c:\windows\system32\iedkcs32.dll
+ 2008-12-25 18:55 . 2011-02-18 11:50 173568 c:\windows\system32\ie4uinit.exe
- 2008-12-25 18:55 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
+ 2009-05-15 15:02 . 2011-04-14 16:51 146808 c:\windows\system32\FNTCACHE.DAT
- 2009-05-15 15:02 . 2010-12-23 18:03 146808 c:\windows\system32\FNTCACHE.DAT
- 2010-12-20 12:00 . 2007-03-17 16:11 675840 c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpowiax3.dll
+ 2011-05-07 21:21 . 2007-03-17 16:11 675840 c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpowiax3.dll
- 2010-12-20 12:00 . 2007-03-17 16:11 303104 c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpovst10.dll
+ 2011-05-07 21:21 . 2007-03-17 16:11 303104 c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpovst10.dll
+ 2011-05-07 21:21 . 2007-03-17 16:11 569344 c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpotscl3.dll
- 2010-12-20 12:00 . 2007-03-17 16:11 569344 c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpotscl3.dll
- 2010-12-20 12:00 . 2007-03-17 16:11 229376 c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpotpusd.dll
+ 2011-05-07 21:21 . 2007-03-17 16:11 229376 c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpotpusd.dll
+ 2011-05-07 21:21 . 2007-03-08 04:20 364544 c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\dot4\Win2000\hppldcoi.dll
- 2010-12-20 12:00 . 2007-03-08 04:20 364544 c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\dot4\Win2000\hppldcoi.dll
+ 2011-05-07 21:21 . 2007-03-08 04:20 309760 c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\dot4\Win2000\difxapi.dll
- 2010-12-20 12:00 . 2007-03-08 04:20 309760 c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\dot4\Win2000\difxapi.dll
+ 2011-05-07 21:21 . 2007-03-30 15:07 267864 c:\windows\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzids01.dll
- 2010-12-20 12:00 . 2007-03-30 15:07 267864 c:\windows\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzids01.dll
+ 2008-12-25 18:58 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
- 2008-12-25 18:58 . 2008-12-25 18:58 361600 c:\windows\system32\drivers\tcpip.sys
- 2010-01-20 22:31 . 2011-01-13 08:41 294608 c:\windows\system32\drivers\aswSP.sys
+ 2011-01-22 19:06 . 2011-01-13 08:41 294608 c:\windows\system32\drivers\aswSP.sys
- 2010-01-20 22:31 . 2011-01-13 08:40 100176 c:\windows\system32\drivers\aswmon2.sys
+ 2011-01-22 19:06 . 2011-01-13 08:40 100176 c:\windows\system32\drivers\aswmon2.sys
+ 2008-12-25 18:51 . 2011-03-03 06:53 149504 c:\windows\system32\dnsapi.dll
- 2010-07-21 09:58 . 2010-11-06 00:22 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-07-21 09:58 . 2011-02-22 23:07 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-25 18:52 . 2011-03-04 06:36 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2008-12-25 18:51 . 2011-02-17 13:19 357888 c:\windows\system32\dllcache\srv.sys
+ 2008-04-15 13:00 . 2009-07-27 23:19 135680 c:\windows\system32\dllcache\shsvcs.dll
- 2008-04-15 13:00 . 2008-04-15 13:00 135680 c:\windows\system32\dllcache\shsvcs.dll
+ 2011-02-09 14:43 . 2011-01-21 14:44 440832 c:\windows\system32\dllcache\shimgvw.dll
+ 2008-04-15 13:00 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
- 2008-04-15 13:00 . 2008-04-15 13:00 270848 c:\windows\system32\dllcache\sbe.dll
- 2010-07-21 09:58 . 2010-11-06 00:22 206848 c:\windows\system32\dllcache\occache.dll
+ 2010-07-21 09:58 . 2011-02-22 23:07 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-15 13:00 . 2010-12-09 15:15 722432 c:\windows\system32\dllcache\ntdll.dll
- 2008-12-25 18:55 . 2010-11-06 00:22 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-12-25 18:55 . 2011-02-22 23:07 611840 c:\windows\system32\dllcache\mstime.dll
- 2010-07-21 09:58 . 2010-11-06 00:22 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-07-21 09:58 . 2011-02-22 23:07 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-06-18 03:47 . 2011-02-17 13:19 457472 c:\windows\system32\dllcache\mrxsmb.sys
- 2008-04-15 13:00 . 2010-09-18 08:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2008-04-15 13:00 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2008-04-15 13:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
- 2008-12-25 18:51 . 2009-06-26 11:12 732160 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-12-25 18:51 . 2010-12-20 17:24 732160 c:\windows\system32\dllcache\lsasrv.dll
+ 2011-03-09 20:07 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
- 2008-04-15 13:00 . 2009-06-25 08:42 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-04-15 13:00 . 2010-12-22 12:32 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-12-25 18:51 . 2011-03-04 06:36 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-12-25 18:51 . 2009-12-09 05:55 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-05-15 11:08 . 2011-03-07 05:31 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2009-05-15 11:08 . 2010-06-09 07:42 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2010-08-28 17:46 . 2010-11-06 00:22 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-08-28 17:46 . 2011-02-22 23:07 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2008-12-25 18:55 . 2010-11-06 00:22 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-12-25 18:55 . 2011-02-22 23:07 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-08-28 17:46 . 2011-02-22 23:07 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-08-28 17:46 . 2010-11-06 00:22 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2008-12-25 18:55 . 2010-11-06 00:22 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-25 18:55 . 2011-02-22 23:07 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-12-25 18:55 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-25 18:55 . 2011-02-18 11:50 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-15 13:00 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
- 2008-04-15 13:00 . 2008-04-15 13:00 186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-12-25 18:51 . 2011-03-03 06:53 149504 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-04-15 13:00 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
+ 2011-01-22 12:29 . 2011-01-22 12:29 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2011-01-22 19:06 . 2011-01-13 08:47 188216 c:\windows\system32\aswBoot.exe
- 2010-01-20 22:31 . 2011-01-13 08:47 188216 c:\windows\system32\aswBoot.exe
