Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost opens iexplore.exe and msnmsgr.exe randomly in the background


  • This topic is locked This topic is locked
15 replies to this topic

#1 ajora

ajora

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 26 July 2009 - 01:47 PM

I have an issue with my computer, i run ProcessExplorer and notice that svchost.exe randomly likes to open up iexplore.exe and msnmsgr.exe in the background with a high processor usage. I have tried killing the process but that leads to my computer just restarting, and i also tried killing the processes themselves but they just pop up again. It opens up to 4 iexplore.exe processes and the only way so far to 'stop' them is to have Process Explorer suspend this processes. I have AVG Free, have performed a full test and removed some virus from my computer, but this problem still persists.

Here is the DSS log:


DDS (Ver_09-06-26.01) - NTFSx86
Run by eid at 13:39:54.79 on 26/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.510.116 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

G:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
G:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
G:\ARCHIV~1\AVG\AVG8\avgrsx.exe
G:\Archivos de programa\Java\jre6\bin\jqs.exe
G:\ARCHIV~1\AVG\AVG8\avgnsx.exe
G:\Archivos de programa\Sandboxie\SbieSvc.exe
G:\ARCHIV~1\AVG\AVG8\avgemc.exe
G:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
G:\ARCHIV~1\AVG\AVG8\avgtray.exe
G:\Archivos de programa\Java\jre6\bin\jusched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Archivos de programa\Sandboxie\SbieCtrl.exe
G:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
G:\Archivos de programa\ProcessExplorerNT\procexp.exe
G:\WINDOWS\System32\svchost.exe
G:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\explorer.exe
G:\Archivos de programa\Mozilla Firefox\firefox.exe
G:\Documents and Settings\eid\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = localhost:80
uInternet Settings,ProxyOverride = *.local
BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: Aplicaci? auxiliar de v?culos de Adobe PDF Reader\0\0\0: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - g:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {F156768E-81EF-470C-9057-481BA8380DBA} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [CTFMON.EXE] g:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] g:\archivos de programa\spybot - search & destroy\TeaTimer.exe
uRun: [AlcoholAutomount] "g:\archivos de programa\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [SandboxieControl] "g:\archivos de programa\sandboxie\SbieCtrl.exe"
mRun: [IMJPMIG8.1] "g:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] g:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] g:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AVG8_TRAY] g:\archiv~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "g:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "g:\archivos de programa\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] g:\windows\system32\CTFMON.EXE
dRun: [msnmsgr] "g:\archivos de programa\msn messenger\msnmsgr.exe" /background
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - g:\archivos de programa\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - g:\archivos de programa\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\archiv~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71}
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - g:\archivos de programa\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [2008-7-2 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;g:\windows\system32\drivers\avgmfx86.sys [2008-7-2 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;g:\windows\system32\drivers\avgtdix.sys [2009-3-6 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;g:\archiv~1\avg\avg8\avgemc.exe [2009-6-21 907032]
R2 avg8wd;AVG Free8 WatchDog;g:\archiv~1\avg\avg8\avgwdsvc.exe [2008-7-2 298776]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;g:\windows\system32\drivers\psxpad.sys [2007-9-16 12160]
R3 PsxPortEnumerator;Psx Port Enumerator;g:\windows\system32\drivers\psxenum.sys [2007-9-16 16896]
R3 SbieDrv;SbieDrv;g:\archivos de programa\sandboxie\SbieDrv.sys [2009-5-28 108032]

=============== Created Last 30 ================

2009-07-26 13:18 244 a---h--- G:\sqmnoopt13.sqm
2009-07-26 13:18 232 a---h--- G:\sqmdata13.sqm
2009-07-26 13:15 <DIR> -cd----- g:\windows\system32\dllcache\cache
2009-07-26 13:02 219,648 a------- g:\windows\PEV.exe
2009-07-26 13:02 161,792 a------- g:\windows\SWREG.exe
2009-07-26 13:02 98,816 a------- g:\windows\sed.exe
2009-07-26 11:33 244 a---h--- G:\sqmnoopt12.sqm
2009-07-26 11:33 232 a---h--- G:\sqmdata12.sqm
2009-07-26 11:33 244 a---h--- G:\sqmnoopt11.sqm
2009-07-26 11:33 232 a---h--- G:\sqmdata11.sqm
2009-07-26 11:32 244 a---h--- G:\sqmnoopt10.sqm
2009-07-26 11:32 232 a---h--- G:\sqmdata10.sqm
2009-07-26 10:29 244 a---h--- G:\sqmnoopt09.sqm
2009-07-26 10:29 232 a---h--- G:\sqmdata09.sqm
2009-07-26 10:29 244 a---h--- G:\sqmnoopt08.sqm
2009-07-26 10:29 232 a---h--- G:\sqmdata08.sqm
2009-07-26 10:28 244 a---h--- G:\sqmnoopt07.sqm
2009-07-26 10:28 232 a---h--- G:\sqmdata07.sqm
2009-07-26 09:25 244 a---h--- G:\sqmnoopt06.sqm
2009-07-26 09:25 232 a---h--- G:\sqmdata06.sqm
2009-07-26 09:24 244 a---h--- G:\sqmnoopt05.sqm
2009-07-26 09:24 232 a---h--- G:\sqmdata05.sqm
2009-07-26 08:21 244 a---h--- G:\sqmnoopt04.sqm
2009-07-26 08:21 232 a---h--- G:\sqmdata04.sqm
2009-07-26 08:20 244 a---h--- G:\sqmnoopt03.sqm
2009-07-26 08:20 232 a---h--- G:\sqmdata03.sqm
2009-07-26 08:19 244 a---h--- G:\sqmnoopt02.sqm
2009-07-26 08:19 232 a---h--- G:\sqmdata02.sqm
2009-07-26 07:17 244 a---h--- G:\sqmnoopt01.sqm
2009-07-26 07:17 232 a---h--- G:\sqmdata01.sqm
2009-07-26 05:12 <DIR> --d----- g:\documents and settings\eid\jkos-eid
2009-07-26 03:42 <DIR> --d----- g:\docume~1\alluse~1\datosd~1\13009534
2009-07-26 03:42 40,960 ---shr-- g:\windows\system32\flashad32.dll
2009-07-24 22:57 237,568 a------- g:\windows\system32\rmc_rtspdl.dll
2009-07-24 22:57 156,672 a------- g:\windows\system32\rmc_fixasf.exe
2009-07-24 22:56 323,584 a------- g:\windows\system32\AUDIOGENIE2.DLL
2009-07-24 22:54 <DIR> --d----- g:\windows\Replay Media Catcher
2009-07-24 22:54 <DIR> --d----- g:\archivos de programa\Replay Media Catcher
2009-07-23 02:25 <DIR> --d----- G:\Sandbox
2009-07-23 02:24 1,464 a------- g:\windows\Sandboxie.ini
2009-07-23 02:24 <DIR> --d----- g:\archivos de programa\Sandboxie
2009-07-15 01:28 <DIR> --d----- g:\windows\system32\NtmsData
2009-07-14 13:53 <DIR> --d----- g:\archivos de programa\FlashFXP
2009-07-13 23:57 634 a------- g:\windows\system32\MAPISVC.INF
2009-07-13 23:56 <DIR> --d----- g:\archivos de programa\Ontrack

==================== Find3M ====================

2009-07-26 05:22 410,984 a------- g:\windows\system32\deploytk.dll
2009-07-26 03:41 212,480 a------- g:\windows\system32\drivers\ndis.sys
2009-07-03 09:38 335,752 a------- g:\windows\system32\drivers\avgldx86.sys
2009-06-26 00:49 44,156 a---h--- g:\windows\system32\mlfcache.dat
2009-06-24 22:05 47,360 a------- g:\docume~1\eid\datosd~1\pcouffin.sys
2009-06-24 22:02 47,360 a------- g:\windows\system32\drivers\pcouffin.sys
2009-06-21 15:00 721,904 a------- g:\windows\system32\drivers\sptd.sys
2009-06-21 14:16 11,006 a------- g:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-06-21 14:15 3,003 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
2009-06-21 14:15 2,901 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
2009-06-21 14:15 2,870 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
2009-06-21 14:15 2,837 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
2009-06-21 14:15 3,000 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
2009-06-21 14:15 2,872 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
2009-06-21 14:14 2,880 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
2009-06-21 14:13 14,646 a------- g:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-06-21 00:57 424,834 a------- g:\windows\system32\perfh00A.dat
2009-06-21 00:57 61,124 a------- g:\windows\system32\perfc00A.dat
2009-06-21 00:57 1,606 a------- g:\windows\system32\PerfStringBackup.TMP
2009-06-20 19:28 85,504 a------- g:\windows\system32\ff_vfw.dll
2009-06-14 16:21 60,273 a------- g:\windows\system32\pthreadGC2.dll
2009-06-07 16:24 180,224 a------- g:\windows\system32\xvidvfw.dll
2009-06-07 16:16 819,200 a------- g:\windows\system32\xvidcore.dll
2009-05-02 08:22 11,952 a------- g:\windows\system32\avgrsstx.dll
2008-05-13 00:29 1,214,314 a------- g:\archivos de programa\ProcessExplorerNT.rar
2007-12-12 02:44 92,064 a------- g:\documents and settings\eid\mqdmmdm.sys
2007-12-12 02:44 79,328 a------- g:\documents and settings\eid\mqdmserd.sys
2007-12-12 02:44 66,656 a------- g:\documents and settings\eid\mqdmbus.sys
2007-12-12 02:44 25,600 a------- g:\documents and settings\eid\usbsermptxp.sys
2007-12-12 02:44 22,768 a------- g:\documents and settings\eid\usbsermpt.sys
2007-12-12 02:44 9,232 a------- g:\documents and settings\eid\mqdmmdfl.sys
2007-12-12 02:44 6,208 a------- g:\documents and settings\eid\mqdmcmnt.sys
2007-12-12 02:44 5,936 a------- g:\documents and settings\eid\mqdmwhnt.sys
2007-12-12 02:44 4,048 a------- g:\documents and settings\eid\mqdmcr.sys

============= FINISH: 13:40:44.70 ===============

Thanks for your time, hopefully someone is able to help me out on this. :thumbup2:

Attached Files


Edited by ajora, 26 July 2009 - 01:48 PM.


BC AdBot (Login to Remove)

 


#2 ajora

ajora
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 27 July 2009 - 10:25 AM

Any help? I know the culprit here is svchost.exe as its running like 14 instances, but i need to know how to get rid of the faulty ones, all of them are on system32, but the processes are ran in a svchost module that, if killed, will make the computer restart.

Is there a way to find out whats the processes that call svchost.exe and have them stopped? I already run panda, trend micro and kapersky and they found nothing, this is getting really annoying. =/

Help me, please!

Hello ajora,

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 27 July 2009 - 05:55 PM.


#3 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 05 August 2009 - 03:56 AM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,807 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:00 PM

Posted 16 August 2009 - 10:30 PM

Topic reopened.

@ ajora,

Please post back with the updated logs and an updated description of your computer issues as requested in the previous post.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 17 August 2009 - 08:04 AM

Hello ajora,

please follow my instructions from my other post, I need fresh logs of DDS.

Regards
Net_Surfer

#6 ajora

ajora
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 19 August 2009 - 01:54 AM

Hello, sorry for the late response, here is a new scan, attached the Attach.zip as well:


DDS (Ver_09-07-30.01) - NTFSx86
Run by eid at 1:51:34.14 on 19/08/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.510.128 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

G:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
G:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Archivos de programa\Java\jre6\bin\jqs.exe
G:\WINDOWS\Explorer.EXE
G:\ARCHIV~1\AVG\AVG8\avgtray.exe
G:\Archivos de programa\Java\jre6\bin\jusched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
G:\ircN2\system\mirc.exe
G:\Archivos de programa\Trillian\trillian.exe
G:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
G:\ARCHIV~1\AVG\AVG8\avgrsx.exe
G:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
G:\ARCHIV~1\AVG\AVG8\avgemc.exe
G:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
G:\Archivos de programa\Utatane\utatane1043\Utatane.exe
G:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Archivos de programa\MSN Messenger\usnsvc.exe
G:\Archivos de programa\iPod\bin\iPodService.exe
G:\ARCHIV~1\AVG\AVG8\avgnsx.exe
G:\Archivos de programa\Mozilla Firefox\firefox.exe
G:\Archivos de programa\ProcessExplorerNT\procexp.exe
G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
G:\Documents and Settings\eid\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = localhost:80
uInternet Settings,ProxyOverride = *.local
BHO: Aplicaci? auxiliar de v?culos de Adobe PDF Reader\0\0\0: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - g:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [CTFMON.EXE] g:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] g:\archivos de programa\spybot - search & destroy\TeaTimer.exe
uRun: [AlcoholAutomount] "g:\archivos de programa\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [SandboxieControl] "g:\archivos de programa\sandboxie\SbieCtrl.exe"
mRun: [IMJPMIG8.1] "g:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] g:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] g:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AVG8_TRAY] g:\archiv~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "g:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "g:\archivos de programa\java\jre6\bin\jusched.exe"
mRun: [EPSON Stylus C79 Series] g:\windows\system32\spool\drivers\w32x86\3\e_fatibgl.exe /fu "g:\windows\temp\E_S116.tmp" /EF "HKLM"
mRun: [iTunesHelper] "g:\archivos de programa\itunes\iTunesHelper.exe"
dRun: [msnmsgr] "g:\archivos de programa\msn messenger\msnmsgr.exe" /background
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\archiv~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - g:\archivos de programa\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;g:\windows\system32\drivers\pavboot.sys [2009-7-26 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [2008-7-2 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;g:\windows\system32\drivers\avgmfx86.sys [2008-7-2 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;g:\windows\system32\drivers\avgtdix.sys [2009-3-6 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;g:\archiv~1\avg\avg8\avgemc.exe [2009-6-21 908056]
R2 avg8wd;AVG Free8 WatchDog;g:\archiv~1\avg\avg8\avgwdsvc.exe [2008-7-2 297752]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;g:\windows\system32\drivers\psxpad.sys [2007-9-16 12160]
R3 PsxPortEnumerator;Psx Port Enumerator;g:\windows\system32\drivers\psxenum.sys [2007-9-16 16896]
R3 SbieDrv;SbieDrv;g:\archivos de programa\sandboxie\SbieDrv.sys [2009-5-28 108032]

=============== Created Last 30 ================

2009-08-17 03:45 <DIR> --d----- g:\docume~1\eid\datosd~1\avidemux
2009-08-17 03:44 <DIR> --d----- g:\archivos de programa\Avidemux 2.5
2009-08-16 01:08 27,469,982 a------- G:\Unfly.wmv
2009-08-13 02:16 <DIR> --d----- g:\archivos de programa\Datel
2009-08-11 18:22 244 a---h--- G:\sqmnoopt11.sqm
2009-08-11 18:22 232 a---h--- G:\sqmdata11.sqm
2009-08-11 03:18 <DIR> --d----- g:\archivos de programa\HachaPro
2009-08-11 01:00 <DIR> --d----- g:\archivos de programa\MediaInfo
2009-08-09 21:06 <DIR> --d----- g:\docume~1\alluse~1\datosd~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-09 21:06 <DIR> --d----- g:\archivos de programa\iTunes
2009-08-09 21:06 <DIR> --d----- g:\archivos de programa\Bonjour
2009-08-09 21:04 2,060,288 a------- g:\windows\system32\usbaaplrc.dll
2009-08-09 21:02 <DIR> --d----- g:\documents and settings\eid\Configuracion local
2009-08-09 07:00 <DIR> --d----- g:\archivos de programa\MKV Demux All
2009-08-08 14:07 151,167,342 a------- G:\(???????) Border Down ??????(????).mpg
2009-08-08 13:18 268,752,896 a------- G:\## (???????) ??????????ZERO3 CPU? ?????????????ALL ?? ????????? 1145100pts (player ????) Kawaks Replay.avi
2009-08-08 12:49 124,996,316 a------- G:\## (???????) ??????????ZERO3 CPU? ?? ALL 6474000pts (player Avenger) MAME Replay.avi
2009-08-08 12:28 122,533,888 a------- G:\## (???????) ??????????ZERO3 CPU? ?? ALL 5680800pts (player ?????) MAME Replay.avi
2009-08-08 11:48 135,435,112 a------- G:\## (???????) ??????????ZERO3 CPU? ?? ALL 6202400pts (player Avenger) MAME Replay.avi
2009-08-08 11:12 117,642,496 a------- G:\## (???????) ??????????ZERO3 CPU? ?? ALL 5834200pts (player chococo) MAME Replay.avi
2009-08-08 11:08 1,319,262 a------- G:\## (???????) ??????????ZERO3 CPU? ??? ALL 5264000pts (player chococo) MAME Replay.avi
2009-08-05 18:30 244 a---h--- G:\sqmnoopt10.sqm
2009-08-05 18:30 232 a---h--- G:\sqmdata10.sqm
2009-08-05 18:29 244 a---h--- G:\sqmnoopt09.sqm
2009-08-05 18:29 232 a---h--- G:\sqmdata09.sqm
2009-08-05 17:25 244 a---h--- G:\sqmnoopt08.sqm
2009-08-05 17:25 232 a---h--- G:\sqmdata08.sqm
2009-08-05 17:24 244 a---h--- G:\sqmnoopt07.sqm
2009-08-05 17:24 232 a---h--- G:\sqmdata07.sqm
2009-08-05 17:23 244 a---h--- G:\sqmnoopt06.sqm
2009-08-05 17:23 232 a---h--- G:\sqmdata06.sqm
2009-08-05 16:21 244 a---h--- G:\sqmnoopt05.sqm
2009-08-05 16:21 232 a---h--- G:\sqmdata05.sqm
2009-08-05 15:19 244 a---h--- G:\sqmnoopt04.sqm
2009-08-05 15:19 232 a---h--- G:\sqmdata04.sqm
2009-08-05 15:18 244 a---h--- G:\sqmnoopt03.sqm
2009-08-05 15:18 232 a---h--- G:\sqmdata03.sqm
2009-08-05 15:17 244 a---h--- G:\sqmnoopt02.sqm
2009-08-05 15:17 232 a---h--- G:\sqmdata02.sqm
2009-08-05 15:16 244 a---h--- G:\sqmnoopt01.sqm
2009-08-05 15:16 232 a---h--- G:\sqmdata01.sqm
2009-08-05 01:39 244 a---h--- G:\sqmnoopt00.sqm
2009-08-05 01:39 232 a---h--- G:\sqmdata00.sqm
2009-07-31 20:44 <DIR> --d----- g:\archivos de programa\Nero
2009-07-31 07:42 14,048 -------- g:\windows\system32\spmsg2.dll
2009-07-31 07:36 <DIR> --d----- g:\windows\system32\XPSViewer
2009-07-31 03:44 <DIR> --d----- g:\windows\system32\URTTemp
2009-07-28 18:05 <DIR> --d-h--- G:\$AVG8.VAULT$
2009-07-27 22:08 2,104 a------- g:\windows\system32\tmp.reg
2009-07-27 21:38 597,504 -c------ g:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-27 21:38 89,088 -c------ g:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-27 21:38 117,760 -------- g:\windows\system32\prntvpt.dll
2009-07-27 21:38 575,488 -c------ g:\windows\system32\dllcache\xpsshhdr.dll
2009-07-27 21:38 575,488 -------- g:\windows\system32\xpsshhdr.dll
2009-07-27 21:38 1,676,288 -c------ g:\windows\system32\dllcache\xpssvcs.dll
2009-07-27 21:38 1,676,288 -------- g:\windows\system32\xpssvcs.dll
2009-07-27 20:28 <DIR> --d----- g:\archivos de programa\MSXML 6.0
2009-07-27 19:51 102,664 a------- g:\windows\system32\drivers\tmcomm.sys
2009-07-27 19:48 <DIR> --d----- g:\documents and settings\eid\.housecall6.6
2009-07-27 18:59 <DIR> --d----- G:\SDFix
2009-07-26 23:43 28,544 a------- g:\windows\system32\drivers\pavboot.sys
2009-07-26 23:09 <DIR> --d----- g:\archivos de programa\Trend Micro
2009-07-26 22:54 <DIR> --d----- g:\archivos de programa\Panda Security
2009-07-26 16:00 77 a------- G:\PLAYSTATION.CUE
2009-07-26 15:55 740,416,656 a------- G:\PLAYSTATION.BIN
2009-07-26 15:23 <DIR> --d----- G:\Rata Blanca D2
2009-07-26 13:15 <DIR> -cd----- g:\windows\system32\dllcache\cache
2009-07-26 13:02 212,480 a------- g:\windows\SWXCACLS_exe
2009-07-26 13:02 161,792 a------- g:\windows\SWREG_exe
2009-07-26 13:02 136,704 a------- g:\windows\SWSC_exe
2009-07-26 13:02 68,096 a------- g:\windows\zip_exe
2009-07-26 05:12 <DIR> --d----- g:\documents and settings\eid\jkos-eid
2009-07-26 03:42 <DIR> --d----- g:\docume~1\alluse~1\datosd~1\13009534
2009-07-24 22:57 237,568 a------- g:\windows\system32\rmc_rtspdl.dll
2009-07-24 22:57 156,672 a------- g:\windows\system32\rmc_fixasf.exe
2009-07-24 22:56 323,584 a------- g:\windows\system32\AUDIOGENIE2.DLL
2009-07-24 22:54 <DIR> --d----- g:\windows\Replay Media Catcher
2009-07-24 22:54 <DIR> --d----- g:\archivos de programa\Replay Media Catcher
2009-07-23 02:25 <DIR> --d----- G:\Sandbox
2009-07-23 02:24 1,464 a------- g:\windows\Sandboxie.ini
2009-07-23 02:24 <DIR> --d----- g:\archivos de programa\Sandboxie

==================== Find3M ====================

2009-08-16 18:50 335,240 a------- g:\windows\system32\drivers\avgldx86.sys
2009-08-16 18:50 11,952 a------- g:\windows\system32\avgrsstx.dll
2009-07-31 18:03 46,488 a---h--- g:\windows\system32\mlfcache.dat
2009-07-31 07:38 567,286 a------- g:\windows\system32\perfh00A.dat
2009-07-31 07:38 100,452 a------- g:\windows\system32\perfc00A.dat
2009-07-26 05:22 410,984 a------- g:\windows\system32\deploytk.dll
2009-07-26 03:41 182,912 a------- g:\windows\system32\drivers\ndis.sys
2009-07-13 13:36 38,160 a------- g:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- g:\windows\system32\drivers\mbam.sys
2009-07-09 12:16 39,424 a------- g:\windows\system32\drivers\usbaapl.sys
2009-06-24 22:05 47,360 a------- g:\docume~1\eid\datosd~1\pcouffin.sys
2009-06-24 22:02 47,360 a------- g:\windows\system32\drivers\pcouffin.sys
2009-06-21 15:00 721,904 a------- g:\windows\system32\drivers\sptd.sys
2009-06-21 14:16 11,006 a------- g:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-06-21 14:15 3,003 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
2009-06-21 14:15 2,901 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
2009-06-21 14:15 2,870 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
2009-06-21 14:15 2,837 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
2009-06-21 14:15 3,000 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
2009-06-21 14:15 2,872 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
2009-06-21 14:14 2,880 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
2009-06-21 14:13 14,646 a------- g:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-06-20 19:28 85,504 a------- g:\windows\system32\ff_vfw.dll
2009-06-14 16:21 60,273 a------- g:\windows\system32\pthreadGC2.dll
2009-06-07 16:24 180,224 a------- g:\windows\system32\xvidvfw.dll
2009-06-07 16:16 819,200 a------- g:\windows\system32\xvidcore.dll
2009-06-02 11:17 75,776 a------- g:\windows\system32\WS2Fix.exe
2008-05-13 00:29 1,214,314 a------- g:\archivos de programa\ProcessExplorerNT.rar
2007-12-12 02:44 92,064 a------- g:\documents and settings\eid\mqdmmdm.sys
2007-12-12 02:44 79,328 a------- g:\documents and settings\eid\mqdmserd.sys
2007-12-12 02:44 66,656 a------- g:\documents and settings\eid\mqdmbus.sys
2007-12-12 02:44 25,600 a------- g:\documents and settings\eid\usbsermptxp.sys
2007-12-12 02:44 22,768 a------- g:\documents and settings\eid\usbsermpt.sys
2007-12-12 02:44 9,232 a------- g:\documents and settings\eid\mqdmmdfl.sys
2007-12-12 02:44 6,208 a------- g:\documents and settings\eid\mqdmcmnt.sys
2007-12-12 02:44 5,936 a------- g:\documents and settings\eid\mqdmwhnt.sys
2007-12-12 02:44 4,048 a------- g:\documents and settings\eid\mqdmcr.sys

============= FINISH: 1:52:26.20 ===============

Attached Files



#7 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 19 August 2009 - 05:02 AM

Hello ajora, and :) to Bleeping Computer Malware Removal Forum, My Nick is Net_Surfer I'll be glad to help you with your computer problems.