- 2010-05-11 02:40 . 2010-05-11 02:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-01-18 00:39 . 2011-01-18 00:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-01-18 00:39 . 2011-01-18 00:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-01-18 00:39 . 2011-01-18 00:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2010-05-11 02:40 . 2010-05-11 02:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-04-14 16:34 . 2011-04-14 16:34 459264 c:\windows\Installer\d67616.msi
+ 2011-05-07 21:26 . 2011-05-07 21:26 220672 c:\windows\Installer\9301bf.msi
+ 2011-05-07 21:22 . 2011-05-07 21:22 811520 c:\windows\Installer\930192.msi
+ 2011-05-07 21:22 . 2011-05-07 21:22 326144 c:\windows\Installer\93018c.msi
+ 2011-05-07 21:22 . 2011-05-07 21:22 391168 c:\windows\Installer\930186.msi
+ 2011-05-07 21:22 . 2011-05-07 21:22 306688 c:\windows\Installer\930180.msi
+ 2011-05-07 22:24 . 2011-05-07 22:24 189440 c:\windows\Installer\7754e.msi
+ 2011-05-07 22:24 . 2011-05-07 22:24 472576 c:\windows\Installer\77544.msi
+ 2011-05-07 22:23 . 2011-05-07 22:23 586240 c:\windows\Installer\7753d.msi
+ 2011-05-07 22:23 . 2011-05-07 22:23 121344 c:\windows\Installer\77533.msi
+ 2011-05-07 22:23 . 2011-05-07 22:23 426496 c:\windows\Installer\7752d.msi
+ 2011-05-07 22:23 . 2011-05-07 22:23 452608 c:\windows\Installer\77525.msi
+ 2011-05-07 22:23 . 2011-05-07 22:23 600576 c:\windows\Installer\7751b.msi
+ 2011-05-07 22:23 . 2011-05-07 22:23 532480 c:\windows\Installer\77513.msi
+ 2011-05-07 22:23 . 2011-05-07 22:23 646656 c:\windows\Installer\7750c.msi
+ 2011-05-07 22:23 . 2011-05-07 22:23 121344 c:\windows\Installer\774f9.msi
+ 2011-05-07 22:23 . 2011-05-07 22:23 628736 c:\windows\Installer\774f3.msi
+ 2011-05-07 22:23 . 2011-05-07 22:23 526336 c:\windows\Installer\774e7.msi
+ 2011-05-07 22:23 . 2011-05-07 22:23 121344 c:\windows\Installer\774e1.msi
+ 2011-05-07 22:23 . 2011-05-07 22:23 500736 c:\windows\Installer\774db.msi
+ 2011-05-07 22:23 . 2011-05-07 22:23 592384 c:\windows\Installer\774d5.msi
+ 2011-04-12 22:00 . 2011-04-12 22:00 223232 c:\windows\Installer\14e7f3.msi
+ 2011-05-07 22:24 . 2011-05-07 22:24 689720 c:\windows\Installer\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
- 2009-05-15 11:19 . 2010-12-23 09:21 888080 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-05-15 11:19 . 2011-04-14 16:28 888080 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-05-15 11:19 . 2011-04-14 16:28 217864 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-15 11:19 . 2010-12-23 09:21 217864 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\misc.exe
+ 2009-05-15 11:22 . 2011-04-14 16:34 922384 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\pptico.exe
- 2009-05-15 11:22 . 2010-12-23 09:21 922384 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-05-15 11:22 . 2011-04-14 16:34 217864 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-15 11:22 . 2010-12-23 09:21 217864 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\misc.exe
+ 2009-05-15 11:20 . 2011-04-14 16:35 217864 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-15 11:20 . 2010-12-23 09:21 217864 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\misc.exe
+ 2011-04-11 17:13 . 2011-04-11 17:13 371272 c:\windows\Installer\{5335DADB-34BA-4AE8-A519-648D78498846}\SkypeIcon.exe
+ 2011-04-12 23:05 . 2010-03-10 06:17 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-04-12 23:05 . 2010-07-05 13:35 391032 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-04-12 23:05 . 2010-07-05 13:35 232824 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-04-12 23:05 . 2009-12-09 05:55 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-04-14 16:33 . 2010-12-20 23:52 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll
+ 2011-04-14 16:33 . 2010-07-05 13:35 391032 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
+ 2011-04-14 16:33 . 2010-07-05 13:35 232824 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
+ 2011-04-14 16:33 . 2010-12-20 23:52 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll
+ 2011-04-14 16:33 . 2010-12-20 23:52 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll
+ 2011-04-14 16:33 . 2010-12-20 23:52 602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
+ 2011-04-14 16:33 . 2010-12-20 23:52 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
+ 2011-04-14 16:33 . 2010-12-20 23:52 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
+ 2011-04-14 16:33 . 2010-12-20 23:52 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
+ 2011-04-14 16:33 . 2010-12-20 23:52 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
+ 2011-04-14 16:33 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
+ 2011-02-09 22:36 . 2010-11-06 00:22 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 391032 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 232824 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-09 22:36 . 2010-11-06 00:22 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-09 22:36 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2011-05-07 21:21 . 2011-05-07 22:24 152971 c:\windows\hpoins14.dat
+ 2011-04-30 11:07 . 2011-04-30 11:07 241664 c:\windows\ERDNT\AutoBackup\30.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-30 11:07 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\30.04.2011\ERDNT.EXE
+ 2011-04-29 01:17 . 2011-04-29 01:17 225280 c:\windows\ERDNT\AutoBackup\29.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-29 01:17 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\29.04.2011\ERDNT.EXE
+ 2011-04-28 15:29 . 2011-04-28 15:29 225280 c:\windows\ERDNT\AutoBackup\28.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-28 15:29 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\28.04.2011\ERDNT.EXE
+ 2011-04-26 23:30 . 2011-04-26 23:30 225280 c:\windows\ERDNT\AutoBackup\27.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-26 23:30 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\27.04.2011\ERDNT.EXE
+ 2011-04-25 23:52 . 2011-04-25 23:52 225280 c:\windows\ERDNT\AutoBackup\26.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-25 23:52 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\26.04.2011\ERDNT.EXE
+ 2011-04-24 11:23 . 2011-04-24 11:23 225280 c:\windows\ERDNT\AutoBackup\24.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-24 11:23 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\24.04.2011\ERDNT.EXE
+ 2011-04-22 22:50 . 2011-04-22 22:50 225280 c:\windows\ERDNT\AutoBackup\23.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-22 22:50 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\23.04.2011\ERDNT.EXE