I will be working on your Malware issues, this may or may not solve other issues you may have with your machine.

Sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown Here.

-----------------------------*------------------------------


Please be patient and I'd be grateful if you would note the following:

The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.

1. Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic.
2. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
3. All of my posts need to be checked by my coach before they are posted here your benefit will be "four eyes and two brains" looking into your problem, but my responses may be somewhat delayed so please be patient while I attempt to remove your malware.
4. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.


In the meantime Please, Do NOT install any new programs or update anything unless told to do so while we are fixing your problem.

Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

Kind regards
Net_Surfer

:thumbup2:

#8 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 20 August 2009 - 08:17 AM



NOTICE:
These steps are for member: ajora. ONLY. If you are a lurker, do NOT try this on your system! If you are not the topic starter and have a similar problem, do NOT post here; DO NOT follow these directions as they could damage the workings of your system. Please start your own topic.


Ok. _ ajora..It come to my attention that you have another request for help at geeks to go, you need to let them know that you are getting help here at BleepingComputer.
HERE is the link to your request there.

please observe these rules while we work
:
  • Please Read All Instructions Carefully
  • Perform all actions in the order given.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
  • In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please continue to review my answers until I tell you that your machine is clean and free of malware. (Remember absence of symptoms does not mean that everything is clear).
Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly. :thumbup2:

------------------------------^-----------------------------


I need you to read and take some action on The following warnings:
.


Beware Unlocker 1.8.7 Warning

Going over your logs, I noticed that you have the Unlocker 1.8.7 program installed in your system.

Unlocker is an extremely useful utility that allows you to remove file locks on files and directories. In the past I've downloaded and installed this program without incident, it appears to be the latest release (1.8.7) which is problematic.

The problem with this version is that it installs a program called eBayShortcut.exe. The installer even gives you the option to deselect this but unfortunately it gets installed anyways. What makes it worse is that it is not uninstalled correctly by the installer which is a big problem.

You can read more about it: HERE.<--And--> HERE.

I uploaded the ebayshortcuts.exe file to threatexpert. This is their report: http://www.threatexpert.com/report.aspx?md...dbfadfbc1299136.

Apparently, the program tries to connect to www.adon-demand.de and download additional files. I suggest everyone delete this program.

The only ebay shortcut I need is when I point my browser to www.ebay.com. lol , but if you are going to provide links to a revenue generating site, you should do so with actual shortcuts, not via executables. This just reeks of bad judgement on the part of the Unlocker folks and I hope they do a better job with this in the future.


**I would recommend that you uninstall Unlocker 1.8.7, or you can go back and install 1.8.5, which seems to be the most recent version without the ebay links.

However that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

-------------------------*-------------------------


:cool: P2P Warning :)

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case: µTorrent and Utatane). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.

I would recommend that you uninstall µTorrent and Utatane, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.
Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

-------------------------*-------------------------


I see you are running Teatimer. I suggest you to disable it
Firstly, we need to disable SpyBot's Teatimer which can interfere with the fixes.


TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

---------------------------**--------------------------------

Please carefully follow the next set of steps:

Step #1.

OK.. ajora, there are signs that you ran ComboFix and SDFix on your own. :)


That's Not Good... Not GOOD.. :) You may have shot yourself in the foot. :)

Combofix is a very complex and dangerous tool. It is not a one fit all tool and it is not automatically removing what needs to be removed by itself. It is like a scalpel in the hands of a surgeon. A surgeon can remove exactly what is need and no more while an untrained person would either cut too much or not enough.

Combofix is powerful enough to be able to render your computer unbootable if used wrongly or to leave your computer infected if you do not know what you are doing..



You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.

It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.



Please read Combofix's Disclaimer.


Please post the "C:\ComboFix.txt" and the SDFix log, I need to see what this tools deleted.

Step #2.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java Runtime Environment (JRE) .
JRE 6 Update 16 is the current one. ( don't install it yet )
Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Now install the Java Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

Step #3.

ATF Temp Cleaner

Please download Posted Image ATF Cleaner-3 and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_...refetch-XP.html

Step #4.

Malwarebytes' Anti-Malware

Please download Posted ImageMalwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Tutorial if needed

Step #5.

We need to see more information about what is happening in your machine. Please perform the following scan:

Run random's system information tool (RSIT)

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Please note that it is important that RSIT be run and a log created while in normal mode. *If you run it and create your log while in safe mode, you will be asked to redo it again properly.
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
Please post the contents of both here in your next reply.

log.txt (<<--- will be maximized) and info.txt (<<--- will be minimized)


Summary of the logs I will need in your next reply:
  • The report log of combofix
  • The report log of SDFix
  • The report log of MBAM
  • The two logs of RSIT
And a description of any remaining problems in your next post.

How are things your end ajora???.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

:)

#9 ajora

ajora
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 20 August 2009 - 09:30 PM

Thanks for the reply Net surfer, the truth is this computer is used by my brother as well, so we use the same profile on Windows, while i know there are P2P software on this PC, i know exactly what it is used for, so there is really nothing to be worried about. In regards to your request on the logs, i don't know where the SDFix log is, i found the ComboFix one because my brother had installed a burning program and it installed a terrible barrage of virus... If you want me to, i can run SDFix again and post the log.

Also another note, on the extra instances of svchost.exe running, i use Process Explorer to suspend them, that will stop the spawning of msnmsgr.exe, iexplore.exe and just recently, wmiprvse.exe . I also have suspended those with process explorer, but i will resume their activite while running your tools. I will post back to give you the new logs.

#10 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 20 August 2009 - 10:50 PM

Hi again ajora, :thumbup2:

Thanks for quick reply the same way you found the combofix log, the SDFix report log is saved in the SDFix folder as Report.txt.

Just to be sure again: copy and paste the report logs here, do not attach them.

Thanks.
Net_Surfer

Psss..... I noticed that you have some files saved in the system in spanish, do you also speak spanish ???

I do. :)

#11 ajora

ajora
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 21 August 2009 - 01:38 AM

Yeah, found them already, i also speak spanish hehe,

Here are the logs:

Combofix:

ComboFix 09-07-25.08 - eid 26/07/2009 13:04.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.510.193 [GMT -5:00]
Running from: g:\documents and settings\eid\Escritorio\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

g:\archivos de programa\LPVideoPlugin
g:\documents and settings\eid\Datos de programa\bcrypt.html
g:\documents and settings\eid\Datos de programa\inst.exe
g:\recycler\S-1-5-21-9189116906-8001341077-675121458-8137
g:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
g:\windows\FONTS\cooecp.tlb
g:\windows\Fonts\mlog
g:\windows\FONTS\windef.Log
g:\windows\Install.txt
g:\windows\irc.txt
g:\windows\jestertb.dll
g:\windows\system32\404Fix.exe
g:\windows\system32\6to4v32.dll
g:\windows\system32\Agent.OMZ.Fix.exe
g:\windows\system32\dumphive.exe
g:\windows\system32\FInstall.sys
g:\windows\system32\IEDFix.C.exe
g:\windows\system32\IEDFix.exe
g:\windows\system32\msncache.dll
g:\windows\system32\o4Patch.exe
g:\windows\system32\OggDSuninst.exe
g:\windows\system32\Process.exe
g:\windows\system32\skinboxer43.dll
g:\windows\system32\sopidkc.exe
g:\windows\system32\SrchSTS.exe
g:\windows\system32\systeminfo3.dll
g:\windows\system32\tmp.reg
g:\windows\system32\VACFix.exe
g:\windows\system32\VCCLSID.exe
g:\windows\system32\wiawow32.sys
g:\windows\system32\wiwow64.exe
g:\windows\system32\WS2Fix.exe
g:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-26 10:12 . 2009-07-26 10:12 -------- d-----w- g:\documents and settings\eid\jkos-eid
2009-07-26 08:42 . 2009-07-26 14:38 -------- d-----w- g:\documents and settings\All Users\Datos de programa\13009534
2009-07-26 08:42 . 2009-07-26 08:42 40960 --sh--r- g:\windows\system32\flashad32.dll
2009-07-25 03:57 . 2009-07-25 04:34 237568 ----a-w- g:\windows\system32\rmc_rtspdl.dll
2009-07-25 03:57 . 2009-07-25 04:34 156672 ----a-w- g:\windows\system32\rmc_fixasf.exe
2009-07-25 03:56 . 2009-07-25 04:34 323584 ----a-w- g:\windows\system32\AUDIOGENIE2.DLL
2009-07-25 03:54 . 2009-07-25 04:35 -------- d-----w- g:\archivos de programa\Replay Media Catcher
2009-07-25 03:54 . 2009-07-25 04:32 -------- d-----w- g:\windows\Replay Media Catcher
2009-07-23 07:25 . 2009-07-23 07:25 -------- d-----w- G:\Sandbox
2009-07-23 07:24 . 2009-07-23 07:24 -------- d-----w- g:\archivos de programa\Sandboxie
2009-07-23 07:16 . 2009-07-23 07:16 -------- d-----w- g:\documents and settings\eid\Datos de programa\Nero
2009-07-15 06:28 . 2009-07-15 06:29 -------- d-----w- g:\windows\system32\NtmsData
2009-07-14 18:53 . 2009-07-19 09:18 -------- d-----w- g:\archivos de programa\FlashFXP
2009-07-14 04:56 . 2009-07-14 04:56 -------- d-----w- g:\archivos de programa\Ontrack
2009-07-08 13:01 . 2009-07-03 14:37 2167576 ----a-w- g:\documents and settings\All Users\Datos de programa\avg8\update\backup\avgresf.dll
2009-07-03 14:38 . 2009-07-03 14:38 3403032 ----a-w- g:\documents and settings\All Users\Datos de programa\avg8\update\backup\avgui.exe
2009-07-02 14:18 . 2009-07-03 14:38 2054424 ----a-w- g:\documents and settings\All Users\Datos de programa\avg8\update\backup\avgcorex.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 10:22 . 2008-12-04 00:53 410984 ----a-w- g:\windows\system32\deploytk.dll
2009-07-26 08:41 . 2004-08-03 21:14 212480 ----a-w- g:\windows\system32\drivers\ndis.sys
2009-07-26 08:20 . 2007-09-06 05:08 -------- d-----w- g:\archivos de programa\Trillian
2009-07-26 07:27 . 2008-04-13 20:58 -------- d-----w- g:\documents and settings\eid\Datos de programa\FileZilla
2009-07-25 13:50 . 2007-09-13 00:07 -------- d-----w- g:\documents and settings\eid\Datos de programa\uTorrent
2009-07-24 07:55 . 2008-09-25 19:56 -------- d-----w- g:\documents and settings\eid\Datos de programa\Free Download Manager
2009-07-23 04:30 . 2007-09-06 07:15 -------- d-----w- g:\documents and settings\eid\Datos de programa\LimeWire
2009-07-19 05:06 . 2009-06-21 20:00 -------- d-----w- g:\documents and settings\eid\Datos de programa\DAEMON Tools Lite
2009-07-14 04:57 . 2007-09-08 17:27 -------- d--h--w- g:\archivos de programa\InstallShield Installation Information
2009-07-11 16:22 . 2008-01-01 21:59 -------- d-----w- g:\documents and settings\eid\Datos de programa\dBpoweramp
2009-07-03 14:38 . 2008-07-03 03:30 335752 ----a-w- g:\windows\system32\drivers\avgldx86.sys
2009-06-26 05:49 . 2007-09-14 17:49 44156 ---ha-w- g:\windows\system32\mlfcache.dat
2009-06-25 14:14 . 2009-06-21 20:58 -------- d-----w- g:\archivos de programa\OpenOffice.org 3
2009-06-25 04:08 . 2007-09-06 07:06 -------- d-----w- g:\archivos de programa\MSN Messenger
2009-06-25 03:11 . 2009-06-25 03:11 -------- d-----w- g:\documents and settings\eid\Datos de programa\SlySoft
2009-06-25 03:10 . 2009-03-02 02:30 -------- d-----w- g:\documents and settings\All Users\Datos de programa\SlySoft
2009-06-25 03:10 . 2009-03-02 02:29 -------- d-----w- g:\archivos de programa\SlySoft
2009-06-25 03:08 . 2009-06-25 03:08 -------- d-----w- g:\archivos de programa\Elaborate Bytes
2009-06-25 03:05 . 2009-06-25 03:02 -------- d-----w- g:\documents and settings\eid\Datos de programa\Vso
2009-06-25 03:05 . 2009-06-25 03:02 47360 ----a-w- g:\documents and settings\eid\Datos de programa\pcouffin.sys
2009-06-25 03:05 . 2009-06-25 03:02 47360 ----a-w- g:\documents and settings\eid\Datos de programa\pcouffin.sys
2009-06-25 03:02 . 2009-06-25 03:02 47360 ----a-w- g:\windows\system32\drivers\pcouffin.sys
2009-06-25 02:53 . 2009-06-25 02:53 -------- d-----w- g:\archivos de programa\Archivos comunes\Windows Live
2009-06-21 21:20 . 2009-06-21 21:20 1 ----a-w- g:\documents and settings\eid\Datos de programa\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-21 21:19 . 2009-06-21 21:19 -------- d-----w- g:\documents and settings\eid\Datos de programa\OpenOffice.org
2009-06-21 20:57 . 2009-06-21 18:33 -------- d-----w- g:\archivos de programa\Java
2009-06-21 20:22 . 2007-09-06 06:41 -------- d-----w- g:\documents and settings\eid\Datos de programa\BSplayer Pro
2009-06-21 20:18 . 2009-06-21 20:18 -------- d-----w- g:\archivos de programa\QT Lite
2009-06-21 20:18 . 2007-09-07 04:56 -------- d-----w- g:\documents and settings\All Users\Datos de programa\Apple Computer
2009-06-21 20:18 . 2007-09-07 04:59 -------- d-----w- g:\documents and settings\eid\Datos de programa\Apple Computer
2009-06-21 20:08 . 2009-06-21 20:06 -------- d-----w- g:\archivos de programa\DAEMON Tools Toolbar
2009-06-21 20:07 . 2009-06-21 20:07 -------- d-----w- g:\documents and settings\All Users\Datos de programa\DAEMON Tools Lite
2009-06-21 20:07 . 2009-06-21 20:06 -------- d-----w- g:\archivos de programa\DAEMON Tools Lite
2009-06-21 20:00 . 2007-09-06 07:03 721904 ----a-w- g:\windows\system32\drivers\sptd.sys
2009-06-21 19:29 . 2007-09-07 01:25 -------- d-----w- g:\archivos de programa\DivX
2009-06-21 19:22 . 2007-09-06 05:45 -------- d-----w- g:\archivos de programa\Xvid
2009-06-21 19:21 . 2009-03-25 00:29 -------- d-----w- g:\archivos de programa\ffdshow
2009-06-21 19:20 . 2009-06-21 08:23 -------- d-----w- g:\documents and settings\All Users\Datos de programa\NOS
2009-06-21 19:20 . 2009-06-21 08:23 -------- d-----w- g:\archivos de programa\NOS
2009-06-21 19:16 . 2008-09-02 21:03 11006 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-06-21 19:15 . 2009-06-21 19:15 3003 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
2009-06-21 19:15 . 2009-06-21 19:15 2901 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
2009-06-21 19:15 . 2009-06-21 19:15 2870 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
2009-06-21 19:15 . 2009-06-21 19:15 2837 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
2009-06-21 19:15 . 2009-06-21 19:15 3000 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
2009-06-21 19:15 . 2009-06-21 19:15 2872 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
2009-06-21 19:14 . 2009-06-21 19:14 2880 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
2009-06-21 19:13 . 2009-06-21 19:13 14646 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-06-21 19:02 . 2007-09-18 05:28 -------- d-----w- g:\documents and settings\All Users\Datos de programa\DVD Shrink
2009-06-21 19:01 . 2007-10-11 01:38 -------- d-----w- g:\archivos de programa\DC++
2009-06-21 18:33 . 2009-06-21 18:23 152576 ----a-w- g:\documents and settings\eid\Datos de programa\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-21 08:30 . 2007-09-28 05:34 -------- d-----w- g:\archivos de programa\Archivos comunes\Adobe
2009-06-21 07:47 . 2008-07-03 03:30 27784 ----a-w- g:\windows\system32\drivers\avgmfx86.sys
2009-06-21 07:46 . 2008-06-20 19:59 -------- d-----w- g:\documents and settings\All Users\Datos de programa\avg8
2009-06-21 06:51 . 2008-02-03 04:25 -------- d-----w- g:\archivos de programa\Unlocker
2009-06-21 06:50 . 2007-09-06 07:16 -------- d-----w- g:\archivos de programa\CopyFilenames
2009-06-21 05:57 . 2009-06-21 05:57 1606 ----a-w- g:\windows\system32\PerfStringBackup.TMP
2009-06-21 05:57 . 2001-08-24 10:00 61124 ----a-w- g:\windows\system32\perfc00A.dat
2009-06-21 05:57 . 2001-08-24 10:00 424834 ----a-w- g:\windows\system32\perfh00A.dat
2009-06-21 00:28 . 2009-03-25 00:29 85504 ----a-w- g:\windows\system32\ff_vfw.dll
2009-06-17 06:29 . 2007-09-08 06:39 -------- d-----w- g:\archivos de programa\NJStar Japanese WP
2009-06-14 21:21 . 2009-03-25 00:29 60273 ----a-w- g:\windows\system32\pthreadGC2.dll
2009-06-11 06:12 . 2008-03-19 20:36 -------- d-----w- g:\documents and settings\eid\Datos de programa\dvdcss
2009-06-10 07:07 . 2008-02-20 03:13 -------- d-----w- g:\archivos de programa\LimeWire
2009-06-07 21:24 . 2007-09-06 05:45 180224 ----a-w- g:\windows\system32\xvidvfw.dll
2009-06-07 21:16 . 2007-09-06 05:45 819200 ----a-w- g:\windows\system32\xvidcore.dll
2009-06-01 13:25 . 2008-04-13 20:56 -------- d-----w- g:\archivos de programa\FileZilla FTP Client
2009-05-31 18:58 . 2009-05-31 18:58 -------- d-----w- g:\archivos de programa\Archivos comunes\Canopus Shared
2009-05-30 05:29 . 2009-05-30 05:29 -------- d-----w- g:\archivos de programa\AviFiXP
2009-05-24 22:02 . 2009-05-24 22:01 965456 ----a-w- g:\documents and settings\eid\Datos de programa\Move Networks\MoveMediaPlayer_win_mozilla_071303000005.exe
2009-05-21 20:54 . 2009-06-21 20:42 57856 ----a-w- g:\documents and settings\eid\Datos de programa\Mozilla\Firefox\Profiles\zai3bjkb.default\extensions\nicofox@littlebtc\platform\WINNT_x86-msvc\components\winprocess.dll
2009-05-02 13:22 . 2008-07-03 03:30 11952 ----a-w- g:\windows\system32\avgrsstx.dll
2009-05-02 13:22 . 2009-03-06 12:38 108552 ----a-w- g:\windows\system32\drivers\avgtdix.sys
2008-05-13 05:29 . 2008-05-13 05:29 1214314 ----a-w- g:\archivos de programa\ProcessExplorerNT.rar
2009-06-13 05:54 . 2008-07-03 21:44 134648 ----a-w- g:\archivos de programa\mozilla firefox\components\brwsrcmp.dll
2007-09-18 05:38 . 2007-09-18 05:38 24 --sh--w- g:\windows\S327854B5.tmp
.