+ 2011-04-22 11:04 . 2011-04-22 11:04 225280 c:\windows\ERDNT\AutoBackup\22.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-22 11:04 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\22.04.2011\ERDNT.EXE
+ 2011-04-20 21:00 . 2011-04-20 21:00 225280 c:\windows\ERDNT\AutoBackup\21.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-20 21:00 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\21.04.2011\ERDNT.EXE
+ 2011-04-20 03:19 . 2011-04-20 03:19 225280 c:\windows\ERDNT\AutoBackup\20.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-20 03:19 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\20.04.2011\ERDNT.EXE
+ 2011-04-18 23:44 . 2011-04-18 23:44 225280 c:\windows\ERDNT\AutoBackup\19.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-18 23:44 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\19.04.2011\ERDNT.EXE
+ 2011-04-18 01:07 . 2011-04-18 01:07 225280 c:\windows\ERDNT\AutoBackup\18.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-18 01:07 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\18.04.2011\ERDNT.EXE
+ 2011-04-17 14:48 . 2011-04-17 14:48 225280 c:\windows\ERDNT\AutoBackup\17.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-17 14:48 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\17.04.2011\ERDNT.EXE
+ 2011-04-16 15:32 . 2011-04-16 15:32 225280 c:\windows\ERDNT\AutoBackup\16.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-16 15:32 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\16.04.2011\ERDNT.EXE
+ 2011-04-15 13:05 . 2011-04-15 13:05 225280 c:\windows\ERDNT\AutoBackup\15.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-15 13:05 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\15.04.2011\ERDNT.EXE
+ 2011-04-13 21:38 . 2011-04-13 21:38 225280 c:\windows\ERDNT\AutoBackup\14.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-13 21:38 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\14.04.2011\ERDNT.EXE
+ 2011-04-13 07:07 . 2011-04-13 07:07 225280 c:\windows\ERDNT\AutoBackup\13.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-13 07:07 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\13.04.2011\ERDNT.EXE
+ 2011-04-12 17:31 . 2011-04-12 17:31 225280 c:\windows\ERDNT\AutoBackup\12.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-12 17:31 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\12.04.2011\ERDNT.EXE
+ 2011-04-11 07:17 . 2011-04-11 07:17 217088 c:\windows\ERDNT\AutoBackup\11.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-11 07:17 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\11.04.2011\ERDNT.EXE
+ 2011-04-10 08:33 . 2011-04-10 08:33 200704 c:\windows\ERDNT\AutoBackup\10.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-10 08:33 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\10.04.2011\ERDNT.EXE
+ 2011-05-08 20:00 . 2011-05-08 20:00 249856 c:\windows\ERDNT\AutoBackup\09.05.2011\Users\00000002\UsrClass.dat
+ 2011-05-08 20:00 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\09.05.2011\ERDNT.EXE
+ 2011-05-07 22:15 . 2011-05-07 22:15 249856 c:\windows\ERDNT\AutoBackup\08.05.2011\Users\00000002\UsrClass.dat
+ 2011-05-07 22:15 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\08.05.2011\ERDNT.EXE
+ 2011-04-08 04:03 . 2011-04-08 04:03 200704 c:\windows\ERDNT\AutoBackup\08.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-08 04:03 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\08.04.2011\ERDNT.EXE
+ 2011-05-07 07:59 . 2011-05-07 07:59 249856 c:\windows\ERDNT\AutoBackup\07.05.2011\Users\00000002\UsrClass.dat
+ 2011-05-07 07:59 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\07.05.2011\ERDNT.EXE
+ 2011-04-07 01:52 . 2011-04-07 01:52 200704 c:\windows\ERDNT\AutoBackup\07.04.2011\Users\00000002\UsrClass.dat
+ 2011-04-07 01:52 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\07.04.2011\ERDNT.EXE
+ 2011-05-06 15:46 . 2011-05-06 15:46 249856 c:\windows\ERDNT\AutoBackup\06.05.2011\Users\00000002\UsrClass.dat
+ 2011-05-06 15:46 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\06.05.2011\ERDNT.EXE
+ 2011-05-05 02:09 . 2011-05-05 02:09 249856 c:\windows\ERDNT\AutoBackup\05.05.2011\Users\00000002\UsrClass.dat
+ 2011-05-05 02:09 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\05.05.2011\ERDNT.EXE
+ 2011-05-04 01:20 . 2011-05-04 01:20 249856 c:\windows\ERDNT\AutoBackup\04.05.2011\Users\00000002\UsrClass.dat
+ 2011-05-04 01:20 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\04.05.2011\ERDNT.EXE
+ 2011-05-03 02:12 . 2011-05-03 02:12 249856 c:\windows\ERDNT\AutoBackup\03.05.2011\Users\00000002\UsrClass.dat
+ 2011-05-03 02:12 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\03.05.2011\ERDNT.EXE
+ 2011-05-02 02:34 . 2011-05-02 02:34 241664 c:\windows\ERDNT\AutoBackup\02.05.2011\Users\00000002\UsrClass.dat
+ 2011-05-02 02:34 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\02.05.2011\ERDNT.EXE
+ 2010-06-18 03:47 . 2011-02-17 13:19 457472 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-04-14 17:46 . 2011-04-14 17:46 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\95de80b860252231b46014f58226e473\WsatConfig.ni.exe
+ 2011-04-14 16:36 . 2011-04-14 16:36 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll
+ 2011-04-14 16:36 . 2011-04-14 16:36 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll
+ 2011-04-14 16:36 . 2011-04-14 16:36 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll
+ 2011-04-14 17:49 . 2011-04-14 17:49 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3d8f787002439f4942c33f376cfd8555\System.Xml.Linq.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4b746fea8062a10ccc6e5331914e7dad\System.Web.Routing.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c0a156fbf46ad272ac262e45eaa998f4\System.Web.Extensions.Design.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e3651e13567ce4e3fa7bb2fbab737d9a\System.Web.Entity.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\834d7769f39e4d937eda1ad3707d4716\System.Web.Entity.Design.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\032c96c6206b53bca122d1fbaf5f8ca2\System.Web.DynamicData.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6ce0e4fb33afcfcce43c427e82b987db\System.Web.Abstractions.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\6194eb4bc1e0133d0183d086b747f512\System.Net.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d6ae8171ae6fd4fe83add34e6d70e5b5\System.Management.Instrumentation.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\abd5a61d39e474f12b30ccbbe6277667\System.IO.Log.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\12c4dba6d4ff0278d208c283d9ed7670\System.IdentityModel.Selectors.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
+ 2011-04-14 16:35 . 2011-04-14 16:35 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ef56bf47fc2fc4204e0fcc1f32bab01\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ce2afe8854ee9cdc834b6f392348c882\System.Data.Services.Design.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\03d4658290e300e437e745ef4a613b59\System.Data.Services.Client.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\7ce21a2855bb7731de4dab797e69f3f6\System.Data.Entity.Design.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ea57694aea47c05853516c9bb2ad54b4\System.Data.DataSetExtensions.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\afd9595f07a8c68b26e81cf995957f56\System.AddIn.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3a42b2fbafe93d7b9395e328bea35afa\SMSvcHost.ni.exe
+ 2011-04-14 17:46 . 2011-04-14 17:46 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\97ff96d3fc8d0b10ea294f320acf821e\SMDiagnostics.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\28ed0e9efd938b05b4f53e0d90046701\ServiceModelReg.ni.exe
+ 2011-04-14 16:34 . 2011-04-14 16:34 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll
+ 2011-04-14 16:34 . 2011-04-14 16:34 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll
+ 2011-04-14 16:34 . 2011-04-14 16:34 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll
+ 2011-04-14 16:34 . 2011-04-14 16:34 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5670e74887ef1025c6a8c056ffe86b38\MSBuild.ni.exe
+ 2011-04-14 17:46 . 2011-04-14 17:46 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\653732002ebf5c68f69150a60e145e6a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\cc62770393640302bd4d7e442b1e49a4\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\352bff1ee71ce114e225f849038dc48d\Microsoft.Build.Utilities.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\7345f4d2d7157bf49de4158e8f2b6847\Microsoft.Build.Engine.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d7dba901ddd410ca1a0156d0f2a27533\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\010552e529d130ce914765b0801e2367\CustomMarshalers.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\6861f639b13967e9b014b44bbb7c5d4c\ComSvcConfig.ni.exe
+ 2011-04-14 17:46 . 2011-04-14 17:46 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\800da7dec567fadf3392091e9f01ecb9\AspNetMMCExt.ni.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-04 06:38 . 2010-10-04 06:38 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-04 06:38 . 2010-10-04 06:38 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-04 06:38 . 2010-10-04 06:38 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-10-04 06:38 . 2010-10-04 06:38 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-04 06:38 . 2010-10-04 06:38 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-04 06:38 . 2010-10-04 06:38 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-03-07 23:00 . 2009-05-26 11:43 391032 c:\windows\$NtUninstallKB971029$\spuninst\updspapi.dll
+ 2011-03-07 23:00 . 2008-07-08 13:21 232824 c:\windows\$NtUninstallKB971029$\spuninst\spuninst.exe
+ 2011-03-07 23:00 . 2008-04-15 13:00 135680 c:\windows\$NtUninstallKB971029$\shsvcs.dll
+ 2011-03-30 21:09 . 2010-07-05 13:35 391032 c:\windows\$NtUninstallKB2524375$\spuninst\updspapi.dll
+ 2011-03-30 21:09 . 2010-07-05 13:35 232824 c:\windows\$NtUninstallKB2524375$\spuninst\spuninst.exe
+ 2011-02-09 22:38 . 2010-07-05 13:35 391032 c:\windows\$NtUninstallKB2485376$\spuninst\updspapi.dll
+ 2011-02-09 22:38 . 2010-07-05 13:35 232824 c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
+ 2011-02-09 22:38 . 2010-10-28 13:08 290048 c:\windows\$NtUninstallKB2485376$\atmfd.dll
+ 2011-02-09 22:38 . 2010-07-05 13:35 391032 c:\windows\$NtUninstallKB2483185$\spuninst\updspapi.dll
+ 2011-02-09 22:38 . 2010-02-22 14:43 232824 c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
+ 2011-02-09 22:38 . 2008-12-25 19:00 690688 c:\windows\$NtUninstallKB2483185$\shimgvw.dll
+ 2011-03-09 23:00 . 2010-07-05 13:35 391032 c:\windows\$NtUninstallKB2481109$\spuninst\updspapi.dll
+ 2011-03-09 23:00 . 2010-07-05 13:35 232824 c:\windows\$NtUninstallKB2481109$\spuninst\spuninst.exe
+ 2011-03-09 23:00 . 2008-04-15 13:00 677888 c:\windows\$NtUninstallKB2481109$\mstsc.exe
+ 2011-03-09 23:02 . 2010-02-22 14:43 391032 c:\windows\$NtUninstallKB2479943$\spuninst\updspapi.dll
+ 2011-03-09 23:02 . 2010-02-22 14:43 232824 c:\windows\$NtUninstallKB2479943$\spuninst\spuninst.exe
+ 2011-03-09 23:02 . 2008-04-15 13:00 270848 c:\windows\$NtUninstallKB2479943$\sbe.dll
+ 2011-03-09 23:02 . 2008-04-15 13:00 186880 c:\windows\$NtUninstallKB2479943$\encdec.dll
+ 2011-02-09 22:38 . 2010-02-22 14:43 391032 c:\windows\$NtUninstallKB2479628$\spuninst\updspapi.dll
+ 2011-02-09 22:38 . 2010-02-22 14:43 232824 c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
+ 2011-02-09 22:38 . 2010-02-22 14:43 391032 c:\windows\$NtUninstallKB2478971$\spuninst\updspapi.dll
+ 2011-02-09 22:38 . 2010-02-22 14:43 232824 c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
+ 2011-02-09 22:38 . 2009-06-25 08:42 301568 c:\windows\$NtUninstallKB2478971$\kerberos.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 391032 c:\windows\$NtUninstallKB2478960$\spuninst\updspapi.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 232824 c:\windows\$NtUninstallKB2478960$\spuninst\spuninst.exe
+ 2011-02-09 22:36 . 2009-06-26 11:12 732160 c:\windows\$NtUninstallKB2478960$\lsasrv.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 391032 c:\windows\$NtUninstallKB2476687$\spuninst\updspapi.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 232824 c:\windows\$NtUninstallKB2476687$\spuninst\spuninst.exe
+ 2011-02-09 22:36 . 2010-07-05 13:35 391032 c:\windows\$NtUninstallKB2393802$\spuninst\updspapi.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 232824 c:\windows\$NtUninstallKB2393802$\spuninst\spuninst.exe
+ 2011-02-09 22:36 . 2009-02-09 10:57 719360 c:\windows\$NtUninstallKB2393802$\ntdll.dll
+ 2011-03-07 23:00 . 2009-05-26 11:43 391032 c:\windows\$hf_mig$\KB971029\update\updspapi.dll
+ 2011-03-07 23:00 . 2009-05-26 11:43 760184 c:\windows\$hf_mig$\KB971029\update\update.exe
+ 2011-03-07 23:00 . 2008-07-08 13:21 232824 c:\windows\$hf_mig$\KB971029\spuninst.exe
+ 2011-03-07 10:30 . 2009-07-27 22:23 135680 c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