------- Sigcheck -------

[-] 2009-07-26 08:41 212480 4E8B4F9E5CD6EB7042F726D1DEAD2DB7 g:\windows\system32\dllcache\ndis.sys
[-] 2009-07-26 08:41 212480 4E8B4F9E5CD6EB7042F726D1DEAD2DB7 g:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SpybotSD TeaTimer"="g:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"AlcoholAutomount"="g:\archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"SandboxieControl"="g:\archivos de programa\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="g:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="g:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="g:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"AVG8_TRAY"="g:\archiv~1\AVG\AVG8\avgtray.exe" [2009-06-21 1948440]
"Adobe Reader Speed Launcher"="g:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="g:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-07-26 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"msnmsgr"="g:\archivos de programa\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-02 13:22 11952 ----a-w- g:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^LaunchU3.exe.lnk]
path=g:\documents and settings\All Users\Menú Inicio\Programas\Inicio\LaunchU3.exe.lnk
backup=g:\windows\pss\LaunchU3.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Archivos de programa\\Utatane\\utatane1043\\Utatane.exe"=
"g:\\Archivos de programa\\AVG\\AVG8\\avgemc.exe"=
"g:\\Archivos de programa\\AVG\\AVG8\\avgupd.exe"=
"g:\\Archivos de programa\\AVG\\AVG8\\avgnsx.exe"=
"g:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"g:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"g:\\Archivos de programa\\MSN Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [02/07/2008 10:30 p.m. 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;g:\windows\system32\drivers\avgtdix.sys [06/03/2009 07:38 a.m. 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;g:\archiv~1\AVG\AVG8\avgemc.exe [21/06/2009 02:47 a.m. 907032]
R2 avg8wd;AVG Free8 WatchDog;g:\archiv~1\AVG\AVG8\avgwdsvc.exe [02/07/2008 10:30 p.m. 298776]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;g:\windows\system32\drivers\psxpad.sys [16/09/2007 03:07 p.m. 12160]
R3 PsxPortEnumerator;Psx Port Enumerator;g:\windows\system32\drivers\psxenum.sys [16/09/2007 03:07 p.m. 16896]
R3 SbieDrv;SbieDrv;g:\archivos de programa\Sandboxie\SbieDrv.sys [28/05/2009 08:32 a.m. 108032]

--- Other Services/Drivers In Memory ---

*Deregistered* - PROCEXP110
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = localhost:80
uInternet Settings,ProxyOverride = *.local
DPF: {31435657-9980-0010-8000-00AA00389B71}
DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 13:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1303643608-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{451E1468-B877-9E57-075B-A2093EF94579}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abmfeodfndphabgggbmcicibdecoemlkna"=hex:61,61,00,00
"manfjhhojmfinbafefkfckgemn"=hex:61,61,00,00
.
Completion time: 2009-07-26 13:19
ComboFix-quarantined-files.txt 2009-07-26 18:18

Pre-Run: 9,444,327,424 bytes libres
Post-Run: 9,507,164,160 bytes libres

227



-----------------

SDFIX:

SDFix: Version 1.240
Run by eid on 27/07/2009 at 07:13 p.m.

Microsoft Windows XP [Versión 5.1.2600]
Running From: G:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :

G:\WINDOWS
:E24A978986E66214 24
Total size: 24 bytes.
WINDOWS: deleted 24 bytes in 1 streams.

Checking for remaining Streams

G:\WINDOWS
No streams found.



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 19:29:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\geyekruspmetdc]
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=str(2):"\systemroot\system32\drivers\geyekrbqeuymbp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\geyekruspmetdc\main]
"aid"="10048"
"sid"="0"
"cmddelay"=dword:00003840

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\geyekruspmetdc\modules]
"geyekrrk.sys"="\systemroot\system32\drivers\geyekrbqeuymbp.sys"
"geyekrcmd.dll"="\systemroot\system32\geyekrrivblxnf.dll"
"geyekrlog.dat"="\systemroot\system32\geyekrdbginael.dat"
"geyekrwsp.dll"="\systemroot\system32\geyekrwhpfyxbe.dll"
"geyekr.dat"="\systemroot\system32\geyekryvvdlyik.dat"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="G:\Archivos de programa\DAEMON Tools Lite\"
"h0"=dword:00000000
"hdf12"=hex:0c,ea,92,99,11,58,9e,34,58,7f,ef,85,39,09,e2,08,3b,ff,d6,52,40,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,f6,a6,de,72,99,c9,45,bd,6a,b1,17,92,a6,33,a2,8f,f8,..
"hdf12"=hex:af,84,2c,49,43,97,1b,55,3a,d4,bb,a0,1c,56,62,74,cd,f4,33,f6,45,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:35,e7,46,75,a4,60,64,41,9a,c1,6c,00,9b,93,a2,f2,61,34,91,e4,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="G:\Archivos de programa\DAEMON Tools Lite\"
"h0"=dword:00000000
"hdf12"=hex:0c,ea,92,99,11,58,9e,34,58,7f,ef,85,39,09,e2,08,3b,ff,d6,52,40,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,f6,a6,de,72,99,c9,45,bd,6a,b1,17,92,a6,33,a2,8f,f8,..
"hdf12"=hex:af,84,2c,49,43,97,1b,55,3a,d4,bb,a0,1c,56,62,74,cd,f4,33,f6,45,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:35,e7,46,75,a4,60,64,41,9a,c1,6c,00,9b,93,a2,f2,61,34,91,e4,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\controlset003\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000002
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset003\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset003\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000023
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset003\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset003\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset003\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset003\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset003\Services\MRxDAV\EncryptedDirectories]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\controlset003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="G:\Archivos de programa\DAEMON Tools Lite\"
"h0"=dword:00000000
"hdf12"=hex:0c,ea,92,99,11,58,9e,34,58,7f,ef,85,39,09,e2,08,3b,ff,d6,52,40,..

[HKEY_LOCAL_MACHINE\SYSTEM\controlset003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,f6,a6,de,72,99,c9,45,bd,6a,b1,17,92,a6,33,a2,8f,f8,..
"hdf12"=hex:af,84,2c,49,43,97,1b,55,3a,d4,bb,a0,1c,56,62,74,cd,f4,33,f6,45,..

[HKEY_LOCAL_MACHINE\SYSTEM\controlset003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:35,e7,46,75,a4,60,64,41,9a,c1,6c,00,9b,93,a2,f2,61,34,91,e4,25,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{451E1468-B877-9E57-075B-A2093EF94579}]
"abmfeodfndphabgggbmcicibdecoemlkna"=hex:61,61,00,00
"manfjhhojmfinbafefkfckgemn"=hex:61,61,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\Archivos de programa\\Utatane\\utatane1043\\Utatane.exe"="G:\\Archivos de programa\\Utatane\\utatane1043\\Utatane.exe:*:Enabled:Opennap????? ??????"
"G:\\Archivos de programa\\AVG\\AVG8\\avgemc.exe"="G:\\Archivos de programa\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"G:\\Archivos de programa\\AVG\\AVG8\\avgupd.exe"="G:\\Archivos de programa\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"G:\\Archivos de programa\\AVG\\AVG8\\avgnsx.exe"="G:\\Archivos de programa\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"G:\\Archivos de programa\\uTorrent\\uTorrent.exe"="G:\\Archivos de programa\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"G:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"="G:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"G:\\Archivos de programa\\MSN Messenger\\livecall.exe"="G:\\Archivos de programa\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"="G:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"G:\\Archivos de programa\\MSN Messenger\\livecall.exe"="G:\\Archivos de programa\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "G:\Archivos de programa\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "G:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll"
Tue 16 Sep 2008 1,833,296 A.SHR --- "G:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "G:\Archivos de programa\Spybot - Search & Destroy\Tools.dll"
Sun 26 Jul 2009 40,960 ..SHR --- "G:\WINDOWS\system32\flashad32.dll"
Fri 9 Nov 2007 4,348 ..SH. --- "G:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 16 Nov 2007 0 A.SH. --- "G:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 23 Oct 2007 3,350,528 A..H. --- "G:\Documents and Settings\eid\Datos de programa\U3\temp\Launchpad Removal.exe"

Finished!

------------------
MBAM

Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 5.1.2600 Service Pack 2

21/08/2009 1:33:06 a.m.
mbam-log-2009-08-21 (01-33-06).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 214952
Time elapsed: 1 hour(s), 19 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
G:\Documents and Settings\All Users\Datos de programa\13009534 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
G:\Documents and Settings\All Users\Datos de programa\13009534\13009534 (Rogue.Multiple) -> Quarantined and deleted successfully.
G:\WINDOWS\temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

--------------
RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by eid at 2009-08-20 21:41:18
Microsoft Windows XP Professional Service Pack 2
System drive G: has 1 GB (3%) free of 35 GB
Total RAM: 510 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:25 p.m., on 20/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\ARCHIV~1\AVG\AVG8\avgtray.exe
G:\WINDOWS\system32\ctfmon.exe
G:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
G:\ARCHIV~1\AVG\AVG8\avgrsx.exe
G:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
G:\ARCHIV~1\AVG\AVG8\avgemc.exe
G:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
G:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Archivos de programa\iPod\bin\iPodService.exe
G:\Archivos de programa\MSN Messenger\usnsvc.exe
G:\ARCHIV~1\AVG\AVG8\avgnsx.exe
G:\Archivos de programa\ProcessExplorerNT\procexp.exe
G:\WINDOWS\system32\msiexec.exe
G:\Archivos de programa\Java\jre6\bin\jusched.exe
G:\Archivos de programa\Java\jre6\bin\jqs.exe
G:\Documents and Settings\eid\Escritorio\RSIT.exe
G:\WINDOWS\System32\svchost.exe
G:\Archivos de programa\Trend Micro\HijackThis\eid.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicaci? auxiliar de v?culos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] G:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus C79 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.EXE /FU "G:\WINDOWS\TEMP\E_S116.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [iTunesHelper] "G:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "G:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SandboxieControl] "G:\Archivos de programa\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "G:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "G:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Archivos de programa\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - G:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - G:\ARCHIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - G:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - G:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - G:\Archivos de programa\Sandboxie\SbieSvc.exe

--
End of file - 5059 bytes

======Scheduled tasks folder======

G:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
G:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aplicaci? auxiliar de v?culos de Adobe PDF Reader
- G:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - G:\Archivos de programa\Java\jre6\bin\jp2ssv.dll [2009-08-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - G:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-20 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"PHIME2002ASync"=G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"AVG8_TRAY"=G:\ARCHIV~1\AVG\AVG8\avgtray.exe [2009-08-16 2007832]
"Adobe Reader Speed Launcher"=G:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"EPSON Stylus C79 Series"=G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.EXE [2006-02-22 131072]
"iTunesHelper"=G:\Archivos de programa\iTunes\iTunesHelper.exe [2009-07-13 292128]
"SunJavaUpdateSched"=G:\Archivos de programa\Java\jre6\bin\jusched.exe [2009-08-20 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=G:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"AlcoholAutomount"=G:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe [2007-08-01 222592]
"SandboxieControl"=G:\Archivos de programa\Sandboxie\SbieCtrl.exe [2009-05-28 380416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
G:\Archivos de programa\SlySoft\AnyDVD\AnyDVDtray.exe [2009-05-10 8704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
G:\WINDOWS\system32\olhrwef.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kamsoft]
G:\WINDOWS\system32\kamsoft.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\G:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^LaunchU3.exe.lnk]
G:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2009-03-09 22486]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
G:\WINDOWS\system32\avgrsstx.dll [2009-08-16 11952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\Archivos de programa\Utatane\utatane1043\Utatane.exe"="G:\Archivos de programa\Utatane\utatane1043\Utatane.exe:*:Enabled:Opennap????? ??????"
"G:\Archivos de programa\AVG\AVG8\avgemc.exe"="G:\Archivos de programa\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"G:\Archivos de programa\AVG\AVG8\avgupd.exe"="G:\Archivos de programa\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"G:\Archivos de programa\AVG\AVG8\avgnsx.exe"="G:\Archivos de programa\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"G:\Archivos de programa\uTorrent\uTorrent.exe"="G:\Archivos de programa\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"G:\Archivos de programa\MSN Messenger\msnmsgr.exe"="G:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"G:\Archivos de programa\MSN Messenger\livecall.exe"="G:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"G:\Archivos de programa\iTunes\iTunes.exe"="G:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\Archivos de programa\MSN Messenger\msnmsgr.exe"="G:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"G:\Archivos de programa\MSN Messenger\livecall.exe"="G:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2980ff70-602a-11de-b5a6-00400589188c}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-08-20 21:41:18 ----D---- G:\rsit
2009-08-20 21:39:21 ----A---- G:\WINDOWS\system32\javaws.exe
2009-08-20 21:39:21 ----A---- G:\WINDOWS\system32\javaw.exe
2009-08-20 21:39:21 ----A---- G:\WINDOWS\system32\java.exe
2009-08-20 21:38:44 ----A---- G:\WINDOWS\system32\REN18E.tmp
2009-08-20 21:38:44 ----A---- G:\WINDOWS\system32\REN18D.tmp
2009-08-20 21:38:44 ----A---- G:\WINDOWS\system32\REN18C.tmp
2009-08-20 21:35:25 ----SHD---- G:\Config.Msi
2009-08-17 03:45:23 ----D---- G:\Documents and Settings\eid\Datos de programa\avidemux
2009-08-17 03:44:55 ----D---- G:\Archivos de programa\Avidemux 2.5
2009-08-17 03:19:14 ----D---- G:\WINDOWS\LastGood
2009-08-13 02:16:05 ----D---- G:\Archivos de programa\Datel
2009-08-11 03:18:00 ----D---- G:\Archivos de programa\HachaPro
2009-08-09 21:06:28 ----D---- G:\Documents and Settings\All Users\Datos de programa\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-09 21:06:28 ----D---- G:\Archivos de programa\iTunes
2009-08-09 21:04:05 ----A---- G:\WINDOWS\system32\usbaaplrc.dll
2009-08-09 07:00:15 ----D---- G:\Archivos de programa\MKV Demux All
2009-07-31 20:44:56 ----D---- G:\Archivos de programa\Nero
2009-07-31 07:42:10 ----N---- G:\WINDOWS\system32\spmsg2.dll
2009-07-31 07:42:09 ----HDC---- G:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-07-31 07:36:14 ----D---- G:\WINDOWS\system32\XPSViewer
2009-07-31 07:36:00 ----D---- G:\Archivos de programa\MSBuild
2009-07-31 07:35:40 ----D---- G:\Archivos de programa\Reference Assemblies
2009-07-31 03:44:09 ----D---- G:\WINDOWS\system32\URTTemp
2009-07-28 18:05:06 ----HD---- G:\$AVG8.VAULT$
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\WS2Fix.exe
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\VCCLSID.exe
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\VACFix.exe
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\swxcacls.exe
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\swsc.exe
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\swreg.exe
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\SrchSTS.exe
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\Process.exe
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\o4Patch.exe
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\IEDFix.exe
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\IEDFix.C.exe
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\dumphive.exe
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-07-27 22:00:34 ----A---- G:\WINDOWS\system32\404Fix.exe
2009-07-27 21:38:26 ----N---- G:\WINDOWS\system32\prntvpt.dll
2009-07-27 21:38:25 ----N---- G:\WINDOWS\system32\xpsshhdr.dll
2009-07-27 21:38:24 ----N---- G:\WINDOWS\system32\xpssvcs.dll
2009-07-27 20:28:48 ----N---- G:\WINDOWS\system32\spmsg.dll
2009-07-27 20:28:21 ----HDC---- G:\WINDOWS\$NtUninstallWIC$
2009-07-27 20:28:10 ----D---- G:\Archivos de programa\MSXML 6.0
2009-07-27 18:59:41 ----D---- G:\SDFix
2009-07-27 18:52:24 ----D---- G:\WINDOWS\CSC
2009-07-26 23:09:10 ----D---- G:\Archivos de programa\Trend Micro
2009-07-26 22:54:48 ----D---- G:\Archivos de programa\Panda Security
2009-07-26 16:14:17 ----D---- G:\Documents and Settings\All Users\Datos de programa\Lavasoft
2009-07-26 15:23:55 ----D---- G:\Rata Blanca D2
2009-07-26 15:06:58 ----SHD---- G:\RECYCLER
2009-07-26 13:19:03 ----A---- G:\ComboFix.txt
2009-07-26 13:02:46 ----A---- G:\WINDOWS\NIRCMD.exe
2009-07-26 13:02:46 ----A---- G:\WINDOWS\grep.exe
2009-07-26 13:02:36 ----D---- G:\WINDOWS\ERDNT
2009-07-26 13:02:25 ----D---- G:\Qoobox
2009-07-26 04:41:49 ----A---- G:\WINDOWS\system32\tmp.txt
2009-07-26 04:39:46 ----A---- G:\rapport.txt
2009-07-26 03:42:13 ----D---- G:\Documents and Settings\All Users\Datos de programa\13009534
2009-07-24 22:57:05 ----A---- G:\WINDOWS\system32\rmc_rtspdl.dll
2009-07-24 22:57:05 ----A---- G:\WINDOWS\system32\rmc_fixasf.exe
2009-07-24 22:56:29 ----A---- G:\WINDOWS\system32\AUDIOGENIE2.DLL
2009-07-24 22:54:17 ----D---- G:\WINDOWS\Replay Media Catcher
2009-07-24 22:54:17 ----D---- G:\Archivos de programa\Replay Media Catcher
2009-07-23 02:25:44 ----D---- G:\Sandbox
2009-07-23 02:24:29 ----A---- G:\WINDOWS\Sandboxie.ini
2009-07-23 02:24:13 ----D---- G:\Archivos de programa\Sandboxie
2009-07-23 02:16:56 ----D---- G:\Documents and Settings\eid\Datos de programa\Nero

======List of files/folders modified in the last 1 months======

2009-08-20 21:40:14 ----D---- G:\WINDOWS\Prefetch
2009-08-20 21:39:49 ----D---- G:\WINDOWS\temp
2009-08-20 21:39:37 ----SHD---- G:\WINDOWS\Installer
2009-08-20 21:39:21 ----D---- G:\WINDOWS\system32
2009-08-20 21:39:03 ----A---- G:\WINDOWS\system32\deploytk.dll
2009-08-20 21:38:40 ----D---- G:\WINDOWS\AppPatch
2009-08-20 21:38:31 ----D---- G:\Archivos de programa\Trillian
2009-08-20 21:37:54 ----D---- G:\Archivos de programa\Java
2009-08-20 21:37:02 ----D---- G:\Archivos de programa\Unlocker
2009-08-20 21:36:47 ----D---- G:\WINDOWS\system32\drivers
2009-08-20 21:36:23 ----D---- G:\Archivos de programa
2009-08-20 21:36:10 ----D---- G:\Archivos de programa\Malwarebytes' Anti-Malware
2009-08-20 21:10:32 ----D---- G:\Archivos de programa\Mozilla Firefox
2009-08-20 03:55:45 ----D---- G:\Archivos de programa\FlashFXP
2009-08-20 02:35:48 ----D---- G:\Documents and Settings\eid\Datos de programa\uTorrent
2009-08-19 23:15:12 ----D---- G:\Documents and Settings\eid\Datos de programa\LimeWire
2009-08-19 19:03:39 ----D---- G:\Documents and Settings\eid\Datos de programa\FileZilla
2009-08-17 03:35:05 ----D---- G:\WINDOWS\system
2009-08-17 03:19:18 ----HD---- G:\WINDOWS\inf
2009-08-17 03:19:16 ----D---- G:\WINDOWS\system32\CatRoot2
2009-08-17 03:19:14 ----AD---- G:\WINDOWS
2009-08-16 18:50:40 ----A---- G:\WINDOWS\system32\avgrsstx.dll
2009-08-09 21:15:08 ----SD---- G:\Documents and Settings\eid\Datos de programa\Microsoft
2009-08-09 21:07:02 ----DC---- G:\WINDOWS\system32\DRVSTORE
2009-08-09 21:05:50 ----D---- G:\Archivos de programa\internet explorer
2009-08-09 21:05:34 ----D---- G:\Archivos de programa\QT Lite
2009-08-09 21:04:32 ----SD---- G:\WINDOWS\Tasks
2009-08-09 06:07:46 ----D---- G:\Archivos de programa\NJStar Japanese WP
2009-08-09 00:39:52 ----D---- G:\Archivos de programa\AviSynth 2.5
2009-08-05 07:44:57 ----A---- G:\WINDOWS\SchedLgU.Txt
2009-07-31 08:47:55 ----RSD---- G:\WINDOWS\assembly
2009-07-31 08:47:55 ----D---- G:\WINDOWS\Microsoft.NET
2009-07-31 07:41:38 ----D---- G:\WINDOWS\system32\es-es
2009-07-31 07:38:15 ----A---- G:\WINDOWS\system32\PerfStringBackup.INI
2009-07-31 07:36:04 ----D---- G:\WINDOWS\system32\en-US
2009-07-31 07:35:49 ----RSD---- G:\WINDOWS\Fonts
2009-07-31 07:33:44 ----D---- G:\WINDOWS\WinSxS
2009-07-31 03:46:04 ----D---- G:\WINDOWS\Registration
2009-07-31 01:59:43 ----D---- G:\Documents and Settings\eid\Datos de programa\dvdcss
2009-07-28 00:37:00 ----RASH---- G:\boot.ini
2009-07-27 23:37:49 ----D---- G:\WINDOWS\system32\Restore
2009-07-27 21:40:47 ----D---- G:\WINDOWS\system32\spool
2009-07-27 21:39:35 ----RSHDC---- G:\WINDOWS\system32\dllcache
2009-07-27 20:29:03 ----A---- G:\WINDOWS\imsins.BAK
2009-07-27 19:12:24 ----A---- G:\WINDOWS\ntbtlog.txt
2009-07-26 13:13:14 ----N---- G:\WINDOWS\system.ini
2009-07-26 13:09:30 ----D---- G:\Archivos de programa\Archivos comunes
2009-07-26 04:37:12 ----A---- G:\WINDOWS\win.ini
2009-07-26 04:24:28 ----SHD---- G:\System Volume Information
2009-07-24 02:55:50 ----D---- G:\Documents and Settings\eid\Datos de programa\Free Download Manager