+ 2011-03-30 21:09 . 2010-07-05 13:35 391032 c:\windows\$hf_mig$\KB2524375\update\updspapi.dll
+ 2011-03-30 21:09 . 2010-07-05 13:35 760184 c:\windows\$hf_mig$\KB2524375\update\update.exe
+ 2011-03-30 21:09 . 2010-07-05 13:35 232824 c:\windows\$hf_mig$\KB2524375\spuninst.exe
+ 2011-02-09 22:38 . 2010-07-05 13:35 391032 c:\windows\$hf_mig$\KB2485376\update\updspapi.dll
+ 2011-02-09 22:38 . 2010-07-05 13:35 760184 c:\windows\$hf_mig$\KB2485376\update\update.exe
+ 2011-02-09 22:38 . 2010-07-05 13:35 232824 c:\windows\$hf_mig$\KB2485376\spuninst.exe
+ 2011-02-09 14:44 . 2011-01-07 14:09 290048 c:\windows\$hf_mig$\KB2485376\SP3QFE\atmfd.dll
+ 2011-02-09 22:38 . 2010-07-05 13:35 391032 c:\windows\$hf_mig$\KB2483185\update\updspapi.dll
+ 2011-02-09 22:38 . 2010-07-05 13:35 760184 c:\windows\$hf_mig$\KB2483185\update\update.exe
+ 2011-02-09 22:38 . 2010-02-22 14:43 232824 c:\windows\$hf_mig$\KB2483185\spuninst.exe
+ 2011-02-09 14:43 . 2011-01-21 14:42 441344 c:\windows\$hf_mig$\KB2483185\SP3QFE\shimgvw.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 391032 c:\windows\$hf_mig$\KB2482017-IE8\update\updspapi.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 760184 c:\windows\$hf_mig$\KB2482017-IE8\update\update.exe
+ 2011-02-09 22:36 . 2010-07-05 13:35 232824 c:\windows\$hf_mig$\KB2482017-IE8\spuninst.exe
+ 2011-02-09 14:43 . 2010-12-20 23:51 919552 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 206848 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\occache.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 611840 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mstime.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 602112 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeeds.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 247808 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieproxy.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 184320 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iepeers.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 743424 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedvtool.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 387584 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedkcs32.dll
+ 2011-02-09 14:43 . 2010-12-20 12:49 173568 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ie4uinit.exe
+ 2011-03-09 23:00 . 2010-07-05 13:35 391032 c:\windows\$hf_mig$\KB2481109\update\updspapi.dll
+ 2011-03-09 23:00 . 2010-07-05 13:35 760184 c:\windows\$hf_mig$\KB2481109\update\update.exe
+ 2011-03-09 23:00 . 2010-07-05 13:35 232824 c:\windows\$hf_mig$\KB2481109\spuninst.exe
+ 2011-03-09 20:07 . 2011-01-27 11:41 677888 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstsc.exe
+ 2011-03-09 20:07 . 2011-02-02 07:57 136192 c:\windows\$hf_mig$\KB2481109\SP3QFE\aaclient.dll
+ 2011-03-09 23:02 . 2010-02-22 14:43 391032 c:\windows\$hf_mig$\KB2479943\update\updspapi.dll
+ 2011-03-09 23:02 . 2010-02-22 14:43 760184 c:\windows\$hf_mig$\KB2479943\update\update.exe
+ 2011-03-09 23:02 . 2010-02-22 14:43 232824 c:\windows\$hf_mig$\KB2479943\spuninst.exe
+ 2011-03-09 20:07 . 2011-02-09 13:52 270848 c:\windows\$hf_mig$\KB2479943\SP3QFE\sbe.dll
+ 2011-03-09 20:07 . 2011-02-09 13:52 186880 c:\windows\$hf_mig$\KB2479943\SP3QFE\encdec.dll
+ 2011-02-09 22:38 . 2010-02-22 14:43 391032 c:\windows\$hf_mig$\KB2479628\update\updspapi.dll
+ 2011-02-09 22:38 . 2010-02-22 14:43 760184 c:\windows\$hf_mig$\KB2479628\update\update.exe
+ 2011-02-09 22:38 . 2010-02-22 14:43 232824 c:\windows\$hf_mig$\KB2479628\spuninst.exe
+ 2011-02-09 22:36 . 2010-07-05 13:35 391032 c:\windows\$hf_mig$\KB2476687\update\updspapi.dll
+ 2011-02-09 22:36 . 2010-07-05 13:35 760184 c:\windows\$hf_mig$\KB2476687\update\update.exe
+ 2011-02-09 22:36 . 2010-07-05 13:35 232824 c:\windows\$hf_mig$\KB2476687\spuninst.exe
+ 2011-04-12 22:19 . 2010-10-23 00:47 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 3780936 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
+ 2011-01-11 06:59 . 2011-01-11 06:59 3766088 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
+ 2011-01-10 18:50 . 2011-01-10 18:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
+ 2011-01-10 18:50 . 2011-01-10 18:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
+ 2011-05-07 21:22 . 2011-05-07 21:22 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
- 2010-12-20 12:03 . 2010-12-20 12:03 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
- 2008-12-25 19:00 . 2010-11-06 00:22 1210880 c:\windows\system32\urlmon.dll
+ 2008-12-25 19:00 . 2011-02-22 23:07 1210880 c:\windows\system32\urlmon.dll
- 2008-12-25 19:00 . 2010-07-27 06:30 8479744 c:\windows\system32\shell32.dll
+ 2008-12-25 19:00 . 2011-01-21 14:44 8479744 c:\windows\system32\shell32.dll
+ 2010-03-11 20:18 . 2011-02-07 20:17 2048192 c:\windows\system32\Restore\rstrlog.dat
+ 2008-12-25 18:51 . 2010-12-09 15:14 2150912 c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 16:56 . 2010-12-09 15:14 2029056 c:\windows\system32\ntkrnlpa.exe
+ 2009-05-15 11:07 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll
+ 2008-12-25 18:59 . 2011-02-22 23:07 5962240 c:\windows\system32\mshtml.dll
+ 2008-12-09 18:46 . 2011-02-22 23:07 1991680 c:\windows\system32\iertutil.dll
- 2008-12-09 18:46 . 2010-11-06 00:22 1991680 c:\windows\system32\iertutil.dll
+ 2008-12-25 18:52 . 2011-03-03 13:53 1858048 c:\windows\system32\dllcache\win32k.sys
+ 2010-07-21 09:58 . 2011-02-22 23:07 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2010-07-21 09:58 . 2010-11-06 00:22 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2010-08-04 08:47 . 2011-01-21 14:44 8479744 c:\windows\system32\dllcache\shell32.dll
- 2010-08-04 08:47 . 2010-07-27 06:30 8479744 c:\windows\system32\dllcache\shell32.dll
+ 2009-02-10 15:18 . 2010-12-09 15:14 2194560 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-06-19 12:09 . 2010-12-09 15:14 2029056 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2010-06-19 12:09 . 2010-12-09 17:44 2071168 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-06-19 12:09 . 2010-12-09 15:14 2150912 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-05-15 11:08 . 2011-02-22 23:07 5962240 c:\windows\system32\dllcache\mshtml.dll
+ 2009-05-15 11:07 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
- 2010-07-21 09:58 . 2010-11-06 00:22 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-07-21 09:58 . 2011-02-22 23:07 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-01-18 00:39 . 2011-01-18 00:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-01-18 00:39 . 2011-01-18 00:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-05-11 02:40 . 2010-05-11 02:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-04-11 17:13 . 2011-04-11 17:13 1587200 c:\windows\Installer\e27fef.msi
+ 2011-01-11 13:49 . 2011-01-11 13:49 9003008 c:\windows\Installer\d67624.msp
+ 2010-11-20 19:32 . 2010-11-20 19:32 4165120 c:\windows\Installer\d6760e.msp
+ 2011-05-07 21:26 . 2011-05-07 21:26 2874368 c:\windows\Installer\9301a3.msi
+ 2011-05-07 22:24 . 2011-05-07 22:24 1351680 c:\windows\Installer\77556.msi
+ 2011-03-17 16:01 . 2011-03-17 16:01 9563648 c:\windows\Installer\51028f.msp
+ 2011-03-17 16:01 . 2011-03-17 16:01 9563648 c:\windows\Installer\510280.msp
+ 2011-01-11 13:50 . 2011-01-11 13:50 8177152 c:\windows\Installer\510264.msp
+ 2010-11-20 19:33 . 2010-11-20 19:33 1980928 c:\windows\Installer\510255.msp
+ 2009-05-15 11:20 . 2011-04-14 16:35 1172240 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-05-15 11:20 . 2010-12-23 09:21 1172240 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-04-14 16:33 . 2010-12-20 23:52 1210880 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
+ 2011-04-14 16:33 . 2010-12-20 23:52 5961216 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
+ 2011-04-14 16:33 . 2010-12-20 23:52 1991680 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2011-04-30 11:07 . 2011-04-30 11:07 6619136 c:\windows\ERDNT\AutoBackup\30.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-29 01:17 . 2011-04-29 01:17 6619136 c:\windows\ERDNT\AutoBackup\29.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-28 15:29 . 2011-04-28 15:29 6619136 c:\windows\ERDNT\AutoBackup\28.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-26 23:30 . 2011-04-26 23:30 6619136 c:\windows\ERDNT\AutoBackup\27.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-25 23:52 . 2011-04-25 23:52 6619136 c:\windows\ERDNT\AutoBackup\26.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-24 11:23 . 2011-04-24 11:23 6619136 c:\windows\ERDNT\AutoBackup\24.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-22 22:50 . 2011-04-22 22:50 6619136 c:\windows\ERDNT\AutoBackup\23.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-22 11:04 . 2011-04-22 11:04 6619136 c:\windows\ERDNT\AutoBackup\22.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-20 21:00 . 2011-04-20 21:00 6619136 c:\windows\ERDNT\AutoBackup\21.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-20 03:19 . 2011-04-20 03:19 6619136 c:\windows\ERDNT\AutoBackup\20.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-18 23:44 . 2011-04-18 23:44 6619136 c:\windows\ERDNT\AutoBackup\19.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-18 01:07 . 2011-04-18 01:07 6619136 c:\windows\ERDNT\AutoBackup\18.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-17 14:48 . 2011-04-17 14:48 6619136 c:\windows\ERDNT\AutoBackup\17.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-16 15:31 . 2011-04-16 15:32 6619136 c:\windows\ERDNT\AutoBackup\16.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-15 13:05 . 2011-04-15 13:05 6619136 c:\windows\ERDNT\AutoBackup\15.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-13 21:38 . 2011-04-13 21:38 6619136 c:\windows\ERDNT\AutoBackup\14.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-13 07:07 . 2011-04-13 07:07 6619136 c:\windows\ERDNT\AutoBackup\13.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-12 17:31 . 2011-04-12 17:31 6619136 c:\windows\ERDNT\AutoBackup\12.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-11 07:17 . 2011-04-11 07:17 6619136 c:\windows\ERDNT\AutoBackup\11.04.2011\Users\00000001\NTUSER.DAT
+ 2011-04-10 08:33 . 2011-04-10 08:33 6619136 c:\windows\ERDNT\AutoBackup\10.04.2011\Users\00000001\NTUSER.DAT
+ 2011-05-08 20:00 . 2011-05-08 20:00 6668288 c:\windows\ERDNT\AutoBackup\09.05.2011\Users\00000001\NTUSER.DAT
+ 2011-05-07 22:15 . 2011-05-07 22:15 6668288 c:\windows\ERDNT\AutoBackup\08.05.2011\Users\00000001\NTUSER.DAT
+ 2011-04-08 04:03 . 2011-04-08 04:03 6619136 c:\windows\ERDNT\AutoBackup\08.04.2011\Users\00000001\NTUSER.DAT
+ 2011-05-07 07:59 . 2011-05-07 07:59 6668288 c:\windows\ERDNT\AutoBackup\07.05.2011\Users\00000001\NTUSER.DAT
+ 2011-04-07 01:52 . 2011-04-07 01:52 6619136 c:\windows\ERDNT\AutoBackup\07.04.2011\Users\00000001\NTUSER.DAT
+ 2011-05-06 15:46 . 2011-05-06 15:46 6656000 c:\windows\ERDNT\AutoBackup\06.05.2011\Users\00000001\NTUSER.DAT
+ 2011-05-05 02:09 . 2011-05-05 02:09 6656000 c:\windows\ERDNT\AutoBackup\05.05.2011\Users\00000001\NTUSER.DAT
+ 2011-05-04 01:20 . 2011-05-04 01:20 6656000 c:\windows\ERDNT\AutoBackup\04.05.2011\Users\00000001\NTUSER.DAT
+ 2011-05-03 02:12 . 2011-05-03 02:12 6656000 c:\windows\ERDNT\AutoBackup\03.05.2011\Users\00000001\NTUSER.DAT
+ 2011-05-02 02:34 . 2011-05-02 02:34 6656000 c:\windows\ERDNT\AutoBackup\02.05.2011\Users\00000001\NTUSER.DAT
+ 2009-02-10 15:18 . 2010-12-09 15:14 2194560 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-06-19 12:09 . 2010-12-09 15:14 2029056 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2010-06-19 12:09 . 2010-12-09 17:44 2071168 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-06-19 12:09 . 2010-12-09 15:14 2150912 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-04-14 16:33 . 2011-04-14 16:33 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
+ 2011-04-14 16:36 . 2011-04-14 16:36 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll
+ 2011-04-14 16:33 . 2011-04-14 16:33 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
+ 2011-04-14 16:36 . 2011-04-14 16:36 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
+ 2011-04-14 17:49 . 2011-04-14 17:49 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6346221cecf631e5c0b754d842aad102\System.WorkflowServices.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1fbcd203ff8d77d561df8bf806417ab6\System.Workflow.Runtime.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\efbaf3696c44fd7d4b3cd925e0437b36\System.Workflow.ComponentModel.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\52a9bc5dd1fa497af7c7f4600bd8e6d1\System.Workflow.Activities.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f5ebeeb0a8aaba9db15ec3df591339ba\System.Web.Services.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92d6b75e3b63b528d4069bf4ee01983a\System.Web.Mobile.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\02d53154634c8000382942e0f43ead41\System.Web.Extensions.ni.dll