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; G:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-16 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; G:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; G:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-02 108552]
R1 ElbyCDIO;ElbyCDIO Driver; G:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 kbdhid;Controlador HID de teclado; G:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14976]
R1 P3;Controlador de procesador PentiumIII de Intel; G:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-19 46720]
R2 Aspi32;Aspi32; G:\WINDOWS\System32\drivers\aspi32.sys [2002-05-06 17005]
R2 Hardlock;Hardlock; \??\G:\WINDOWS\system32\drivers\hardlock.sys []
R2 tmcomm;tmcomm; \??\G:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ac97intc;Servicio de instalación del controlador de audio (WDM) de Intel® 82801; G:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; G:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Controlador de clases HID de Microsoft; G:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-24 9600]
R3 i81x;i81x; G:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
R3 mouhid;Controlador HID de mouse; G:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-24 12416]
R3 ms_mpu401;Controlador UART MIDI Microsoft MPU-401; G:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler; G:\WINDOWS\system32\drivers\psxpad.sys [2002-05-15 12160]
R3 PsxPortEnumerator;Psx Port Enumerator; G:\WINDOWS\System32\Drivers\psxenum.sys [2002-09-26 16896]
R3 rtl8139;Controlador de Windows NT del adaptador Fast Ethernet PCI basado en Realtek RTL8139(A/B/C); G:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SbieDrv;SbieDrv; \??\G:\Archivos de programa\Sandboxie\SbieDrv.sys []
R3 usbccgp;Controlador primario genérico USB de Microsoft; G:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft; G:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Controlador de concentrador estándar USB de Microsoft; G:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Controlador minipuerto de la controladora de host universal USB de Microsoft; G:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 avzrnnuj;avzrnnuj; G:\WINDOWS\system32\drivers\avzrnnuj.sys []
S3 catchme;catchme; \??\G:\DOCUME~1\eid\CONFIG~1\Temp\catchme.sys []
S3 iAimFP0;iAimFP0; G:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; G:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; G:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; G:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; G:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; G:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; G:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; G:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; G:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; G:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; G:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; G:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; G:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; G:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 ltmodem5;LT Modem Driver; G:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
S3 pcouffin;VSO Software pcouffin; G:\WINDOWS\System32\Drivers\pcouffin.sys [2009-06-24 47360]
S3 USBAAPL;Apple Mobile USB Driver; G:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbprint;Clase de impresora USB de Microsoft; G:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB; G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 sr;Controlador de filtro de Restaurar sistema; G:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-19 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; G:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; G:\ARCHIV~1\AVG\AVG8\avgemc.exe [2009-08-16 908056]
R2 avg8wd;AVG Free8 WatchDog; G:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe [2009-08-16 297752]
R2 JavaQuickStarterService;Java Quick Starter; G:\Archivos de programa\Java\jre6\bin\jqs.exe [2009-08-20 153376]
R3 iPod Service;Servicio del iPod; G:\Archivos de programa\iPod\bin\iPodService.exe [2009-07-13 542496]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; G:\Archivos de programa\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 SbieSvc;Sandboxie Service; G:\Archivos de programa\Sandboxie\SbieSvc.exe [2009-05-28 53760]
S3 aspnet_state;ASP.NET State Service; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; G:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; G:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-08-20 21:41:31

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 G:\WINDOWS\INF\PCHealth.inf
AC-3 ACM Codec-->G:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 G:\WINDOWS\INF\AC3ACM.inf
Adobe Flash Player 10 ActiveX-->G:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->G:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Espa?l-->MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"G:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->G:\Archivos de programa\AVG\AVG8\setup.exe /UNINSTALL
Avidemux 2.5-->G:\Archivos de programa\Avidemux 2.5\uninstall.exe
AviSynth 2.5-->"G:\Archivos de programa\AviSynth 2.5\Uninstall.exe"
Canopus Codec Option-->RunDll32 G:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "G:\Archivos de programa\InstallShield Installation Information\{772E9146-D676-4869-A298-047FF2A2B92D}\setup.exe" -l0x9
CloneDVD2-->"G:\Archivos de programa\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="G:\Archivos de programa\Elaborate Bytes\CloneDVD2"
CloneDVDmobile-->"G:\Archivos de programa\SlySoft\CloneDVDmobile\CloneDVDmobile-uninst.exe" /D="G:\Archivos de programa\SlySoft\CloneDVDmobile"
CopyFilenames 2.0-->"G:\Archivos de programa\CopyFilenames\unins000.exe"
dBpoweramp [Arrange Audio] Codec-->"G:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>G:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
dBpoweramp [Audio Info] Codec-->"G:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>G:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
dBpoweramp [Channel Split] Codec-->"G:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>G:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
dBpoweramp [ID Tag Update] Codec-->"G:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>G:\WINDOWS\system32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
dBpoweramp [Multi Encoder] Codec-->"G:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>G:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
dBpoweramp [ReplayGain] Codec-->"G:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>G:\WINDOWS\system32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
dBpoweramp [Tag From Filename] Codec-->"G:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>G:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
dBpoweramp DSP Effects-->"G:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>G:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
dBpoweramp Music Converter-->"G:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>G:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
Direct Show Ogg Vorbis Filter (remove only)-->"G:\WINDOWS\system32\OggDSuninst.exe"
DivX Codec-->G:\Archivos de programa\DivX\DivXCodecUninstall.exe /CODEC
EasyRecovery Professional-->G:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1033
ffdshow [rev 3014] [2009-06-20]-->"G:\Archivos de programa\ffdshow\unins000.exe"
HachaPro-->G:\Archivos de programa\HachaPro\uninstall.exe
HijackThis 2.0.2-->"G:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->G:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB915865)-->"G:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013F0}
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Lame ACM MP3 Codec-->G:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 G:\WINDOWS\INF\LameACM.inf
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ESN-->MsiExec.exe /I{85AC0FFA-643D-3103-9310-7086ECB0C36C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ESN-->MsiExec.exe /I{BDEDB104-4067-3D5E-81F0-DBEBFE856B45}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - esn-->MsiExec.exe /I{92E4A65F-7007-3357-A69A-167F71A337BD}
Microsoft .NET Framework 3.5 SP1-->G:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Internationalized Domain Names Mitigation APIs-->"G:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"G:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110C0A-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database-->G:\WINDOWS\system32\sdbinst.exe -u "G:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection G:\WINDOWS\INF\wmv9vcm.inf, Uninstall
mIRC-->"G:\ircN2\system\mirc.exe" -uninstall
MKV Demux All RC1-->"G:\Archivos de programa\MKV Demux All\unins000.exe"
Mozilla Firefox (3.5.2)-->G:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Lite 7.10.1.0-->"G:\Archivos de programa\Nero\unins000.exe"
Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn-->G:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\setup.exe
QT Lite 2.9.0-->"G:\Archivos de programa\QT Lite\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Replay Media Catcher 3.01-->"G:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:G:\Archivos de programa\Replay Media Catcher\Uninstall\uninstall.xml"
Replay Media Catcher 3.02-->"G:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:G:\Archivos de programa\Replay Media Catcher\Uninstall\uninstall.xml"
Sandboxie 3.38-->"G:\WINDOWS\Installer\SandboxieInstall.exe" /remove
Software de impresora EPSON-->G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->G:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Imaging Component-->"G:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"G:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"G:\Archivos de programa\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"G:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"G:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Xvid 1.2.2 final uninstall-->"G:\Archivos de programa\Xvid\unins000.exe"

=====HijackThis Backups=====

O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file) [2009-07-27]
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "G:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') [2009-07-27]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-07-27]
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Archivos de programa\AIM\aim.exe (file missing) [2009-07-27]
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') [2009-07-27]
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file) [2009-07-27]
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user') [2009-07-27]
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) [2009-07-27]
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - [2009-07-27]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Archivos de programa\Messenger\msmsgs.exe (file missing) [2009-07-27]
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} - [2009-07-27]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Archivos de programa\Messenger\msmsgs.exe (file missing) [2009-07-27]
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - [2009-07-27]
O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} - [2009-07-27]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free (disabled)

======System event log======

Computer Name: ZAK-E27039F1F9E
Event Code: 54
Message:
Record Number: 76698
Source Name: AvgTdiX
Time Written: 20090731204453.000000-300
Event Type: warning
User:

Computer Name: ZAK-E27039F1F9E
Event Code: 54
Message:
Record Number: 76697
Source Name: AvgTdiX
Time Written: 20090731204453.000000-300
Event Type: warning
User:

Computer Name: ZAK-E27039F1F9E
Event Code: 54
Message:
Record Number: 76696
Source Name: AvgTdiX
Time Written: 20090731204453.000000-300
Event Type: warning
User:

Computer Name: ZAK-E27039F1F9E
Event Code: 54
Message:
Record Number: 76695
Source Name: AvgTdiX
Time Written: 20090731204453.000000-300
Event Type: warning
User:

Computer Name: ZAK-E27039F1F9E
Event Code: 54
Message:
Record Number: 76694
Source Name: AvgTdiX
Time Written: 20090731204453.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: ZAK-E27039F1F9E
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 70351
Source Name: usnjsvc
Time Written: 20090715111241.000000-300
Event Type:
User:

Computer Name: ZAK-E27039F1F9E
Event Code: 455
Message: wuaueng.dll (2428) SUS20ClientDataStore: Error -1032 (0xfffffbf8) al abrir un archivo de registro G:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Record Number: 70323
Source Name: ESENT
Time Written: 20090714032726.000000-300
Event Type: error
User:

Computer Name: ZAK-E27039F1F9E
Event Code: 489
Message: wuauclt (2428) Al intentar abrir el archivo "G:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Record Number: 70322
Source Name: ESENT
Time Written: 20090714032721.000000-300
Event Type: error
User:

Computer Name: ZAK-E27039F1F9E
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 70313
Source Name: usnjsvc
Time Written: 20090714001238.000000-300
Event Type:
User:

Computer Name: ZAK-E27039F1F9E
Event Code: 1000
Message: Aplicación con errores: easyrecovery.exe, versión: 1.0.27.52, módulo con error: engine.dll, versión 1.0.16.48, dirección de error 0x000104a3.

Record Number: 70311
Source Name: Application Error
Time Written: 20090714000350.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;G:\Archivos de programa\QT Lite\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0806
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;G:\Archivos de programa\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=G:\Archivos de programa\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Hopefully these will help. I´m from Mexico, where are you from?

#12 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 22 August 2009 - 10:28 PM

Hello again ajora, :cool:

Good job, you found the logs. :thumbup2:

One or more of the identified infections is a
backdoor trojan/Keylogger.

A backdoor Trojan can allow an attacker ("hackers") to:
gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next set of steps.


---------------------------^--------------------------------

Step #1.

Firewall Warning

Going over your logs I noticed that you are in need of a firewall with outbound protection

While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers

I therefore strongly recommend that you install one of the following free firewalls: *PC Tool Firewall Plus or Zonealarm.
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall HERE

Important Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.

*If you choose the PC Tools Firewall Plus and you are asked to install ThreatFire do not do so.

Step #2.

I noticed that you installed the new version of Posted ImageJava, but you did not uninstall the old versions.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components.
I need you to follow this instructions:


***Please close any instances of Internet Explorer (or other web browser) before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
*if you do not want to use JavaRa, you can also do so via Control Panel>> Add / Remove Programs.
and remove old versions of java. Just ensure you do not uninstall the new version: Java™ 6 Update 16



Please read these instructions carefully and then write or print out or copy this page to Notepad file, in order to assist you when carrying out the fix. .

Step #3.

Firstly, I need you to delete your old version of ComboFix from your desktop so, we can install the recovery console using the new version of combofix.

After that you have deleted your old version of combofix, please do the following:


Download ComboFix from one of these locations:

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

* Please insert your flash drive and all usb-drives before running Combofix


Notes:
ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Please ensure that spybot teatimer is disable and your anti-spyware programs during the following steps.
If you are unsure on how to do this, please read this guide

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it as it's originally named.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image

  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

Note: The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Leave your computer alone while ComboFix is running. Do not mouseclick combofix's window while it's running. That may cause it to stall**
ComboFix will restart your computer if malware is found; allow it to do so.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Step #4.

Please download a new copy of GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step #5.

Please Re-scan with RSIT and post the log here in your next reply.

Summary of the logs I will need in your next reply:
  • The report log of ComboFix
  • The report log of Gmer
  • The log of RSIT.
And a description of any remaining problems in your next post.

How are things at your end ajora???.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Psss...... Naci en Culiacan Sinaloa, look at my signature and tell me si reconoces el escudo. :)

Thanks.
Kind regards
Net_Surfer

:)

#13 ajora

ajora
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 24 August 2009 - 07:46 AM

Hello Net_Surfer, i already unistalled the previous Java, but there are a lot of programs in the Add/Remove that cant be removed, and ver13 of Java is one of them. I already tried with JavaRa and it deleted all previous versions, any idea on how to clear the add/remove program list?

Here is the ComboFix log:

ComboFix 09-08-22.06 - eid 24/08/2009 1:18.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.510.259 [GMT -5:00]
Running from: g:\documents and settings\eid\Escritorio\ComboFix.exe
Command switches used :: g:\documents and settings\eid\Escritorio\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

g:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
g:\windows\system32\404Fix.exe
g:\windows\system32\Agent.OMZ.Fix.exe
g:\windows\system32\dumphive.exe
g:\windows\system32\IEDFix.C.exe
g:\windows\system32\IEDFix.exe
g:\windows\system32\o4Patch.exe
g:\windows\system32\Process.exe
g:\windows\system32\SrchSTS.exe
g:\windows\system32\tmp.reg
g:\windows\system32\VACFix.exe
g:\windows\system32\VCCLSID.exe
g:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.

2009-08-21 02:53 . 2009-08-03 18:36 38160 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 02:53 . 2009-08-21 02:53 -------- d-----w- g:\archivos de programa\Malwarebytes' Anti-Malware
2009-08-21 02:53 . 2009-08-03 18:36 19096 ----a-w- g:\windows\system32\drivers\mbam.sys
2009-08-21 02:41 . 2009-08-21 02:41 -------- d-----w- G:\rsit
2009-08-17 08:45 . 2009-08-17 08:45 -------- d-----w- g:\documents and settings\eid\Datos de programa\avidemux
2009-08-17 08:44 . 2009-08-17 08:45 -------- d-----w- g:\archivos de programa\Avidemux 2.5
2009-08-13 07:16 . 2009-08-13 07:16 -------- d-----w- g:\archivos de programa\Datel
2009-08-11 08:18 . 2009-08-11 08:18 -------- d-----w- g:\archivos de programa\HachaPro
2009-08-10 02:06 . 2009-08-10 02:06 -------- d-----w- g:\documents and settings\All Users\Datos de programa\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-10 02:06 . 2009-08-10 02:06 -------- d-----w- g:\archivos de programa\iTunes
2009-08-10 02:04 . 2009-07-09 17:16 2060288 ----a-w- g:\windows\system32\usbaaplrc.dll
2009-08-10 02:02 . 2009-08-10 02:02 -------- d-----w- g:\documents and settings\eid\Configuracion local
2009-08-09 12:00 . 2009-08-09 12:00 -------- d-----w- g:\archivos de programa\MKV Demux All
2009-08-01 01:44 . 2009-08-01 01:44 -------- d-----w- g:\archivos de programa\Nero
2009-07-31 12:42 . 2006-06-29 18:07 14048 ------w- g:\windows\system32\spmsg2.dll
2009-07-31 12:36 . 2009-07-31 12:41 -------- d-----w- g:\windows\system32\XPSViewer
2009-07-31 12:36 . 2009-07-31 12:36 -------- d-----w- g:\archivos de programa\MSBuild
2009-07-31 12:35 . 2009-07-31 12:35 -------- d-----w- g:\archivos de programa\Reference Assemblies
2009-07-31 08:44 . 2009-07-31 08:45 -------- d-----w- g:\windows\system32\URTTemp
2009-07-28 23:05 . 2009-08-19 06:21 -------- d--h--w- G:\$AVG8.VAULT$
2009-07-28 02:38 . 2008-07-06 12:06 89088 -c----w- g:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-28 02:38 . 2008-07-06 12:06 117760 ------w- g:\windows\system32\prntvpt.dll
2009-07-28 02:38 . 2008-07-06 10:50 597504 -c----w- g:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-28 02:38 . 2008-07-06 12:06 575488 -c----w- g:\windows\system32\dllcache\xpsshhdr.dll
2009-07-28 02:38 . 2008-07-06 12:06 575488 ------w- g:\windows\system32\xpsshhdr.dll
2009-07-28 02:38 . 2008-07-06 12:06 1676288 -c----w- g:\windows\system32\dllcache\xpssvcs.dll
2009-07-28 02:38 . 2008-07-06 12:06 1676288 ------w- g:\windows\system32\xpssvcs.dll
2009-07-28 01:28 . 2009-07-28 01:28 -------- d-----w- g:\archivos de programa\MSXML 6.0
2009-07-28 00:51 . 2009-07-28 00:48 102664 ----a-w- g:\windows\system32\drivers\tmcomm.sys
2009-07-28 00:48 . 2009-07-28 02:24 -------- d-----w- g:\documents and settings\eid\.housecall6.6
2009-07-27 23:59 . 2009-08-21 02:32 -------- d-----w- G:\SDFix
2009-07-27 04:09 . 2009-07-27 04:09 -------- d-----w- g:\archivos de programa\Trend Micro
2009-07-27 03:54 . 2009-08-21 02:36 -------- d-----w- g:\archivos de programa\Panda Security
2009-07-26 21:25 . 2009-07-26 21:25 -------- d-----w- g:\documents and settings\LocalService.NT AUTHORITY\Escritorio
2009-07-26 21:14 . 2009-07-28 05:02 -------- d-----w- g:\documents and settings\All Users\Datos de programa\Lavasoft
2009-07-26 10:12 . 2009-07-26 10:12 -------- d-----w- g:\documents and settings\eid\jkos-eid

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 06:14 . 2004-08-03 21:14 182912 ----a-w- g:\windows\system32\drivers\ndis.sys
2009-08-24 06:12 . 2008-12-04 00:53 411368 ----a-w- g:\windows\system32\deploytk.dll
2009-08-24 06:12 . 2009-06-21 18:33 -------- d-----w- g:\archivos de programa\Java
2009-08-24 06:10 . 2009-08-24 06:10 0 ----a-w- g:\windows\system32\REN1B.tmp
2009-08-24 06:10 . 2009-08-24 06:10 0 ----a-w- g:\windows\system32\REN1A.tmp
2009-08-24 06:10 . 2009-08-24 06:10 0 ----a-w- g:\windows\system32\REN19.tmp
2009-08-24 05:27 . 2007-09-06 07:15 -------- d-----w- g:\documents and settings\eid\Datos de programa\LimeWire
2009-08-23 08:44 . 2007-09-13 00:07 -------- d-----w- g:\documents and settings\eid\Datos de programa\uTorrent
2009-08-23 08:18 . 2009-07-25 03:54 -------- d-----w- g:\archivos de programa\Replay Media Catcher
2009-08-23 07:59 . 2009-07-25 03:57 237568 ----a-w- g:\windows\system32\rmc_rtspdl.dll
2009-08-23 07:59 . 2009-07-25 03:57 156672 ----a-w- g:\windows\system32\rmc_fixasf.exe
2009-08-23 07:59 . 2009-07-25 03:56 323584 ----a-w- g:\windows\system32\AUDIOGENIE2.DLL
2009-08-22 05:04 . 2007-09-08 06:39 -------- d-----w- g:\archivos de programa\NJStar Japanese WP
2009-08-21 08:14 . 2008-04-13 20:58 -------- d-----w- g:\documents and settings\eid\Datos de programa\FileZilla
2009-08-21 07:17 . 2009-07-14 18:53 -------- d-----w- g:\archivos de programa\FlashFXP
2009-08-21 02:51 . 2008-02-03 04:25 -------- d-----w- g:\archivos de programa\Unlocker
2009-08-21 02:38 . 2009-08-21 02:38 0 ----a-w- g:\windows\system32\REN18E.tmp
2009-08-21 02:38 . 2009-08-21 02:38 0 ----a-w- g:\windows\system32\REN18D.tmp
2009-08-21 02:38 . 2009-08-21 02:38 0 ----a-w- g:\windows\system32\REN18C.tmp
2009-08-21 02:38 . 2007-09-06 05:08 -------- d-----w- g:\archivos de programa\Trillian
2009-08-16 23:50 . 2008-07-03 03:30 335240 ----a-w- g:\windows\system32\drivers\avgldx86.sys
2009-08-16 23:50 . 2008-07-03 03:30 11952 ----a-w- g:\windows\system32\avgrsstx.dll
2009-08-16 23:50 . 2008-07-03 03:30 27784 ----a-w- g:\windows\system32\drivers\avgmfx86.sys
2009-08-10 02:05 . 2009-06-21 20:18 -------- d-----w- g:\archivos de programa\QT Lite
2009-08-09 05:39 . 2008-09-06 21:40 -------- d-----w- g:\archivos de programa\AviSynth 2.5
2009-07-31 23:03 . 2007-09-14 17:49 46488 ---ha-w- g:\windows\system32\mlfcache.dat
2009-07-31 12:38 . 2001-08-24 10:00 567286 ----a-w- g:\windows\system32\perfh00A.dat
2009-07-31 12:38 . 2001-08-24 10:00 100452 ----a-w- g:\windows\system32\perfc00A.dat
2009-07-31 06:59 . 2008-03-19 20:36 -------- d-----w- g:\documents and settings\eid\Datos de programa\dvdcss
2009-07-28 05:57 . 2008-04-08 08:09 29926 ----a-r- g:\documents and settings\eid\Datos de programa\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
2009-07-28 05:57 . 2008-04-08 08:09 29422 ----a-r- g:\documents and settings\eid\Datos de programa\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
2009-07-24 07:55 . 2008-09-25 19:56 -------- d-----w- g:\documents and settings\eid\Datos de programa\Free Download Manager
2009-07-23 07:24 . 2009-07-23 07:24 -------- d-----w- g:\archivos de programa\Sandboxie
2009-07-23 07:16 . 2009-07-23 07:16 -------- d-----w- g:\documents and settings\eid\Datos de programa\Nero
2009-07-19 05:06 . 2009-06-21 20:00 -------- d-----w- g:\documents and settings\eid\Datos de programa\DAEMON Tools Lite
2009-07-14 04:57 . 2007-09-08 17:27 -------- d--h--w- g:\archivos de programa\InstallShield Installation Information
2009-07-14 04:56 . 2009-07-14 04:56 -------- d-----w- g:\archivos de programa\Ontrack
2009-07-13 19:22 . 2009-07-13 19:22 75048 ----a-w- g:\documents and settings\All Users\Datos de programa\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-11 16:22 . 2008-01-01 21:59 -------- d-----w- g:\documents and settings\eid\Datos de programa\dBpoweramp
2009-07-09 17:16 . 2007-09-07 04:52 39424 ----a-w- g:\windows\system32\drivers\usbaapl.sys
2009-06-25 14:14 . 2009-06-21 20:58 -------- d-----w- g:\archivos de programa\OpenOffice.org 3
2009-06-25 03:05 . 2009-06-25 03:02 47360 ----a-w- g:\documents and settings\eid\Datos de programa\pcouffin.sys
2009-06-25 03:05 . 2009-06-25 03:02 47360 ----a-w- g:\documents and settings\eid\Datos de programa\pcouffin.sys
2009-06-25 03:02 . 2009-06-25 03:02 47360 ----a-w- g:\windows\system32\drivers\pcouffin.sys
2009-06-21 21:20 . 2009-06-21 21:20 1 ----a-w- g:\documents and settings\eid\Datos de programa\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-21 20:00 . 2007-09-06 07:03 721904 ----a-w- g:\windows\system32\drivers\sptd.sys
2009-06-21 19:16 . 2008-09-02 21:03 11006 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-06-21 19:15 . 2009-06-21 19:15 3003 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
2009-06-21 19:15 . 2009-06-21 19:15 2901 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
2009-06-21 19:15 . 2009-06-21 19:15 2870 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
2009-06-21 19:15 . 2009-06-21 19:15 2837 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
2009-06-21 19:15 . 2009-06-21 19:15 3000 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
2009-06-21 19:15 . 2009-06-21 19:15 2872 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
2009-06-21 19:14 . 2009-06-21 19:14 2880 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
2009-06-21 19:13 . 2009-06-21 19:13 14646 ----a-w- g:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-06-21 00:28 . 2009-03-25 00:29 85504 ----a-w- g:\windows\system32\ff_vfw.dll
2009-06-14 21:21 . 2009-03-25 00:29 60273 ----a-w- g:\windows\system32\pthreadGC2.dll
2009-06-07 21:24 . 2007-09-06 05:45 180224 ----a-w- g:\windows\system32\xvidvfw.dll
2009-06-07 21:16 . 2007-09-06 05:45 819200 ----a-w- g:\windows\system32\xvidcore.dll
2008-05-13 05:29 . 2008-05-13 05:29 1214314 ----a-w- g:\archivos de programa\ProcessExplorerNT.rar
.

((((((((((((((((((((((((((((( SnapShot@2009-07-26_18.13.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 13:05 . 2008-07-29 13:05 62976 g:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46080 g:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46592 g:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 64512 g:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66048 g:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 g:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 g:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 56832 g:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66560 g:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 39936 g:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 38912 g:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 g:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 g:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 80896 g:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 80896 g:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2009-08-24 06:31 . 2009-08-24 06:31 16384 g:\windows\temp\Perflib_Perfdata_588.dat
+ 1999-09-22 19:49 . 1999-09-22 19:49 99840 g:\windows\system32\Zipdll.dll
+ 2003-02-21 10:16 . 2003-02-21 10:16 49152 g:\windows\system32\URTTemp\regtlib.exe
+ 2009-07-31 08:44 . 2003-02-21 00:09 77824 g:\windows\system32\URTTemp\mscorsn.dll
+ 1999-09-22 19:49 . 1999-09-22 19:49 94208 g:\windows\system32\Unzdll.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 26112 g:\windows\system32\TsWpfWrp.exe
+ 2007-09-06 08:00 . 2007-11-30 11:18 26488 g:\windows\system32\spupdsvc.exe
+ 2009-07-28 02:41 . 2008-07-06 12:06 89088 g:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2009-07-28 01:28 . 2007-11-30 12:39 17272 g:\windows\system32\spmsg.dll
+ 2002-11-29 02:56 . 2002-11-29 02:56 65024 g:\windows\system32\sfx.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 43544 g:\windows\system32\PresentationHostProxy.dll
+ 2001-08-24 10:00 . 2009-07-31 12:38 90624 g:\windows\system32\perfc009.dat
+ 2008-07-26 06:56 . 2008-07-26 06:56 16384 g:\windows\system32\mui\0c0a\mscorees.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 15360 g:\windows\system32\mui\0409\mscorees.dll
+ 2007-05-08 22:08 . 2007-05-08 22:08 86728 g:\windows\system32\msxml6r.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 83968 g:\windows\system32\mscories.dll
+ 2008-07-30 00:24 . 2008-07-30 00:24 97800 g:\windows\system32\infocardapi.dll
+ 2008-07-30 00:24 . 2008-07-30 00:24 11264 g:\windows\system32\icardres.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 73720 g:\windows\system32\dxva2.dll
+ 2009-08-10 02:04 . 2009-07-09 17:16 39424 g:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaapl.sys
+ 2009-08-10 02:04 . 2009-07-09 17:16 17408 g:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2009-08-10 02:07 . 2009-03-19 21:32 23400 g:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2009-02-15 20:52 . 2009-03-19 21:32 23400 g:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-12-12 16:11 . 2008-12-12 16:11 61440 g:\windows\system32\dnssd.dll
- 2008-08-29 15:53 . 2008-08-29 15:53 61440 g:\windows\system32\dnssd.dll
- 2008-08-29 16:18 . 2008-08-29 16:18 87336 g:\windows\system32\dns-sd.exe
+ 2008-12-12 16:18 . 2008-12-12 16:18 87336 g:\windows\system32\dns-sd.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 96760 g:\windows\system32\dfshim.dll
+ 2009-07-26 18:16 . 2009-08-11 23:21 32768 g:\windows\system32\config\systemprofile\Datos de programa\Microsoft\Internet Explorer\UserData\index.dat
+ 2007-09-05 13:10 . 2009-08-23 23:29 32768 g:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-09-05 13:10 . 2009-07-26 18:12 32768 g:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-21 02:45 . 2009-08-21 02:41 32768 g:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\MSHist012009082020090821\index.dat
+ 2009-08-19 06:51 . 2009-08-19 06:50 32768 g:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\MSHist012009081920090820\index.dat
+ 2009-08-19 06:51 . 2009-08-19 06:50 32768 g:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\MSHist012009081020090817\index.dat
+ 2009-08-11 23:22 . 2009-08-11 23:21 32768 g:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\MSHist012009080320090810\index.dat
+ 2009-08-04 17:53 . 2009-08-04 17:53 32768 g:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\MSHist012009072720090803\index.dat
+ 2008-07-30 04:40 . 2008-07-30 04:40 70648 g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 91136 g:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41984 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 40960 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 89080 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 92664 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 95224 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 89592 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 84480 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 94720 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 97792 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 84992 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 97280 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-31 06:07 . 2008-07-31 06:07 97280 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\DeleteTemp.exe
+ 2008-07-31 09:26 . 2008-07-31 09:26 27910 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\baseline.dat
+ 2008-07-31 09:28 . 2008-07-31 09:28 46096 g:\windows\Microsoft.NET\Framework\v3.5\es\MSBuild.resources.exe
+ 2008-07-31 09:28 . 2008-07-31 09:28 22032 g:\windows\Microsoft.NET\Framework\v3.5\es\EdmGen.Resources.dll
+ 2008-07-31 09:28 . 2008-07-31 09:28 18456 g:\windows\Microsoft.NET\Framework\v3.5\es\DataSvcUtil.resources.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 95224 g:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 78856 g:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41984 g:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41992 g:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41992 g:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 02:10 . 2008-07-30 02:10 46104 g:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-30 00:59 . 2008-07-30 00:59 32768 g:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 71160 g:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-30 00:32 . 2008-07-30 00:32 17448 g:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 32768 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 73728 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 20504 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 11280 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-31 07:24 . 2008-07-31 07:24 32768 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\es\WsatConfig.resources.dll
+ 2008-07-31 07:24 . 2008-07-31 07:24 10240 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\es\SMSvcHost.resources.dll
+ 2008-07-31 07:24 . 2008-07-31 07:24 28672 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\es\ServiceModelReg.resources.dll
+ 2008-07-31 07:24 . 2008-07-31 07:24 36864 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\es\ComSvcConfig.resources.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 37896 g:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 81400 g:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 16:17 . 2008-07-25 16:17 77824 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 57392 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 81920 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 81920 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 81920 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 81920 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 95232 g:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 g:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 61952 g:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 12:28 . 2005-09-23 12:28 32768 g:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 32768 g:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 53248 g:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 12:28 . 2005-09-23 12:28 53248 g:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 88584 g:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 24584 g:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 32256 g:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0C0A\mscorsecr.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 31744 g:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 19456 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 69632 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 18944 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 77312 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 94208 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 46592 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 83456 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 69632 g:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 69632 g:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 97792 g:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 12800 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 12800 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 32768 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 32768 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 28672 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 28672 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 77824 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 36864 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 36864 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 40960 g:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 12:28 . 2005-09-23 12:28 40960 g:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 72192 g:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 72192 g:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 65032 g:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 28672 g:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 12:28 . 2005-09-23 12:28 28672 g:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 77824 g:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 18936 g:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 81920 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Web.Services.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 77824 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Web.Mobile.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 16896 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Transactions.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 40960 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.ServiceProcess.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 28672 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Security.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 11776 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Runtime.Serialization.Formatters.Soap.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 32768 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Runtime.Remoting.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 61440 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Messaging.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 13312 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Management.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 32768 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.EnterpriseServices.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 24576 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Drawing.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 40960 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.DirectoryServices.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 28672 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.DirectoryServices.Protocols.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 36864 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\system.data.sqlxml.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 49152 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Configuration.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 28672 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Configuration.Install.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 10752 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\sysglobl.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 96256 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\ShFusRes.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 11264 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\Regasm.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 13312 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\MSBuild.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 61440 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.VisualBasic.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 45056 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.JScript.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 10752 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.Build.Utilities.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 53248 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.Build.Engine.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 36864 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\caspol.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 40960 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnet_regsql.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 98304 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnet_rc.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 62968 g:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 35320 g:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 69120 g:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 27136 g:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 13312 g:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 13312 g:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 80376 g:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 89608 g:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 33792 g:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 34312 g:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 33288 g:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 24576 g:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 84480 g:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 33800 g:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 17416 g:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 22024 g:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 36864 g:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 12:28 . 2005-09-23 12:28 36864 g:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 58880 g:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 98808 g:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 10752 g:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 10752 g:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 14336 g:\windows\Microsoft.NET\Framework\v2.0.50727\3082\CvtResUI.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 32256 g:\windows\Microsoft.NET\Framework\v2.0.50727\3082\alinkui.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 13824 g:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 28672 g:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2003-02-21 01:10 . 2003-02-21 01:10 31744 g:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 57344 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 77824 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 64000 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 65536 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 86016 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 77824 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 12288 g:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-21 12:26 . 2003-02-21 12:26 32768 g:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 28672 g:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-21 00:09 . 2003-02-21 00:09 90112 g:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 73728 g:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 23:43 . 2003-02-20 23:43 22528 g:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-21 00:18 . 2003-02-21 00:18 20480 g:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 77824 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 81920 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-21 00:06 . 2003-02-21 00:06 65536 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 98304 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 86016 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 77824 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 49152 g:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 12:25 . 2003-02-21 12:25 49152 g:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 12:25 . 2003-02-21 12:25 11264 g:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 32768 g:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 28672 g:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 40960 g:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 26112 g:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 00:22 . 2003-02-21 00:22 40960 g:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 15872 g:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 32768 g:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 09:12 . 2003-02-21 09:12 28672 g:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 33792 g:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 12288 g:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 15:20 . 2003-02-21 15:20 49152 g:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-21 00:09 . 2003-02-21 00:09 77824 g:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 49152 g:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 94208 g:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-21 00:19 . 2003-02-21 00:19 32768 g:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2003-02-21 00:19 . 2003-02-21 00:19 32768 g:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-21 00:19 . 2003-02-21 00:19 20480 g:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-21 00:19 . 2003-02-21 00:19 40960 g:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-21 00:19 . 2003-02-21 00:19 24576 g:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 10:00 . 2003-02-21 10:00 98304 g:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 08:55 . 2003-02-21 08:55 94208 g:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 07:59 . 2003-02-21 07:59 16896 g:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 96768 g:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 g:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 g:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 g:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 16896 g:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 82944 g:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-30 04:07 . 2008-07-30 04:07 23040 g:\windows\Installer\833413.msp
+ 2008-07-30 00:27 . 2008-07-30 00:27 93184 g:\windows\Installer\3e7eb5.msi
+ 2008-07-31 08:04 . 2008-07-31 08:04 30208 g:\windows\Installer\11015028.msp
+ 2008-07-31 05:32 . 2008-07-31 05:32 22016 g:\windows\Installer\1101500e.msp
+ 2008-07-30 04:07 . 2008-07-30 04:07 23040 g:\windows\Installer\10fc9ca3.msp
+ 2009-07-31 12:34 . 2009-07-31 12:34 88576 g:\windows\Installer\10f695a4.msi
+ 2009-01-26 02:44 . 2009-08-10 02:04 27136 g:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
- 2009-01-26 02:44 . 2009-01-26 02:44 27136 g:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2009-07-28 02:38 . 2008-07-06 12:06 89088 g:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2009-07-31 08:46 . 2009-07-31 08:46 90112 g:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b7e42efd\System.Drawing.Design.dll
+ 2009-07-31 08:46 . 2009-07-31 08:46 61440 g:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4181d0c7\CustomMarshalers.dll
+ 2009-07-31 13:11 . 2009-07-31 13:11 60928 g:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f5c0e1b77c840d99a68897898317b79\UIAutomationProvider.ni.dll
+ 2009-07-31 13:47 . 2009-07-31 13:47 37888 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\b5a285233229bb4f9d9831ebf27fe9ac\System.Windows.Presentation.ni.dll
+ 2009-07-31 13:46 . 2009-07-31 13:46 36864 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\17e2a7113434da494a846a8f4e4ac5e9\System.Web.DynamicData.Design.ni.dll
+ 2009-07-31 13:41 . 2009-07-31 13:41 94208 g:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a8e047504bdad9ec14efd483574b0dd5\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-07-31 13:41 . 2009-07-31 13:41 82944 g:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f2b48eab657b4ef1d19dac11bdf0c913\System.AddIn.Contract.ni.dll
+ 2009-07-31 13:04 . 2009-07-31 13:04 47104 g:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\9469981a17c01dd154c540127e678b35\PresentationFontCache.ni.exe
+ 2009-07-31 13:01 . 2009-07-31 13:01 39424 g:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\487c1bc20f6e73e8e79503898d17d102\PresentationCFFRasterizer.ni.dll
+ 2009-07-31 13:45 . 2009-07-31 13:45 55296 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\28ea74096df47800fe2c78bb2b9a4f2a\Microsoft.Vsa.ni.dll
+ 2009-07-31 13:40 . 2009-07-31 13:40 74752 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll
+ 2009-07-31 13:40 . 2009-07-31 13:40 65024 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll
+ 2009-07-31 13:40 . 2009-07-31 13:40 14336 g:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
+ 2009-07-31 13:40 . 2009-07-31 13:40 25600 g:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
+ 2009-07-31 12:36 . 2009-07-31 12:36 94208 g:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 90112 g:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_es_31bf3856ad364e35\WindowsBase.resources.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 98304 g:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 10752 g:\windows\assembly\GAC_MSIL\UIAutomationTypes.resources\3.0.0.0_es_31bf3856ad364e35\UIAutomationTypes.resources.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 40960 g:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 12288 g:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders.resources\3.0.0.0_es_31bf3856ad364e35\UIAutomationClientsideProviders.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 36864 g:\windows\assembly\GAC_MSIL\system.workflow.runtime.resources\3.0.0.0_es_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
+ 2009-07-31 12:39 . 2009-07-31 12:39 12288 g:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 81920 g:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
+ 2009-07-31 12:39 . 2009-07-31 12:39 61440 g:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 77824 g:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 77824 g:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 49152 g:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design.resources\3.5.0.0_es_31bf3856ad364e35\System.Web.Extensions.Design.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 24576 g:\windows\assembly\GAC_MSIL\System.Web.Entity.resources\3.5.0.0_es_b77a5c561934e089\System.Web.Entity.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 11264 g:\windows\assembly\GAC_MSIL\System.Web.Entity.Design.resources\3.5.0.0_es_b77a5c561934e089\System.Web.Entity.Design.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 16384 g:\windows\assembly\GAC_MSIL\System.Web.DynamicData.resources\3.5.0.0_es_31bf3856ad364e35\System.Web.DynamicData.Resources.dll
+ 2009-07-31 12:39 . 2009-07-31 12:39 32768 g:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-07-31 12:39 . 2009-07-31 12:39 77824 g:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 16896 g:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_es_b77a5c561934e089\System.Transactions.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 61440 g:\windows\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_es_31bf3856ad364e35\System.Speech.resources.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 40960 g:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 69632 g:\windows\assembly\GAC_MSIL\System.ServiceModel.Web.resources\3.5.0.0_es_31bf3856ad364e35\System.ServiceModel.Web.resources.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 32768 g:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 73728 g:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 36864 g:\windows\assembly\GAC_MSIL\system.servicemodel.install.resources\3.0.0.0_es_b77a5c561934e089\System.ServiceModel.Install.Resources.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 28672 g:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Security.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 98304 g:\windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_es_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 11776 g:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 32768 g:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 16896 g:\windows\assembly\GAC_MSIL\System.Printing.resources\3.0.0.0_es_31bf3856ad364e35\System.Printing.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 28672 g:\windows\assembly\GAC_MSIL\System.Net.resources\3.5.0.0_es_b03f5f7f11d50a3a\System.Net.Resources.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 61440 g:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Messaging.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 13312 g:\windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Management.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 11264 g:\windows\assembly\GAC_MSIL\System.Management.Instrumentation.resources\3.5.0.0_es_b77a5c561934e089\System.Management.Instrumentation.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 11264 g:\windows\assembly\GAC_MSIL\system.io.log.resources\3.0.0.0_es_b03f5f7f11d50a3a\System.IO.Log.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 53248 g:\windows\assembly\GAC_MSIL\system.identitymodel.selectors.resources\3.0.0.0_es_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 65536 g:\windows\assembly\GAC_MSIL\system.identitymodel.resources\3.0.0.0_es_b77a5c561934e089\System.IdentityModel.Resources.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 32768 g:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 24576 g:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Drawing.Resources.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 81920 g:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 81920 g:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 40960 g:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 28672 g:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 36864 g:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\3.5.0.0_es_b77a5c561934e089\System.DirectoryServices.AccountManagement.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 36864 g:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_es_b77a5c561934e089\system.data.sqlxml.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 69632 g:\windows\assembly\GAC_MSIL\System.Data.Services.resources\3.5.0.0_es_b77a5c561934e089\System.Data.Services.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 32768 g:\windows\assembly\GAC_MSIL\System.Data.Services.Client.resources\3.5.0.0_es_b77a5c561934e089\System.Data.Services.Client.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 53248 g:\windows\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_es_b77a5c561934e089\System.Data.Linq.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 15360 g:\windows\assembly\GAC_MSIL\System.Data.Entity.Design.resources\3.5.0.0_es_b77a5c561934e089\System.Data.Entity.Design.Resources.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 53248 g:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 61440 g:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_es_b77a5c561934e089\System.Core.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 49152 g:\windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Configuration.resources.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 81920 g:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 81920 g:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 28672 g:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
+ 2009-07-31 12:39 . 2009-07-31 12:39 57344 g:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 45056 g:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 10752 g:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_es_b03f5f7f11d50a3a\sysglobl.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 36864 g:\windows\assembly\GAC_MSIL\ReachFramework.resources\3.0.0.0_es_31bf3856ad364e35\ReachFramework.resources.dll
+ 2009-07-31 12:36 . 2009-07-31 12:36 46104 g:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-07-31 12:35 . 2009-07-31 12:35 32768 g:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 53248 g:\windows\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_es_31bf3856ad364e35\PresentationBuildTasks.resources.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 32768 g:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 32768 g:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 12800 g:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 12800 g:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 41984 g:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 28672 g:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 28672 g:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 61440 g:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_es_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 28672 g:\windows\assembly\GAC_MSIL\microsoft.transactions.bridge.resources\3.0.0.0_es_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 45056 g:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_es_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 77824 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 94208 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 11776 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources\3.5.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 10752 g:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 36864 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 36864 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 36864 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 69632 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\3.5.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 53248 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 11776 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5.resources\3.5.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.resources.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 77824 g:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 13312 g:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 13312 g:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 10752 g:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 10752 g:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 72192 g:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 72192 g:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 69120 g:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 57344 g:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 77824 g:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 64000 g:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 65536 g:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 86016 g:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 77824 g:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 32768 g:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 32768 g:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 11264 g:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 28672 g:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 26112 g:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 32768 g:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 33792 g:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 12288 g:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 8192 g:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2003-02-20 23:43 . 2003-02-20 23:43 4096 g:\windows\system32\mui\0409\mscoreer.dll
+ 2007-09-08 17:41 . 2003-11-10 04:02 5120 g:\windows\system\vdsvrlnk.dll
+ 2007-09-08 17:41 . 2003-11-10 04:02 7168 g:\windows\system\vdremote.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 5632 g:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-31 09:28 . 2008-07-31 09:28 4096 g:\windows\Microsoft.NET\Framework\v3.5\es\Microsoft.Data.Entity.Build.Tasks.Resources.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 7168 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 7168 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5632 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 12:29 . 2005-09-23 12:29 5632 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 6656 g:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 8192 g:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 8192 g:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 9728 g:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 9728 g:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-26 06:56 . 2008-07-26 06:56 9216 g:\windows\Microsoft.NET\Framework\v2.0.50727\GAC\es\Microsoft.VisualBasic.Compatibility.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 9216 g:\windows\Microsoft.NET\Framework\v2.0.50727\GAC\es\Microsoft.VisualBasic.Compatibility.Data.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 6144 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Drawing.Design.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 7680 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\JSC.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 4096 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\InstallUtil.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 5632 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnet_regbrowsers.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 8704 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnet_compiler.resources.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 5120 g:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2003-02-21 00:09 . 2003-02-21 00:09 9216 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 6656 g:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 6144 g:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 4608 g:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 7168 g:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 7680 g:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 7680 g:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 4608 g:\windows\assembly\GAC_MSIL\WindowsFormsIntegration.resources\3.0.0.0_es_31bf3856ad364e35\WindowsFormsIntegration.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 4096 g:\windows\assembly\GAC_MSIL\UIAutomationProvider.resources\3.0.0.0_es_31bf3856ad364e35\UIAutomationProvider.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 4096 g:\windows\assembly\GAC_MSIL\UIAutomationClient.resources\3.0.0.0_es_31bf3856ad364e35\UIAutomationClient.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 8192 g:\windows\assembly\GAC_MSIL\System.Xml.Linq.resources\3.5.0.0_es_b77a5c561934e089\System.Xml.Linq.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 3584 g:\windows\assembly\GAC_MSIL\System.Windows.Presentation.resources\3.5.0.0_es_b77a5c561934e089\System.Windows.Presentation.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 7168 g:\windows\assembly\GAC_MSIL\System.Web.Routing.resources\3.5.0.0_es_31bf3856ad364e35\System.Web.Routing.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 4096 g:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design.resources\3.5.0.0_es_31bf3856ad364e35\System.Web.DynamicData.Design.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 3584 g:\windows\assembly\GAC_MSIL\System.Web.Abstractions.resources\3.5.0.0_es_31bf3856ad364e35\System.Web.Abstractions.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 6144 g:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 7680 g:\windows\assembly\GAC_MSIL\System.Data.Services.Design.resources\3.5.0.0_es_b77a5c561934e089\System.Data.Services.Design.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 5120 g:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions.resources\3.5.0.0_es_b77a5c561934e089\System.Data.DataSetExtensions.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 8192 g:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations.resources\3.5.0.0_es_31bf3856ad364e35\System.ComponentModel.DataAnnotations.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 5120 g:\windows\assembly\GAC_MSIL\smdiagnostics.resources\3.0.0.0_es_b77a5c561934e089\SMDiagnostics.resources.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 5632 g:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 7168 g:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 7168 g:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 5632 g:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-07-18 01:10 . 2008-07-18 01:10 5632 g:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 9216 g:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_es_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 9216 g:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_es_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 5120 g:\windows\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\3.0.0.0_es_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.Resources.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 6656 g:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 8192 g:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 8192 g:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 6656 g:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 6144 g:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 4608 g:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 7168 g:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 7680 g:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 113664 g:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 258048 g:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 258048 g:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 875520 g:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 312832 g:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 655872 g:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 572928 g:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 225280 g:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 655872 g:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 568832 g:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 02:23 . 2007-11-07 02:23 224768 g:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 161784 g:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 635904 g:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 558080 g:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 479232 g:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2000-07-18 05:01 . 2000-07-18 05:01 230912 g:\windows\system32\Zipit.dll
+ 2008-07-30 02:26 . 2008-07-30 02:26 301568 g:\windows\system32\XPSViewer\XPSViewer.exe
+ 2006-10-24 17:30 . 2006-10-24 17:30 276992 g:\windows\system32\WMPhoto.dll
+ 2006-10-24 17:29 . 2006-10-24 17:29 352256 g:\windows\system32\WindowsCodecsExt.dll
+ 2006-10-24 17:30 . 2006-10-24 17:30 716288 g:\windows\system32\WindowsCodecs.dll
+ 2009-07-31 08:44 . 2003-02-21 09:42 348160 g:\windows\system32\URTTemp\msvcr71.dll
+ 2009-07-31 08:44 . 2003-02-21 00:06 155648 g:\windows\system32\URTTemp\mscoree.dll
+ 2009-07-31 08:44 . 2003-02-21 00:06 282624 g:\windows\system32\URTTemp\fusion.dll
+ 2002-11-10 21:51 . 2002-11-10 21:51 152064 g:\windows\system32\unrar.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 161296 g:\windows\system32\UIAutomationCore.dll
+ 2009-07-28 02:40 . 2008-07-06 12:06 765440 g:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2009-07-28 02:40 . 2008-07-06 12:06 765440 g:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2009-07-28 02:40 . 2008-07-06 12:06 748032 g:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2009-07-28 02:40 . 2008-07-06 12:06 748032 g:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2009-07-28 02:41 . 2008-07-06 12:06 147456 g:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2009-07-28 02:38 . 2008-07-06 10:50 597504 g:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2009-07-28 02:38 . 2008-03-13 04:52 761344 g:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2009-07-28 02:38 . 2008-07-06 12:06 744960 g:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2009-07-28 02:38 . 2008-07-06 12:06 373248 g:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2009-07-28 02:38 . 2008-07-06 12:06 198656 g:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2009-07-28 02:38 . 2008-07-06 12:06 765440 g:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-08-24 21:15 . 2006-08-24 21:15 150808 g:\windows\system32\rgb9rast_2.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 781344 g:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-30 01:35 . 2008-07-30 01:35 326160 g:\windows\system32\PresentationHost.exe
+ 2008-07-30 00:59 . 2008-07-30 00:59 105016 g:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-24 17:30 . 2006-10-24 17:30 412160 g:\windows\system32\photometadatahandler.dll
+ 2001-08-24 10:00 . 2009-07-31 12:38 525028 g:\windows\system32\perfh009.dat
+ 2008-07-25 16:16 . 2008-07-25 16:16 158720 g:\windows\system32\mscorier.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 282112 g:\windows\system32\mscoree.dll
+ 2009-08-24 06:13 . 2009-08-24 06:12 149280 g:\windows\system32\javaws.exe
+ 2009-08-24 06:13 . 2009-08-24 06:12 145184 g:\windows\system32\javaw.exe
+ 2009-08-24 06:13 . 2009-08-24 06:12 145184 g:\windows\system32\java.exe
+ 2008-07-30 00:24 . 2008-07-30 00:24 622080 g:\windows\system32\icardagt.exe
+ 2009-02-15 20:52 . 2008-04-17 17:12 107368 g:\windows\system32\GEARAspi.dll
- 2009-02-15 20:52 . 2008-04-17 19:12 107368 g:\windows\system32\GEARAspi.dll
+ 2007-09-06 06:07 . 2009-08-05 05:13 228800 g:\windows\system32\FNTCACHE.DAT
+ 2008-07-30 02:10 . 2008-07-30 02:10 493048 g:\windows\system32\evr.dll
+ 2009-08-10 02:07 . 2008-04-17 17:12 107368 g:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2004-08-03 21:14 . 2009-08-24 06:14 182912 g:\windows\system32\dllcache\ndis.sys
- 2004-05-26 13:37 . 2004-05-26 13:37 719872 g:\windows\system32\devil.dll
+ 2004-05-26 12:37 . 2004-05-26 12:37 719872 g:\windows\system32\devil.dll
+ 2007-09-05 13:10 . 2009-08-23 23:29 147456 g:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\index.dat
+ 2009-07-26 08:49 . 2009-08-23 23:29 311296 g:\windows\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat
- 2008-08-30 05:51 . 2008-08-30 05:51 351744 g:\windows\system32\avisynth.dll
+ 2008-12-21 21:46 . 2008-12-21 21:46 351744 g:\windows\system32\avisynth.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 196104 g:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 802816 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 984056 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 107512 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111096 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 110072 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 106488 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 105976 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 107000 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 107512 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 109048 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 106488 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 108536 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 110072 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111096 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 101368 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 112120 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 106488 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 113656 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111608 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 108536 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 108536 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 102904 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 689152 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 413184 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 632320 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 652800 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 23:47 . 2008-07-29 23:47 110080 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 131584 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 131072 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 121344 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 121344 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 123904 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 122880 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 128512 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 121856 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 129024 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 128512 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 132096 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111104 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 133120 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 122368 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 137728 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 130048 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 126464 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 125440 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 113152 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 269304 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 23:47 . 2008-07-29 23:47 177152 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 276984 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 04:15 . 2008-07-30 04:15 225490 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-31 06:07 . 2008-07-31 06:07 984056 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\WapUI.dll