+ 2011-04-14 16:36 . 2011-04-14 16:36 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8b0bb430bb6af96c18b43e3c54cfafe8\System.ServiceModel.Web.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\85090bd451617e204ffda625b8d9fc30\System.Runtime.Serialization.ni.dll
+ 2011-04-14 16:35 . 2011-04-14 16:35 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\86c59378e9a43bf101a10ad452a4bb8e\System.IdentityModel.ni.dll
+ 2011-04-14 16:35 . 2011-04-14 16:35 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll
+ 2011-04-14 16:35 . 2011-04-14 16:35 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de52be5da96059651b5bec800cb4605\System.Data.Services.ni.dll
+ 2011-04-14 16:35 . 2011-04-14 16:35 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c91e83e85c030bc914ecc302fa9b2c60\System.Data.Entity.ni.dll
+ 2011-04-14 16:35 . 2011-04-14 16:35 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
+ 2011-04-14 16:34 . 2011-04-14 16:34 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll
+ 2011-04-14 16:34 . 2011-04-14 16:34 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll
+ 2011-04-14 16:33 . 2011-04-14 16:33 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b117bf63daa7e587f1bb2d975dccb4af\PresentationBuildTasks.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\269103939243ec6929739c8b9a645c0d\Microsoft.VisualBasic.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\bf7bd26d2828e35156814018939ce4f6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\6594c17d7e112b0507b701d5b8a67bba\Microsoft.JScript.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f5eb1e42ccd0f67f7496b94a31949cd0\Microsoft.Build.Tasks.ni.dll
+ 2011-04-14 17:47 . 2011-04-14 17:47 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cc7f05675a5cd8014222be1483d6beaf\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\41cf95aa4ff5765b515d3252abc6353b\Microsoft.Build.Engine.ni.dll
- 2010-10-04 06:38 . 2010-10-04 06:38 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-10-04 06:38 . 2010-10-04 06:38 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-04-14 16:31 . 2011-04-14 16:31 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-10-04 06:38 . 2010-10-04 06:38 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-04 06:37 . 2010-10-04 06:37 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-14 16:32 . 2011-04-14 16:32 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-02-09 22:38 . 2010-07-27 06:30 8479744 c:\windows\$NtUninstallKB2483185$\shell32.dll
+ 2011-03-09 23:00 . 2009-06-10 05:21 2066432 c:\windows\$NtUninstallKB2481109$\mstscax.dll
+ 2011-03-09 23:00 . 2008-04-15 13:00 2061824 c:\windows\$NtUninstallKB2481109$\lhmstscx.dll
+ 2011-02-09 22:38 . 2010-10-26 13:58 1853440 c:\windows\$NtUninstallKB2479628$\win32k.sys
+ 2011-02-09 22:36 . 2010-04-28 05:19 2148352 c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
+ 2011-02-09 22:36 . 2010-04-28 05:19 2026496 c:\windows\$NtUninstallKB2393802$\ntkrpamp.exe
+ 2011-02-09 22:36 . 2010-04-28 05:19 2026496 c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
+ 2011-02-09 22:36 . 2010-04-28 05:19 2148352 c:\windows\$NtUninstallKB2393802$\ntkrnlmp.exe
+ 2011-03-07 10:30 . 2009-07-27 22:23 8480256 c:\windows\$hf_mig$\KB971029\SP3QFE\shell32.dll
+ 2011-02-09 14:43 . 2011-01-21 14:42 8480768 c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 1211904 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\urlmon.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 5962240 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 1992192 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iertutil.dll
+ 2011-03-09 20:07 . 2011-02-02 07:57 2069504 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstscx.dll
+ 2011-02-09 14:43 . 2010-12-31 14:02 1864192 c:\windows\$hf_mig$\KB2479628\SP3QFE\win32k.sys
+ 2010-08-27 10:34 . 2011-04-18 11:46 42181064 c:\windows\system32\MRT.exe
- 2008-12-09 18:46 . 2010-11-06 00:22 11080704 c:\windows\system32\ieframe.dll
+ 2008-12-09 18:46 . 2011-02-22 23:07 11080704 c:\windows\system32\ieframe.dll
+ 2010-07-21 09:58 . 2011-02-22 23:07 11080704 c:\windows\system32\dllcache\ieframe.dll
- 2010-07-21 09:58 . 2010-11-06 00:22 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-11 16:47 . 2011-02-11 16:47 12028928 c:\windows\Installer\d675fe.msp
+ 2011-04-14 16:33 . 2010-12-20 08:52 11080704 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
+ 2011-02-09 22:36 . 2010-11-06 00:22 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2011-04-14 16:36 . 2011-04-14 16:36 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
+ 2011-04-14 17:48 . 2011-04-14 17:48 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
+ 2011-04-14 17:46 . 2011-04-14 17:46 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b5f24d96334ea08b99350421450d3ba4\System.ServiceModel.ni.dll
+ 2011-04-14 16:35 . 2011-04-14 16:35 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
+ 2011-04-14 16:34 . 2011-04-14 16:34 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
+ 2011-04-14 16:34 . 2011-04-14 16:34 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
+ 2011-04-14 16:33 . 2011-04-14 16:33 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
+ 2011-02-09 14:43 . 2010-12-20 23:51 11082752 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a4d09ede-8a9c-4090-a54d-5ada4f7fff35}"= "c:\program files\Freez_Online_TV\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a4d09ede-8a9c-4090-a54d-5ada4f7fff35}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B5FB65F-631E-4564-ABF2-AD71845B28E0}]
2009-08-05 16:07 215040 ----a-w- c:\program files\Get-Styles 2.0\ie\jsloader.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
2010-08-31 14:15 257384 ----a-w- c:\program files\AlterGeo\AlterGeo Magic Scanner\2.8.8.615\AlterGeo.BrowserPlugin.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4d09ede-8a9c-4090-a54d-5ada4f7fff35}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Freez_Online_TV\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5BCDC9E9-A980-4B53-B2E8-60CFF484DA61}"= "c:\program files\Get-Styles 2.0\ie\toolbar.dll" [2009-07-28 122368]
"{a4d09ede-8a9c-4090-a54d-5ada4f7fff35}"= "c:\program files\Freez_Online_TV\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{5bcdc9e9-a980-4b53-b2e8-60cff484da61}]
[HKEY_CLASSES_ROOT\ScriptedStar.Bar.2]
[HKEY_CLASSES_ROOT\TypeLib\{B124F09B-1B6C-431D-BE2D-DBA6864A8897}]
[HKEY_CLASSES_ROOT\ScriptedStar.Bar]
.