+ 2008-07-31 06:09 . 2008-07-31 06:09 111096 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\WapRes.dll
+ 2008-07-31 06:07 . 2008-07-31 06:07 689152 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\vsscenario.dll
+ 2008-07-31 06:07 . 2008-07-31 06:07 413184 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\vsbasereqs.dll
+ 2008-07-31 06:07 . 2008-07-31 06:07 632320 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\vs70uimgr.dll
+ 2008-07-31 09:32 . 2008-07-31 09:32 442880 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\vs_setup.msi
+ 2008-07-31 06:09 . 2008-07-31 06:09 131584 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\setupres.dll
+ 2008-07-31 06:07 . 2008-07-31 06:07 269304 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\setup.exe
+ 2008-07-31 09:28 . 2008-07-31 09:28 183296 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\RebootStub.exe
+ 2008-07-31 06:07 . 2008-07-31 06:07 177152 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\HtmlLite.dll
+ 2008-07-31 06:07 . 2008-07-31 06:07 276984 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\dlmgr.dll
+ 2008-07-31 09:28 . 2008-07-31 09:28 163840 g:\windows\Microsoft.NET\Framework\v3.5\es\Microsoft.Build.Tasks.v3.5.resources.dll
+ 2008-07-31 09:28 . 2008-07-31 09:28 269816 g:\windows\Microsoft.NET\Framework\v3.5\3082\vbc7ui.dll
+ 2008-07-31 09:28 . 2008-07-31 09:28 193536 g:\windows\Microsoft.NET\Framework\v3.5\3082\cscompui.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 233976 g:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 168448 g:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 01:35 . 2008-07-30 01:35 864256 g:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 132120 g:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 806928 g:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-31 07:51 . 2008-07-31 07:51 368640 g:\windows\Microsoft.NET\Framework\v3.0\WPF\es\PresentationUI.resources.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 152576 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 966656 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 132096 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 110592 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 156688 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 163840 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 397312 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-30 00:24 . 2008-07-30 00:24 881664 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-05-15 03:38 . 2008-05-15 03:38 864256 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\es\infocard.resources.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 168968 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 438272 g:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 839680 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 835584 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 835584 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 261632 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 114688 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 114688 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 258048 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 258048 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 131072 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 131072 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 303104 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 258048 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 258048 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 372736 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 113664 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 258048 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 258048 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 626688 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 188416 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 188416 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 401408 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 970752 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 745472 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 486400 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 425984 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 110592 g:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 12:28 . 2005-09-23 12:28 110592 g:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 392184 g:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 118784 g:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 143360 g:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 100856 g:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 230912 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 345600 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 114176 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 367104 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 308224 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 998408 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 659456 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 12:29 . 2005-09-23 12:29 372736 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 372736 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 110592 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 12:29 . 2005-09-23 12:29 110592 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 749568 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 655360 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 348160 g:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 230904 g:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 798224 g:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 163840 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.xml.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 425984 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Windows.Forms.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 614400 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Web.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 208896 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\system.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 544768 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Design.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 413696 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Deployment.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 344064 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Data.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 110592 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Data.OracleClient.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 416768 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\mscorrc.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 307200 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\mscorlib.Resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 139264 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.Build.Tasks.resources.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 315392 g:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnetmmcext.resources.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 575496 g:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 106496 g:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2005-09-23 12:28 . 2005-09-23 12:28 106496 g:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 507904 g:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 106496 g:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 12:28 . 2005-09-23 12:28 106496 g:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 147968 g:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 253440 g:\windows\Microsoft.NET\Framework\v2.0.50727\3082\Vsavb7rtUI.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 223224 g:\windows\Microsoft.NET\Framework\v2.0.50727\3082\vbc7ui.dll
+ 2008-07-26 06:56 . 2008-07-26 06:56 167424 g:\windows\Microsoft.NET\Framework\v2.0.50727\3082\cscompui.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 218112 g:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 193016 g:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 145408 g:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2003-02-21 15:20 . 2003-02-21 15:20 737280 g:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 12:27 . 2003-02-21 12:27 569344 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 12:27 . 2003-02-21 12:27 819200 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 12:27 . 2003-02-21 12:27 126976 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 131072 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 323584 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 241664 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 368640 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 241664 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 466944 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 299008 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 319488 g:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 122880 g:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 253952 g:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-21 09:42 . 2003-02-21 09:42 348160 g:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 143360 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 23:43 . 2003-02-20 23:43 131072 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-21 00:06 . 2003-02-21 00:06 311296 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 233472 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 299008 g:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 716800 g:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 196608 g:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-21 00:06 . 2003-02-21 00:06 282624 g:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-21 00:16 . 2003-02-21 00:16 798720 g:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 15:21 . 2003-02-21 15:21 524288 g:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-21 15:21 . 2003-02-21 15:21 626688 g:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 16:11 . 2002-07-29 16:11 219136 g:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-21 00:19 . 2003-02-21 00:19 253952 g:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 10:04 . 2003-02-21 10:04 155648 g:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 08:02 . 2003-02-21 08:02 131072 g:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2009-07-26 21:14 . 2009-07-26 21:14 236032 g:\windows\Installer\b9f5fb.msi
+ 2008-07-30 04:23 . 2008-07-30 04:23 250880 g:\windows\Installer\83341c.msp
+ 2008-07-30 04:28 . 2008-07-30 04:28 278016 g:\windows\Installer\83341a.msp
+ 2008-07-30 02:40 . 2008-07-30 02:40 291840 g:\windows\Installer\833418.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 911360 g:\windows\Installer\3e7ebd.msp
+ 2008-07-30 00:33 . 2008-07-30 00:33 506368 g:\windows\Installer\3e7ebc.msp
+ 2008-07-30 00:35 . 2008-07-30 00:35 553472 g:\windows\Installer\3e7eba.msp
+ 2009-07-28 01:28 . 2009-07-28 01:28 871424 g:\windows\Installer\3e7eb4.msi
+ 2009-07-31 12:41 . 2009-07-31 12:41 438784 g:\windows\Installer\11015032.msi
+ 2008-07-31 07:36 . 2008-07-31 07:36 122368 g:\windows\Installer\11015029.msp
+ 2008-07-31 07:58 . 2008-07-31 07:58 103424 g:\windows\Installer\11015027.msp
+ 2008-07-31 07:52 . 2008-07-31 07:52 180736 g:\windows\Installer\11015026.msp
+ 2008-07-31 07:27 . 2008-07-31 07:27 871424 g:\windows\Installer\11015025.msp
+ 2008-07-31 07:35 . 2008-07-31 07:35 182784 g:\windows\Installer\11015023.msp
+ 2009-07-31 12:41 . 2009-07-31 12:41 299008 g:\windows\Installer\11015022.msi
+ 2008-07-31 05:38 . 2008-07-31 05:38 493056 g:\windows\Installer\11015010.msp
+ 2008-07-31 05:36 . 2008-07-31 05:36 695296 g:\windows\Installer\1101500f.msp
+ 2008-07-31 05:34 . 2008-07-31 05:34 710656 g:\windows\Installer\1101500d.msp
+ 2008-07-31 05:30 . 2008-07-31 05:30 247808 g:\windows\Installer\1101500c.msp
+ 2009-07-31 12:41 . 2009-07-31 12:41 101888 g:\windows\Installer\1101500b.msi
+ 2009-07-31 12:39 . 2009-07-31 12:39 648192 g:\windows\Installer\10ff6ccf.msi
+ 2008-07-30 04:23 . 2008-07-30 04:23 250880 g:\windows\Installer\10fc9cac.msp
+ 2008-07-30 04:28 . 2008-07-30 04:28 278016 g:\windows\Installer\10fc9caa.msp
+ 2008-07-30 02:40 . 2008-07-30 02:40 291840 g:\windows\Installer\10fc9ca8.msp
+ 2009-07-31 12:36 . 2009-07-31 12:36 137728 g:\windows\Installer\10fc9ca2.msi
+ 2008-07-30 00:35 . 2008-07-30 00:35 553472 g:\windows\Installer\10f695a9.msp
+ 2008-07-30 00:33 . 2008-07-30 00:33 506368 g:\windows\Installer\10f695a7.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 911360 g:\windows\Installer\10f695a6.msp
+ 2009-08-10 02:08 . 2009-08-10 02:08 102400 g:\windows\Installer\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}\iTunesIco.exe
+ 2009-07-28 00:10 . 2009-07-28 00:10 299008 g:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2008-07-20 13:20 . 2008-07-17 17:57 163328 g:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-20 13:20 . 2008-08-07 20:27 163328 g:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-07-28 02:38 . 2008-03-13 04:52 761344 g:\windows\Driver Cache\i386\unires.dll
+ 2009-07-28 02:38 . 2008-07-06 12:06 744960 g:\windows\Driver Cache\i386\unidrvui.dll
+ 2009-07-28 02:38 . 2008-07-06 12:06 373248 g:\windows\Driver Cache\i386\unidrv.dll
+ 2009-07-28 02:38 . 2008-07-06 12:06 198656 g:\windows\Driver Cache\i386\mxdwdui.dll
+ 2009-07-28 02:38 . 2008-07-06 12:06 765440 g:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2009-07-31 08:47 . 2009-07-31 08:47 835584 g:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8c28951e\System.Drawing.dll
+ 2009-07-31 13:39 . 2009-07-31 13:39 321024 g:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe
+ 2009-07-31 13:11 . 2009-07-31 13:11 239616 g:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a18dff8832712a0f6cccaaefbcc45861\WindowsFormsIntegration.ni.dll
+ 2009-07-31 13:11 . 2009-07-31 13:11 187904 g:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\dbb2fcd246efaf3df823410597cd1677\UIAutomationTypes.ni.dll
+ 2009-07-31 13:11 . 2009-07-31 13:11 447488 g:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d255ab525d10d8fefe5df9ba092b2df8\UIAutomationClient.ni.dll
+ 2009-07-31 13:47 . 2009-07-31 13:47 400896 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll
+ 2009-07-31 13:46 . 2009-07-31 13:46 129536 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\18e1acd6761195389db42bab83169fd2\System.Web.Routing.ni.dll
+ 2009-07-31 13:46 . 2009-07-31 13:46 202240 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\70764208219715962d310336b5959dfa\System.Web.RegularExpressions.ni.dll
+ 2009-07-31 13:46 . 2009-07-31 13:46 858112 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f288f2cb75465c0f45154079365af9e8\System.Web.Extensions.Design.ni.dll
+ 2009-07-31 13:46 . 2009-07-31 13:46 328192 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bbdc5cb2f2f92fd610de7331d748193a\System.Web.Entity.ni.dll
+ 2009-07-31 13:46 . 2009-07-31 13:46 301056 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ca1ce755bb49324c7d275c426188a28f\System.Web.Entity.Design.ni.dll
+ 2009-07-31 13:46 . 2009-07-31 13:46 542720 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aff5e0fa23e49ee75e458408c1f66da2\System.Web.DynamicData.ni.dll
+ 2009-07-31 13:46 . 2009-07-31 13:46 141312 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\fbe60d84b9f1ab74e396fb1507f69615\System.Web.Abstractions.ni.dll
+ 2009-07-31 13:45 . 2009-07-31 13:45 627200 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
+ 2009-07-31 13:45 . 2009-07-31 13:45 212992 g:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
+ 2009-07-31 13:40 . 2009-07-31 13:40 676352 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 311296 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\01dc643b54310ebc5ab7e4696df426bc\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-07-31 13:45 . 2009-07-31 13:45 620032 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\eabe1915c13467e1e66e2b073bcb842f\System.Net.ni.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 997888 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 330752 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1db9deebde7c96b2874b4ffccac2f48e\System.Management.Instrumentation.ni.dll
+ 2009-07-31 13:31 . 2009-07-31 13:31 381440 g:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\bcfccfa22245d2223a764611c61a7cb9\System.IO.Log.ni.dll
+ 2009-07-31 13:31 . 2009-07-31 13:31 212992 g:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\be8c7482f1e78a3b4984af9082d455a7\System.IdentityModel.Selectors.ni.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 280064 g:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.Wrapper.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 627712 g:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
+ 2009-07-31 13:09 . 2009-07-31 13:09 208384 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\5f5d64dd0e7991aaaad2d98ee52afe42\System.Drawing.Design.ni.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 880640 g:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c205bbbb88bfa4bd5e274f43ea0013cb\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 455680 g:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44de75caba2b9711b3d9030a30767f8b\System.DirectoryServices.Protocols.ni.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 939520 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d3aed340a6562196ca40978556fb29d1\System.Data.Services.Client.ni.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 354816 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3cb9c5203e50cb6af99b163522e9357c\System.Data.Services.Design.ni.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 755200 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\9867484f25281882e61f61066fa651a3\System.Data.Entity.Design.ni.dll
+ 2009-07-31 13:41 . 2009-07-31 13:41 135680 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f4ddae492a4a4ce4a2961f3d72d9399\System.Data.DataSetExtensions.ni.dll
+ 2009-07-31 13:40 . 2009-07-31 13:40 970752 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 140800 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll
+ 2009-07-31 13:41 . 2009-07-31 13:41 632832 g:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b01721205312c6c18df033cc47b60e5c\System.AddIn.ni.dll
+ 2009-07-31 13:39 . 2009-07-31 13:39 365056 g:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe
+ 2009-07-31 13:39 . 2009-07-31 13:39 255488 g:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
+ 2009-07-31 13:39 . 2009-07-31 13:39 319488 g:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe
+ 2009-07-31 13:06 . 2009-07-31 13:06 224768 g:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ef1a93d10c3a91b728745dbfcc79c2c7\PresentationFramework.Classic.ni.dll
+ 2009-07-31 13:06 . 2009-07-31 13:06 539648 g:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b4dc4bd8534d90fbb7430926ad990cd9\PresentationFramework.Luna.ni.dll
+ 2009-07-31 13:06 . 2009-07-31 13:06 368128 g:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e71fd0d299c5668c96a54e4a63479fa\PresentationFramework.Aero.ni.dll
+ 2009-07-31 13:06 . 2009-07-31 13:06 258048 g:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\79c2fd29b1e46c943960278051b4e1b9\PresentationFramework.Royale.ni.dll
+ 2009-07-31 13:40 . 2009-07-31 13:40 133632 g:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe
+ 2009-07-31 13:39 . 2009-07-31 13:39 386560 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\539e297cc9bc67fbf2fbdc9dc5fcd0f1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-07-31 13:41 . 2009-07-31 13:41 144384 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll
+ 2009-07-31 13:41 . 2009-07-31 13:41 175104 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-07-31 13:40 . 2009-07-31 13:40 838656 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll
+ 2009-07-31 13:40 . 2009-07-31 13:40 222720 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c5c4db4f9bc7a454e9cfc2548a9d45a5\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-07-31 13:40 . 2009-07-31 13:40 220672 g:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
+ 2009-07-31 13:39 . 2009-07-31 13:39 409600 g:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe
+ 2009-07-31 13:40 . 2009-07-31 13:40 842240 g:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c7ffd8c23e8de4018a88185b3b60631e\AspNetMMCExt.ni.dll
+ 2009-07-31 12:36 . 2009-07-31 12:36 385024 g:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-07-31 12:36 . 2009-07-31 12:36 167936 g:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 163840 g:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_es_b77a5c561934e089\System.xml.Resources.dll
+ 2009-07-31 12:39 . 2009-07-31 12:39 139264 g:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 507904 g:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 102400 g:\windows\assembly\GAC_MSIL\System.WorkflowServices.resources\3.5.0.0_es_31bf3856ad364e35\System.WorkflowServices.resources.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 540672 g:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 311296 g:\windows\assembly\GAC_MSIL\system.workflow.componentmodel.resources\3.0.0.0_es_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 184320 g:\windows\assembly\GAC_MSIL\system.workflow.activities.resources\3.0.0.0_es_31bf3856ad364e35\System.Workflow.Activities.resources.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 425984 g:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Windows.Forms.Resources.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 839680 g:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 614400 g:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Web.Resources.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 835584 g:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 835584 g:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 630784 g:\windows\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_es_31bf3856ad364e35\System.Web.Extensions.Resources.dll
+ 2009-07-31 12:39 . 2009-07-31 12:39 335872 g:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-07-31 12:39 . 2009-07-31 12:39 139264 g:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 131072 g:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-07-31 12:39 . 2009-07-31 12:39 225280 g:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-07-31 12:36 . 2009-07-31 12:36 688128 g:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 114688 g:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 114688 g:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 569344 g:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 466944 g:\windows\assembly\GAC_MSIL\system.servicemodel.resources\3.0.0.0_es_b77a5c561934e089\System.ServiceModel.Resources.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 258048 g:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 258048 g:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 966656 g:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 131072 g:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 131072 g:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 303104 g:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 208896 g:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_es_b77a5c561934e089\system.Resources.dll
+ 2009-07-31 12:39 . 2009-07-31 12:39 233472 g:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 258048 g:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 258048 g:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 372736 g:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 143360 g:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 131072 g:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 430080 g:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-07-31 12:36 . 2009-07-31 12:36 126976 g:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 626688 g:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 401408 g:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 188416 g:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 188416 g:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 286720 g:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 544768 g:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Design.Resources.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 970752 g:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 413696 g:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Deployment.resources.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 745472 g:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 442368 g:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 114688 g:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 294912 g:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 344064 g:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_es_b77a5c561934e089\System.Data.Resources.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 110592 g:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_es_b77a5c561934e089\System.Data.OracleClient.resources.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 684032 g:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 397312 g:\windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_es_b77a5c561934e089\System.Data.Entity.Resources.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 229376 g:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 667648 g:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 425984 g:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 163840 g:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 110592 g:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 110592 g:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 110592 g:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 528384 g:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-07-31 12:36 . 2009-07-31 12:36 864256 g:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 368640 g:\windows\assembly\GAC_MSIL\PresentationUI.resources\3.0.0.0_es_31bf3856ad364e35\PresentationUI.resources.dll
+ 2009-07-31 12:36 . 2009-07-31 12:36 163840 g:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 241664 g:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_es_31bf3856ad364e35\PresentationFramework.resources.dll
+ 2009-07-31 12:36 . 2009-07-31 12:36 397312 g:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-07-31 12:36 . 2009-07-31 12:36 139264 g:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-07-31 12:36 . 2009-07-31 12:36 196608 g:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 110592 g:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_es_31bf3856ad364e35\PresentationCore.resources.dll
+ 2009-07-31 12:36 . 2009-07-31 12:36 598016 g:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 307200 g:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.Resources.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 659456 g:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 372736 g:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 372736 g:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 110592 g:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 110592 g:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 397312 g:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 749568 g:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 655360 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 802816 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-07-31 12:41 . 2009-07-31 12:41 163840 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources\3.5.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.resources.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 139264 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 733184 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 348160 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 106496 g:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 507904 g:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-07-31 12:40 . 2009-07-31 12:40 315392 g:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_es_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 261632 g:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 368640 g:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 113664 g:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 258048 g:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-07-18 01:10 . 2008-07-18 01:10 258048 g:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 486400 g:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 163840 g:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 569344 g:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 819200 g:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 126976 g:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 131072 g:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 323584 g:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 241664 g:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 368640 g:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 241664 g:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 466944 g:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 299008 g:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 299008 g:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 716800 g:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3783672 g:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3768312 g:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 5982720 g:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 5937144 g:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 1180672 g:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2009-07-31 08:44 . 2003-02-21 00:08 2482176 g:\windows\system32\URTTemp\mscorwks.dll
+ 2009-07-28 02:40 . 2008-07-06 12:06 1676288 g:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2009-07-28 02:40 . 2008-07-06 12:06 1676288 g:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2009-07-28 02:40 . 2008-07-06 22:36 2936832 g:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2009-07-28 02:40 . 2008-07-06 22:36 2936832 g:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2009-07-28 02:38 . 2008-07-06 12:06 1676288 g:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2007-05-15 20:43 . 2007-05-15 20:43 1320800 g:\windows\system32\msxml6.dll
+ 2009-08-10 02:04 . 2009-07-09 17:16 2060288 g:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaaplrc.dll
+ 2009-08-10 02:04 . 2009-07-09 17:16 1419232 g:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 1720824 g:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 23:47 . 2008-07-29 23:47 1054208 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 1364992 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 1064448 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-31 06:07 . 2008-07-31 06:07 1054208 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\vs_setup.dll
+ 2008-07-31 06:07 . 2008-07-31 06:07 1364992 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\SITSetup.dll
+ 2008-07-31 06:07 . 2008-07-31 06:07 1064448 g:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\gencomp.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 1548280 g:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-07-30 00:59 . 2008-07-30 00:59 1738760 g:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-31 07:44 . 2008-07-31 07:44 9902096 g:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons000a.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 2637840 g:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-31 07:44 . 2008-07-31 07:44 9854472 g:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData000a.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 4883464 g:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 5931008 g:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 1344000 g:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 1172472 g:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 2048000 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5025792 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5238784 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 3149824 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5062656 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 2933248 g:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 5815296 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 4546560 g:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 1163768 g:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2003-02-21 10:04 . 2003-02-21 10:04 1032192 g:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-02-21 12:27 . 2003-02-21 12:27 1335296 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 12:27 . 2003-02-21 12:27 2039808 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 12:27 . 2003-02-21 12:27 1245184 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 1216512 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 1699840 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 1290240 g:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-21 00:08 . 2003-02-21 00:08 2482176 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-21 00:07 . 2003-02-21 00:07 2494464 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 2088960 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 1564672 g:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2008-07-30 02:26 . 2008-07-30 02:26 1043456 g:\windows\Installer\83341b.msp
+ 2008-07-30 03:37 . 2008-07-30 03:37 2679808 g:\windows\Installer\833419.msp
+ 2008-07-30 04:15 . 2008-07-30 04:15 3697664 g:\windows\Installer\833417.msp
+ 2008-07-30 02:34 . 2008-07-30 02:34 1448448 g:\windows\Installer\833416.msp
+ 2008-07-30 03:22 . 2008-07-30 03:22 4137984 g:\windows\Installer\833415.msp
+ 2008-07-30 02:18 . 2008-07-30 02:18 3376640 g:\windows\Installer\833414.msp
+ 2008-07-30 00:31 . 2008-07-30 00:31 6083072 g:\windows\Installer\3e7ebe.msp
+ 2008-07-30 00:43 . 2008-07-30 00:43 1013248 g:\windows\Installer\3e7ebb.msp
+ 2008-07-30 00:39 . 2008-07-30 00:39 3403264 g:\windows\Installer\3e7eb9.msp
+ 2008-07-30 00:41 . 2008-07-30 00:41 6487040 g:\windows\Installer\3e7eb8.msp
+ 2008-07-30 00:29 . 2008-07-30 00:29 2926080 g:\windows\Installer\3e7eb7.msp
+ 2008-07-30 00:45 . 2008-07-30 00:45 2543616 g:\windows\Installer\3e7eb6.msp
+ 2009-08-10 02:08 . 2009-08-10 02:08 4945408 g:\windows\Installer\1773237b.msi
+ 2009-08-10 02:05 . 2009-08-10 02:05 8992256 g:\windows\Installer\17732354.msi
+ 2009-08-10 02:04 . 2009-08-10 02:04 1549312 g:\windows\Installer\17732346.msi
+ 2009-08-10 02:04 . 2009-08-10 02:04 3295232 g:\windows\Installer\1773233c.msi
+ 2009-08-24 06:12 . 2009-08-24 06:12 1757696 g:\windows\Installer\177064d.msi
+ 2008-07-31 07:46 . 2008-07-31 07:46 5358080 g:\windows\Installer\11015024.msp
+ 2008-07-30 02:26 . 2008-07-30 02:26 1043456 g:\windows\Installer\10fc9cab.msp
+ 2008-07-30 03:37 . 2008-07-30 03:37 2679808 g:\windows\Installer\10fc9ca9.msp
+ 2008-07-30 04:15 . 2008-07-30 04:15 3697664 g:\windows\Installer\10fc9ca7.msp
+ 2008-07-30 02:34 . 2008-07-30 02:34 1448448 g:\windows\Installer\10fc9ca6.msp
+ 2008-07-30 03:22 . 2008-07-30 03:22 4137984 g:\windows\Installer\10fc9ca5.msp
+ 2008-07-30 02:18 . 2008-07-30 02:18 3376640 g:\windows\Installer\10fc9ca4.msp
+ 2008-07-30 00:45 . 2008-07-30 00:45 2543616 g:\windows\Installer\10f695ad.msp
+ 2008-07-30 00:29 . 2008-07-30 00:29 2926080 g:\windows\Installer\10f695ac.msp
+ 2008-07-30 00:41 . 2008-07-30 00:41 6487040 g:\windows\Installer\10f695ab.msp
+ 2008-07-30 00:39 . 2008-07-30 00:39 3403264 g:\windows\Installer\10f695aa.msp
+ 2008-07-30 00:43 . 2008-07-30 00:43 1013248 g:\windows\Installer\10f695a8.msp
+ 2008-07-30 00:31 . 2008-07-30 00:31 6083072 g:\windows\Installer\10f695a5.msp
+ 2009-07-31 08:45 . 2009-07-31 08:45 3443712 g:\windows\Installer\1028e118.msi
+ 2003-02-21 16:43 . 2003-02-21 16:43 5922304 g:\windows\Installer\102669ca.msi
+ 2009-07-31 08:46 . 2009-07-31 08:46 1929216 g:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fe1cc418\System.dll
+ 2009-07-31 08:47 . 2009-07-31 08:47 2076672 g:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_37a75b2b\System.Xml.dll
+ 2009-07-31 08:47 . 2009-07-31 08:47 2994176 g:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_2b52d96b\System.Windows.Forms.dll
+ 2009-07-31 08:46 . 2009-07-31 08:46 1462272 g:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a5178fdd\System.Design.dll
+ 2009-07-31 08:46 . 2009-07-31 08:46 3289088 g:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_519a25a3\mscorlib.dll
+ 2009-07-31 13:01 . 2009-07-31 13:01 3311104 g:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\df20e56b59b1b1a595af305ddc0777ba\WindowsBase.ni.dll
+ 2009-07-31 13:11 . 2009-07-31 13:11 1049600 g:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\8698f073a59ef0db10a3258b1f1deaee\UIAutomationClientsideProviders.ni.dll
+ 2009-07-31 13:00 . 2009-07-31 13:00 7867392 g:\windows\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
+ 2009-07-31 13:11 . 2009-07-31 13:11 5449728 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
+ 2009-07-31 13:47 . 2009-07-31 13:47 1355264 g:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\43911ac4e29949c57560eee5cb7b76c2\System.WorkflowServices.ni.dll
+ 2009-07-31 13:47 . 2009-07-31 13:47 1904128 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6d0966370023925610756f368140b947\System.Workflow.Runtime.ni.dll
+ 2009-07-31 13:47 . 2009-07-31 13:47 4510720 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9de33f5786cd15e220f47b916c5a15e9\System.Workflow.ComponentModel.ni.dll
+ 2009-07-31 13:47 . 2009-07-31 13:47 2989568 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d6cc33db5d526553ffbbfd1d372a8493\System.Workflow.Activities.ni.dll
+ 2009-07-31 13:46 . 2009-07-31 13:46 1840128 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
+ 2009-07-31 13:46 . 2009-07-31 13:46 2209280 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e5995a34d44ad5af7d9f335075bded4d\System.Web.Mobile.ni.dll
+ 2009-07-31 13:46 . 2009-07-31 13:46 2400256 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6a20b64ad8e2aaa2f40d67ff01fcc708\System.Web.Extensions.ni.dll
+ 2009-07-31 13:10 . 2009-07-31 13:10 1912832 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2e7a6c977ac9f8d46ebe2982697a0c8d\System.Speech.ni.dll
+ 2009-07-31 13:45 . 2009-07-31 13:45 1705984 g:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\a3adabee8e63dc76f65710a9c32175fc\System.ServiceModel.Web.ni.dll
+ 2009-07-31 13:32 . 2009-07-31 13:32 2338304 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
+ 2009-07-31 13:10 . 2009-07-31 13:10 1035264 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\db428f231a2ccaf490ae219efd2edc69\System.Printing.ni.dll
+ 2009-07-31 13:31 . 2009-07-31 13:31 1056768 g:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll
+ 2009-07-31 13:09 . 2009-07-31 13:09 1587200 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 1116672 g:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6bcc481030a56c24d5990d199812c594\System.DirectoryServices.ni.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 1800704 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll
+ 2009-07-31 13:08 . 2009-07-31 13:08 6614016 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
+ 2009-07-31 13:40 . 2009-07-31 13:40 2508800 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0ec1b690c5ee057fa92ecff78de1457c\System.Data.SqlXml.ni.dll
+ 2009-07-31 13:44 . 2009-07-31 13:44 1326080 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\6f298259c87cc6c7318d931f52f053c5\System.Data.Services.ni.dll
+ 2009-07-31 13:08 . 2009-07-31 13:08 2510848 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\fa206c73f39721cd2c55829b9853de44\System.Data.Linq.ni.dll
+ 2009-07-31 13:43 . 2009-07-31 13:43 9903104 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\8c050147d7031f912f6ca2b15550173f\System.Data.Entity.ni.dll
+ 2009-07-31 13:07 . 2009-07-31 13:07 2294784 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll
+ 2009-07-31 13:07 . 2009-07-31 13:07 2125824 g:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\5c59991df60164cae10fd81b88a8e5b1\ReachFramework.ni.dll
+ 2009-07-31 13:07 . 2009-07-31 13:07 1656832 g:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\87fb973e4ab6a21fd00e45656fa7c115\PresentationUI.ni.dll
+ 2009-07-31 13:01 . 2009-07-31 13:01 1451008 g:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b6bfb51dec7f8cc42c21c5928470c773\PresentationBuildTasks.ni.dll
+ 2009-07-31 13:41 . 2009-07-31 13:41 1711104 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll
+ 2009-07-31 13:39 . 2009-07-31 13:39 1092608 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\21bb6244c91b6207fbcb038884a641ef\Microsoft.Transactions.Bridge.ni.dll
+ 2009-07-31 13:45 . 2009-07-31 13:45 2332160 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7d61e63dea85f4f77ea4c13df7651ec7\Microsoft.JScript.ni.dll
+ 2009-07-31 13:41 . 2009-07-31 13:41 1965568 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-07-31 13:40 . 2009-07-31 13:40 1620480 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll
+ 2009-07-31 13:40 . 2009-07-31 13:40 1886208 g:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 1245184 g:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 3149824 g:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 2048000 g:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 1630208 g:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 1138688 g:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 5025792 g:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-07-31 12:39 . 2009-07-31 12:39 1277952 g:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 5931008 g:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 5062656 g:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-07-31 12:38 . 2009-07-31 12:38 2879488 g:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-07-31 12:36 . 2009-07-31 12:36 5283840 g:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 5238784 g:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 2933248 g:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-07-31 12:35 . 2009-07-31 12:35 4210688 g:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-07-31 12:33 . 2009-07-31 12:33 4546560 g:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 1216512 g:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 1335296 g:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 2039808 g:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 1245184 g:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 1699840 g:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 1290240 g:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2009-07-31 08:44 . 2009-07-31 08:44 1564672 g:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2009-07-28 00:10 . 2009-07-28 00:10 14884864 g:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2009-07-31 13:10 . 2009-07-31 13:10 12428800 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
+ 2009-07-31 13:46 . 2009-07-31 13:46 11791360 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
+ 2009-07-31 13:39 . 2009-07-31 13:39 17313792 g:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll
+ 2009-07-31 13:09 . 2009-07-31 13:09 10681344 g:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\204db7071fb26343b0fd3f3d140c0bf8\System.Design.ni.dll
+ 2009-07-31 13:06 . 2009-07-31 13:06 14320128 g:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9519494798a88867406b5755e1dbded6\PresentationFramework.ni.dll
+ 2009-07-31 13:03 . 2009-07-31 13:03 12213248 g:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\12dcb10b76012416357bdbb010fdaa97\PresentationCore.ni.dll
+ 2009-07-31 12:58 . 2009-07-31 12:59 11485184 g:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="g:\archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"SandboxieControl"="g:\archivos de programa\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="g:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="g:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="g:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"AVG8_TRAY"="g:\archiv~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"Adobe Reader Speed Launcher"="g:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="g:\archivos de programa\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="g:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-08-24 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="g:\archivos de programa\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 23:50 11952 ----a-w- g:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^LaunchU3.exe.lnk]
path=g:\documents and settings\All Users\Menú Inicio\Programas\Inicio\LaunchU3.exe.lnk
backup=g:\windows\pss\LaunchU3.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Archivos de programa\\Utatane\\utatane1043\\Utatane.exe"=
"g:\\Archivos de programa\\AVG\\AVG8\\avgemc.exe"=
"g:\\Archivos de programa\\AVG\\AVG8\\avgupd.exe"=
"g:\\Archivos de programa\\AVG\\AVG8\\avgnsx.exe"=
"g:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"g:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"g:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"g:\\Archivos de programa\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [02/07/2008 10:30 p.m. 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;g:\windows\system32\drivers\avgtdix.sys [06/03/2009 7:38 a.m. 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;g:\archiv~1\AVG\AVG8\avgemc.exe [21/06/2009 2:47 a.m. 908056]
R2 avg8wd;AVG Free8 WatchDog;g:\archiv~1\AVG\AVG8\avgwdsvc.exe [02/07/2008 10:30 p.m. 297752]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;g:\windows\system32\drivers\psxpad.sys [16/09/2007 3:07 p.m. 12160]
R3 PsxPortEnumerator;Psx Port Enumerator;g:\windows\system32\drivers\psxenum.sys [16/09/2007 3:07 p.m. 16896]
R3 SbieDrv;SbieDrv;g:\archivos de programa\Sandboxie\SbieDrv.sys [28/05/2009 8:32 a.m. 108032]
.
Contents of the 'Scheduled Tasks' folder

2009-08-17 g:\windows\Tasks\AppleSoftwareUpdate.job
- g:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = localhost:80
uInternet Settings,ProxyOverride = *.local
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 01:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1303643608-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{451E1468-B877-9E57-075B-A2093EF94579}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abmfeodfndphabgggbmcicibdecoemlkna"=hex:61,61,00,00
"manfjhhojmfinbafefkfckgemn"=hex:61,61,00,00
.
------------------------ Other Running Processes ------------------------
.
g:\archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
g:\archivos de programa\Java\jre6\bin\jqs.exe
g:\archivos de programa\Sandboxie\SbieSvc.exe
g:\archivos de programa\AVG\AVG8\avgrsx.exe
g:\archiv~1\AVG\AVG8\avgnsx.exe
g:\archivos de programa\AVG\AVG8\avgcsrvx.exe
g:\archivos de programa\AVG\AVG8\avgcsrvx.exe
g:\windows\system32\wscntfy.exe
g:\archivos de programa\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-24 1:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-24 06:40
ComboFix2.txt 2009-07-26 18:19

Pre-Run: 727,085,056 bytes libres
Post-Run: 792,920,064 bytes libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
g:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

1244
---------------------



Here is GMER log:

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-24 07:26:47
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT spzh.sys ZwCreateKey [0xF84160E0]
SSDT spzh.sys ZwEnumerateKey [0xF8434CA4]
SSDT spzh.sys ZwEnumerateValueKey [0xF8435032]
SSDT spzh.sys ZwOpenKey [0xF84160C0]
SSDT spzh.sys ZwQueryKey [0xF843510A]
SSDT spzh.sys ZwQueryValueKey [0xF8434F8A]
SSDT spzh.sys ZwSetValueKey [0xF843519C]

INT 0x62 ? 823DEBF8
INT 0x63 ? 8220DBF8
INT 0x73 ? 8220DBF8
INT 0x82 ? 823DEBF8
INT 0x83 ? 8220DBF8
INT 0xB4 ? 8220DBF8

---- Kernel code sections - GMER 1.0.15 ----

? spzh.sys El sistema no puede hallar el archivo especificado. !
? Combo-Fix.sys El sistema no puede hallar el archivo especificado. !
.text USBPORT.SYS!DllUnload F7C2662C 5 Bytes JMP 8220D1D8
.text ahrg24al.SYS F7B1A386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ahrg24al.SYS F7B1A3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ahrg24al.SYS F7B1A3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ahrg24al.SYS F7B1A3C9 1 Byte [30]
.text ahrg24al.SYS F7B1A3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text win32k.sys!EngAcquireSemaphore + 262F BF808B27 5 Bytes JMP 81D2A4D0
.text win32k.sys!EngFreeUserMem + 54CB BF80EFA7 5 Bytes JMP 81D2A430
.text win32k.sys!EngUnmapFontFileFD + F30E BF8496C1 5 Bytes JMP 81D2A610
.text win32k.sys!EngGradientFill + 189B BF89E361 5 Bytes JMP 81D2A750
.text win32k.sys!EngGradientFill + 3075 BF89FB3B 5 Bytes JMP 81D2A570
.text win32k.sys!EngAlphaBlend + 4C8A BF8C3327 5 Bytes JMP 81D2A6B0
.text win32k.sys!PATHOBJ_bCloseFigure + 19D0 BF8EDAD6 5 Bytes JMP 81D2A7F0
? G:\ComboFix\catchme.sys El sistema no puede hallar la ruta especificada. !
? G:\WINDOWS\system32\Drivers\PROCEXP90.SYS El sistema no puede hallar el archivo especificado. !
? G:\WINDOWS\system32\Drivers\PROCEXP110.SYS El sistema no puede hallar el archivo especificado. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 823722D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8447C4C] spzh.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8447CA0] spzh.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8417042] spzh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F841713E] spzh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84170C0] spzh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8417800] spzh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84176D6] spzh.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8220D2D8
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!RtlInitUnicodeString] 00021083
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!swprintf] 01B05E00
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeSetEvent] 5DE58B5B
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 7E8366C3
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 0F740028
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 89320C8D
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!MmFreeMappingAddress] 0002288B
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 46B70F00
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 66D00328
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!MmUnmapIoSpace] 002A7E83
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 0C8D1574
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IofCompleteRequest] 248B8932
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 0F000002
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IofCallDriver] 832A46B7
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!MmAllocateMappingAddress] E08303C0
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 66D003FC
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoConnectInterrupt] 002C7E83
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoDetachDevice] 0C8D1E74
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeWaitForSingleObject] 208B8932
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeInitializeEvent] 8A000002
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 83880846
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!RtlInitAnsiString] 000001C0
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 2C4EB70F
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoQueueWorkItem] 8303C183
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!MmMapIoSpace] D103FCE1
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2E7E8366
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoReportDetectedDevice] 8D1C7400
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoReportResourceForDetection] 83893204
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 00000218
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!NlsMbCodePageTag] 2E4EB70F
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!PoRequestPowerIrp] 021C8B89
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] B70F0000
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0C12E46
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!sprintf] 03D00304
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 0CB389F2
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!ObfDereferenceObject] 80000002
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0975013E
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 1B42E853
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!ZwClose] C4830000
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] B05E5F04
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] E58B5B01
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] CCCCC35D
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!PoStartNextPowerIrp] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!PoCallDriver] 53EC8B55
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoCreateDevice] 08758B56
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0214BE83
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 57000000
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!ZwOpenKey] 45C60674
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 1EEB010B
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoStartTimer] 020C868B
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeInitializeTimer] C0850000
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoInitializeTimer] 808A1074
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeInitializeDpc] 00000804
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeInitializeSpinLock] A03CF024
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoInitializeIrp] 0B45950F
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!ZwCreateKey] 45C604EB
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 458A000B
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 88C0840B
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!ZwSetValueKey] 840F0946
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000C1
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 14B30E8B
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoStartPacket] 1C8286C6
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 88010000
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 001C859E
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoFreeMdl] A19E8800
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!MmUnlockPages] C600001C
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 001C8686
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 86C60100
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 00001CA2
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 70518B01
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeSynchronizeExecution] 8D52006A
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoStartNextPacket] 001C8886
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeBugCheckEx] 55E85000
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 8B000023
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeSetTimer] 70518B0E
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeCancelTimer] 8D52016A
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!_allmul] 001CA486
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!MmProbeAndLockPages] 41E85000
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!_except_handler3] 8B000023
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!PoSetPowerState] 18C4830E
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 1C8D9E88
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 9E880000
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!_aulldiv] 00001CA9
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!strstr] 0E798366
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!_strupr] 74AAB000
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeQuerySystemTime] 8186C636
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 1A00001C
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!KeTickCount] 1C8386C6
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] C6020000
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoDeleteDevice] 001C8E86
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 86C60200
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00001CAA
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoAllocateIrp] 959E8802
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoAllocateMdl] 8800001C
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB19E
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!MmLockPagableDataSection] 96868800
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8800001C
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CB286
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!ExFreePoolWithTag] C61AEB00
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoFreeIrp] 001C8186
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!IoFreeWorkItem] 86C61200
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!InitSafeBootMode] 00001C83
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!RtlCompareMemory] 8E868801
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!memmove] 001CAA86
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[ntoskrnl.exe!MmHighestUserAddress] 80968B00
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\ahrg24al.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8426E9C] spzh.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 823DD1F8
Device \FileSystem\Fastfat \FatCdrom 8203D1F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\PCI_PNP2794 \Device\00000041 spzh.sys
Device \Driver\usbuhci \Device\USBPDO-0 8220C1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 823701F8
Device \Driver\dmio \Device\DmControl\DmConfig 823701F8
Device \Driver\dmio \Device\DmControl\DmPnP 823701F8
Device \Driver\dmio \Device\DmControl\DmInfo 823701F8
Device \Driver\usbuhci \Device\USBPDO-1 8220C1F8
Device \Driver\usbuhci \Device\USBPDO-2 8220C1F8
Device \Driver\usbehci \Device\USBPDO-3 821B91F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\USBSTOR \Device\00000063 81F5C500
Device \Driver\Ftdisk \Device\HarddiskVolume1 823DF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 823DF1F8
Device \Driver\Cdrom \Device\CdRom0 821851F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 823DF1F8
Device \Driver\Cdrom \Device\CdRom1 821851F8
Device \Driver\atapi \Device\Ide\IdePort0 823DE1F8
Device \Driver\atapi \Device\Ide\IdePort1 823DE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 823DE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 823DE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 823DE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 823DE1F8
Device \Driver\USBSTOR \Device\00000066 81F5C500
Device \Driver\Ftdisk \Device\HarddiskVolume4 823DF1F8
Device \Driver\Cdrom \Device\CdRom2 821851F8
Device \Driver\sptd \Device\1675986544 spzh.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 81FFE500
Device \Driver\NetBT \Device\NetbiosSmb 81FFE500

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{43620C54-ACD8-4B0D-A60E-839FAE3E6AF8} 81FFE500

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8220C1F8
Device \Driver\usbuhci \Device\USBFDO-1 8220C1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81F9A500
Device \Driver\usbehci \Device\USBFDO-2 821B91F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81F9A500
Device \Driver\usbuhci \Device\USBFDO-3 8220C1F8
Device \Driver\Ftdisk \Device\FtControl 823DF1F8
Device \Driver\ahrg24al \Device\Scsi\ahrg24al1Port2Path0Target0Lun0 8204F1F8
Device \Driver\ahrg24al \Device\Scsi\ahrg24al1 8204F1F8
Device \FileSystem\Fastfat \Fat 8203D1F8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 820CA500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc@imagepath \systemroot\system32\drivers\geyekrbqeuymbp.sys
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\main@aid 10048
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\main\delete@G:\DOCUME~1\eid\CONFIG~1\Temp\geyekrjibcpeafuu.tmp
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrbqeuymbp.sys
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\modules@geyekrcmd.dll \systemroot\system32\geyekrrivblxnf.dll
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\modules@geyekrlog.dat \systemroot\system32\geyekrdbginael.dat
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\modules@geyekrwsp.dll \systemroot\system32\geyekrwhpfyxbe.dll
Reg HKLM\SYSTEM\ControlSet001\Services\geyekruspmetdc\modules@geyekr.dat \systemroot\system32\geyekryvvdlyik.dat
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 G:\Archivos de programa\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0xEA 0x92 0x99 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAF 0x84 0x2C 0x49 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x35 0xE7 0x46 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 G:\Archivos de programa\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0xEA 0x92 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAF 0x84 0x2C 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD6 0x7A 0xA5 0xCD ...
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset003\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 G:\Archivos de programa\DAEMON Tools Lite\
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0xEA 0x92 0x99 ...
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAF 0x84 0x2C 0x49 ...
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD6 0x7A 0xA5 0xCD ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{451E1468-B877-9E57-075B-A2093EF94579}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{451E1468-B877-9E57-075B-A2093EF94579}@abmfeodfndphabgggbmcicibdecoemlkna 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{451E1468-B877-9E57-075B-A2093EF94579}@manfjhhojmfinbafefkfckgemn 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.15 ----

And here is RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by eid at 2009-08-24 07:41:15
Microsoft Windows XP Professional Service Pack 2
System drive G: has 790 MB (2%) free of 35 GB
Total RAM: 510 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:21 a.m., on 24/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
G:\Archivos de programa\Java\jre6\bin\jqs.exe
G:\Archivos de programa\Sandboxie\SbieSvc.exe
G:\ARCHIV~1\AVG\AVG8\avgemc.exe
G:\ARCHIV~1\AVG\AVG8\avgrsx.exe
G:\ARCHIV~1\AVG\AVG8\avgnsx.exe
G:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
G:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
G:\WINDOWS\Explorer.EXE
G:\ARCHIV~1\AVG\AVG8\avgtray.exe
G:\Archivos de programa\iTunes\iTunesHelper.exe
G:\Archivos de programa\Java\jre6\bin\jusched.exe
G:\Archivos de programa\iPod\bin\iPodService.exe
G:\Archivos de programa\ProcessExplorerNT\procexp.exe
G:\ircN2\system\mirc.exe
G:\Archivos de programa\Mozilla Firefox\firefox.exe
G:\WINDOWS\system32\NOTEPAD.EXE
G:\WINDOWS\system32\NOTEPAD.EXE
G:\Documents and Settings\eid\Escritorio\crap\RSIT.exe
G:\Archivos de programa\Trend Micro\HijackThis\eid.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicaci? auxiliar de v?culos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] G:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "G:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SandboxieControl] "G:\Archivos de programa\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "G:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "G:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Archivos de programa\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - G:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - G:\ARCHIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - G:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - G:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - G:\Archivos de programa\Sandboxie\SbieSvc.exe

--
End of file - 4948 bytes

======Scheduled tasks folder======

G:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aplicaci? auxiliar de v?culos de Adobe PDF Reader
- G:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - G:\Archivos de programa\Java\jre6\bin\jp2ssv.dll [2009-08-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - G:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-24 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"PHIME2002ASync"=G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"AVG8_TRAY"=G:\ARCHIV~1\AVG\AVG8\avgtray.exe [2009-08-16 2007832]
"Adobe Reader Speed Launcher"=G:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"iTunesHelper"=G:\Archivos de programa\iTunes\iTunesHelper.exe [2009-07-13 292128]
"SunJavaUpdateSched"=G:\Archivos de programa\Java\jre6\bin\jusched.exe [2009-08-24 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=G:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe [2007-08-01 222592]
"SandboxieControl"=G:\Archivos de programa\Sandboxie\SbieCtrl.exe [2009-05-28 380416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
G:\Archivos de programa\SlySoft\AnyDVD\AnyDVDtray.exe [2009-05-10 8704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
G:\WINDOWS\system32\olhrwef.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kamsoft]
G:\WINDOWS\system32\kamsoft.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\G:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^LaunchU3.exe.lnk]
G:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2009-03-09 22486]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
G:\WINDOWS\system32\avgrsstx.dll [2009-08-16 11952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\Archivos de programa\Utatane\utatane1043\Utatane.exe"="G:\Archivos de programa\Utatane\utatane1043\Utatane.exe:*:Enabled:Opennap????? ??????"
"G:\Archivos de programa\AVG\AVG8\avgemc.exe"="G:\Archivos de programa\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"G:\Archivos de programa\AVG\AVG8\avgupd.exe"="G:\Archivos de programa\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"G:\Archivos de programa\AVG\AVG8\avgnsx.exe"="G:\Archivos de programa\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"G:\Archivos de programa\uTorrent\uTorrent.exe"="G:\Archivos de programa\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"G:\Archivos de programa\MSN Messenger\msnmsgr.exe"="G:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"G:\Archivos de programa\MSN Messenger\livecall.exe"="G:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"G:\Archivos de programa\iTunes\iTunes.exe"="G:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\Archivos de programa\MSN Messenger\msnmsgr.exe"="G:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"G:\Archivos de programa\MSN Messenger\livecall.exe"="G:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-08-24 01:41:28 ----A---- G:\ComboFix.txt
2009-08-24 01:15:46 ----A---- G:\Boot.bak
2009-08-24 01:15:28 ----RASHD---- G:\cmdcons
2009-08-24 01:14:16 ----A---- G:\WINDOWS\zip.exe
2009-08-24 01:14:16 ----A---- G:\WINDOWS\SWXCACLS.exe
2009-08-24 01:14:16 ----A---- G:\WINDOWS\SWSC.exe
2009-08-24 01:14:16 ----A---- G:\WINDOWS\SWREG.exe
2009-08-24 01:14:16 ----A---- G:\WINDOWS\sed.exe
2009-08-24 01:14:16 ----A---- G:\WINDOWS\PEV.exe
2009-08-24 01:13:02 ----A---- G:\WINDOWS\system32\javaws.exe
2009-08-24 01:13:02 ----A---- G:\WINDOWS\system32\javaw.exe
2009-08-24 01:13:02 ----A---- G:\WINDOWS\system32\java.exe
2009-08-24 01:10:48 ----A---- G:\WINDOWS\system32\REN1B.tmp
2009-08-24 01:10:48 ----A---- G:\WINDOWS\system32\REN1A.tmp
2009-08-24 01:10:48 ----A---- G:\WINDOWS\system32\REN19.tmp
2009-08-20 21:53:19 ----D---- G:\Archivos de programa\Malwarebytes' Anti-Malware
2009-08-20 21:41:18 ----D---- G:\rsit
2009-08-20 21:38:44 ----A---- G:\WINDOWS\system32\REN18E.tmp
2009-08-20 21:38:44 ----A---- G:\WINDOWS\system32\REN18D.tmp
2009-08-20 21:38:44 ----A---- G:\WINDOWS\system32\REN18C.tmp
2009-08-17 03:45:23 ----D---- G:\Documents and Settings\eid\Datos de programa\avidemux
2009-08-17 03:44:55 ----D---- G:\Archivos de programa\Avidemux 2.5
2009-08-13 02:16:05 ----D---- G:\Archivos de programa\Datel
2009-08-11 03:18:00 ----D---- G:\Archivos de programa\HachaPro
2009-08-09 21:06:28 ----D---- G:\Documents and Settings\All Users\Datos de programa\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-09 21:06:28 ----D---- G:\Archivos de programa\iTunes
2009-08-09 21:04:05 ----A---- G:\WINDOWS\system32\usbaaplrc.dll
2009-08-09 07:00:15 ----D---- G:\Archivos de programa\MKV Demux All
2009-07-31 20:44:56 ----D---- G:\Archivos de programa\Nero
2009-07-31 07:42:10 ----N---- G:\WINDOWS\system32\spmsg2.dll
2009-07-31 07:42:09 ----HDC---- G:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-07-31 07:36:14 ----D---- G:\WINDOWS\system32\XPSViewer
2009-07-31 07:36:00 ----D---- G:\Archivos de programa\MSBuild
2009-07-31 07:35:40 ----D---- G:\Archivos de programa\Reference Assemblies
2009-07-31 03:44:09 ----D---- G:\WINDOWS\system32\URTTemp
2009-07-28 18:05:06 ----HD---- G:\$AVG8.VAULT$
2009-07-27 21:38:26 ----N---- G:\WINDOWS\system32\prntvpt.dll
2009-07-27 21:38:25 ----N---- G:\WINDOWS\system32\xpsshhdr.dll
2009-07-27 21:38:24 ----N---- G:\WINDOWS\system32\xpssvcs.dll
2009-07-27 20:28:48 ----N---- G:\WINDOWS\system32\spmsg.dll
2009-07-27 20:28:21 ----HDC---- G:\WINDOWS\$NtUninstallWIC$
2009-07-27 20:28:10 ----D---- G:\Archivos de programa\MSXML 6.0
2009-07-27 18:59:41 ----D---- G:\SDFix
2009-07-27 18:52:24 ----D---- G:\WINDOWS\CSC
2009-07-26 23:09:10 ----D---- G:\Archivos de programa\Trend Micro
2009-07-26 22:54:48 ----D---- G:\Archivos de programa\Panda Security
2009-07-26 16:14:17 ----D---- G:\Documents and Settings\All Users\Datos de programa\Lavasoft
2009-07-26 13:02:46 ----A---- G:\WINDOWS\NIRCMD.exe
2009-07-26 13:02:46 ----A---- G:\WINDOWS\grep.exe
2009-07-26 13:02:36 ----D---- G:\WINDOWS\ERDNT
2009-07-26 13:02:25 ----D---- G:\Qoobox
2009-07-26 04:41:49 ----A---- G:\WINDOWS\system32\tmp.txt
2009-07-26 04:39:46 ----A---- G:\rapport.txt

======List of files/folders modified in the last 1 months======

2009-08-24 07:41:19 ----D---- G:\WINDOWS\Prefetch
2009-08-24 07:33:56 ----D---- G:\Archivos de programa\Mozilla Firefox
2009-08-24 07:33:21 ----D---- G:\WINDOWS\system32\drivers
2009-08-24 07:32:29 ----D---- G:\WINDOWS\temp
2009-08-24 07:29:54 ----A---- G:\WINDOWS\SchedLgU.Txt
2009-08-24 01:41:33 ----D---- G:\WINDOWS\system32
2009-08-24 01:39:29 ----SD---- G:\WINDOWS\Tasks
2009-08-24 01:38:15 ----D---- G:\WINDOWS\system32\CatRoot2
2009-08-24 01:34:05 ----AD---- G:\WINDOWS
2009-08-24 01:34:05 ----A---- G:\WINDOWS\system.ini
2009-08-24 01:23:21 ----D---- G:\WINDOWS\AppPatch
2009-08-24 01:22:50 ----D---- G:\Archivos de programa\Archivos comunes
2009-08-24 01:15:47 ----RASH---- G:\boot.ini
2009-08-24 01:14:15 ----SHD---- G:\System Volume Information
2009-08-24 01:14:15 ----D---- G:\WINDOWS\system32\Restore
2009-08-24 01:13:12 ----SHD---- G:\WINDOWS\Installer
2009-08-24 01:12:44 ----A---- G:\WINDOWS\system32\deploytk.dll
2009-08-24 01:12:39 ----D---- G:\Archivos de programa\Java
2009-08-24 00:27:43 ----D---- G:\Documents and Settings\eid\Datos de programa\LimeWire
2009-08-23 03:44:15 ----D---- G:\Documents and Settings\eid\Datos de programa\uTorrent
2009-08-23 03:18:52 ----D---- G:\Archivos de programa\Replay Media Catcher
2009-08-23 02:59:09 ----A---- G:\WINDOWS\system32\rmc_rtspdl.dll
2009-08-23 02:59:09 ----A---- G:\WINDOWS\system32\rmc_fixasf.exe
2009-08-23 02:59:03 ----A---- G:\WINDOWS\system32\AUDIOGENIE2.DLL
2009-08-23 02:12:52 ----D---- G:\Archivos de programa
2009-08-22 00:04:32 ----D---- G:\Archivos de programa\NJStar Japanese WP
2009-08-21 03:14:27 ----D---- G:\Documents and Settings\eid\Datos de programa\FileZilla
2009-08-21 02:17:43 ----D---- G:\Archivos de programa\FlashFXP
2009-08-20 21:51:11 ----D---- G:\Archivos de programa\Unlocker
2009-08-20 21:38:31 ----D---- G:\Archivos de programa\Trillian
2009-08-17 03:35:05 ----D---- G:\WINDOWS\system
2009-08-17 03:19:18 ----HD---- G:\WINDOWS\inf
2009-08-16 18:50:40 ----A---- G:\WINDOWS\system32\avgrsstx.dll
2009-08-09 21:15:08 ----SD---- G:\Documents and Settings\eid\Datos de programa\Microsoft
2009-08-09 21:07:02 ----DC---- G:\WINDOWS\system32\DRVSTORE
2009-08-09 21:05:50 ----D---- G:\Archivos de programa\internet explorer
2009-08-09 21:05:34 ----D---- G:\Archivos de programa\QT Lite
2009-08-09 00:39:52 ----D---- G:\Archivos de programa\AviSynth 2.5
2009-08-05 00:18:35 ----A---- G:\WINDOWS\Sandboxie.ini
2009-07-31 08:47:55 ----RSD---- G:\WINDOWS\assembly
2009-07-31 08:47:55 ----D---- G:\WINDOWS\Microsoft.NET
2009-07-31 07:41:38 ----D---- G:\WINDOWS\system32\es-es
2009-07-31 07:38:15 ----A---- G:\WINDOWS\system32\PerfStringBackup.INI
2009-07-31 07:36:04 ----D---- G:\WINDOWS\system32\en-US
2009-07-31 07:35:49 ----RSD---- G:\WINDOWS\Fonts
2009-07-31 07:33:44 ----D---- G:\WINDOWS\WinSxS
2009-07-31 03:46:04 ----D---- G:\WINDOWS\Registration
2009-07-31 01:59:43 ----D---- G:\Documents and Settings\eid\Datos de programa\dvdcss
2009-07-27 21:40:47 ----D---- G:\WINDOWS\system32\spool
2009-07-27 21:39:35 ----RSHDC---- G:\WINDOWS\system32\dllcache
2009-07-27 20:29:03 ----A---- G:\WINDOWS\imsins.BAK
2009-07-27 19:12:24 ----A---- G:\WINDOWS\ntbtlog.txt
2009-07-26 04:37:12 ----A---- G:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; G:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-16 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; G:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; G:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-02 108552]
R1 ElbyCDIO;ElbyCDIO Driver; G:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 kbdhid;Controlador HID de teclado; G:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14976]
R1 P3;Controlador de procesador PentiumIII de Intel; G:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-19 46720]
R2 Aspi32;Aspi32; G:\WINDOWS\System32\drivers\aspi32.sys [2002-05-06 17005]
R2 Hardlock;Hardlock; \??\G:\WINDOWS\system32\drivers\hardlock.sys []
R2 tmcomm;tmcomm; \??\G:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ac97intc;Servicio de instalación del controlador de audio (WDM) de Intel® 82801; G:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; G:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Controlador de clases HID de Microsoft; G:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-24 9600]
R3 i81x;i81x; G:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
R3 mouhid;Controlador HID de mouse; G