[HKEY_CLASSES_ROOT\clsid\{a4d09ede-8a9c-4090-a54d-5ada4f7fff35}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A4D09EDE-8A9C-4090-A54D-5ADA4F7FFF35}"= "c:\program files\Freez_Online_TV\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a4d09ede-8a9c-4090-a54d-5ada4f7fff35}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-04-11 4770672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"MAgent"="c:\program files\Mail.Ru\Agent\MAgent.exe" [2010-12-23 12319424]
"Guard.Mail.ru.gui"="c:\program files\Mail.Ru\Guard\GuardMailRu.exe" [2011-04-11 1472720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-12-25 30208]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 132096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE7_011"="shell32" [X]
"ZZZZ2_FirstLogonSetting"="advpack.dll" [2009-03-08 128512]
"IE7_012"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Admin\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
“᪮७­л© § ЇгбЄ Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^VideoCam Suite 2.0.lnk]
path=c:\documents and settings\All Users\Главное меню\Программы\Автозагрузка\VideoCam Suite 2.0.lnk
backup=c:\windows\pss\VideoCam Suite 2.0.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-04-13 07:09 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAgent]
2010-12-23 20:42 12319424 ----a-w- c:\program files\Mail.Ru\Agent\magent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 11:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-10-07 13:33 13574144 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-10-07 13:33 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-10-07 13:33 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP.Online]
2009-10-26 15:42 3393024 ----a-w- c:\program files\QIP.Online\qiponline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 18:57 30208 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-04-10 14:52 16861184 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaIcon]
2008-01-02 10:52 132096 ----a-w- c:\program files\VistaDriveIcon\VistaDrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 22:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mail.Ru\\Sputnik\\SputnikFlashPlayer.exe"=
"c:\\Program Files\\Mail.Ru\\Sputnik\\SputnikHelper.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
.
R0 nvgts3;nvgts3;c:\windows\system32\drivers\nvgts3.sys [25.12.2008 23:38 132096]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.05.2009 15:12 717296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.01.2011 23:06 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 22:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 22:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.01.2011 23:06 17744]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Mail.Ru\Guard\GuardMailRu.exe [24.12.2010 0:43 1472720]
S2 gupdate;Служба Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.01.2010 2:31 133104]
S3 gupdatem;Служба Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21.01.2010 2:31 133104]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [15.05.2009 23:50 223128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 22:31]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 22:31]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1292428093-1417001333-500Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-24 17:55]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1292428093-1417001333-500UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-24 17:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849857
uDefault_Search_URL = hxxp://www.yandex.ru/?clid=123048
mStart Page = hxxp://www.smaxi.net
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.yandex.ru/?clid=123048
uCustomizeSearch = hxxp://www.yandex.ru/?clid=123048
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files\Mail.Ru\Agent\magent.exe
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\Get-Styles 2.0\ie\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\Get-Styles 2.0\ie\tdataprotocol.dll
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\usk6az7f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849857&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - mail.ru: РџРѕРёСЃРє РІ Р˜РЅС‚РµСЂРЅРµС‚Рµ
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
AddRemove-Get-Styles для ВКонтакте - c:\program files\Get-Styles 2.0\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-09 14:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
Completion time: 2011-05-09 14:23:03
ComboFix-quarantined-files.txt 2011-05-09 10:22
ComboFix2.txt 2011-01-18 17:37
ComboFix3.txt 2010-12-22 12:46
.
Pre-Run: 21 851 103 232 байт свободно
Post-Run: 21 828 399 104 байт свободно
.
- - End Of File - - E924A68D78771E05D4505BD25BB501A0








aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-09 15:48:06
-----------------------------
15:48:06.078 OS Version: Windows 5.1.2600 Service Pack 3
15:48:06.078 Number of processors: 2 586 0x6B02
15:48:06.078 ComputerName: MICROSOF-2F9099 UserName: Admin
15:48:06.453 Initialize success
15:48:09.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts31Port2Path1Target1Lun0
15:48:09.750 Disk 0 Vendor: ST332062 3.AA Size: 305245MB BusType: 1
15:48:09.750 Disk 0 MBR read successfully
15:48:09.750 Disk 0 MBR scan
15:48:09.750 Disk 0 Windows XP default MBR code
15:48:09.750 Disk 0 scanning sectors +625121280
15:48:09.781 Disk 0 scanning C:\WINDOWS\system32\drivers
15:48:12.875 Service scanning
15:48:13.796 Disk 0 trace - called modules:
15:48:13.812 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86b6c1f8]<<
15:48:13.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b29ab8]
15:48:13.812 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000067[0x86bcaca0]
15:48:13.812 5 ACPI.sys[f7326620] -> nt!IofCallDriver -> \Device\Scsi\nvgts31Port2Path1Target1Lun0[0x86b3ba38]
15:48:13.812 \Driver\nvgts3[0x86bca2f8] -> IRP_MJ_CREATE -> 0x86b6c1f8
15:48:13.812 Scan finished successfully
15:49:02.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Рабочий стол\MBR.dat"
15:49:02.109 The log file has been saved successfully to "C:\Documents and Settings\Admin\Рабочий стол\4.txt"


The Fix button was NOT enabled.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,678 posts
  • MVP
# Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
# Under the Custom Scan box paste this in:


netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
comres.dll
user32.dll
explorer.exe
regedit.exe
sfcfiles.dll
ctfmon.exe
ntoskrnl.exe
CLASSPNP.SYS
disk.sys
ACPI.sys
hal.dll
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav



Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Have you run the Avast boot-time scan yet?
Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. What did it find? I have some luck running a Boot-time scan two or three times in a row until it came up clean.

aswMBR found something ugly:

15:48:13.812 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86b6c1f8]<<

Usually we wind up doing a FixMBR from the Recovery Console for this if the Avast boot-time scan doesn't clear it. Appears you have standard XP MBR code
so this is not one like HP/Compaq/Dell with a custom MBR that allows for a restore to factory from a hidden partition so it should be safe enough.

After running the boot-time scan until Avast doesn't find anything, run aswMBR one more time. If it still has the ">>UNKNOWN" then

Start, Settings, Control Panel, System, Advanced, Startup and Recovery -Settings, and change the Time to Display the List of Operating Systems from two to 10 seconds. OK

Now Reboot. When it gives you a choice between your regular XP and the Recovery Console, hit the down arrow to select the Recovery Console then Enter. You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

exit

(Reboot into regular mode and re-run aswmbr and copy and paste the log.)

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP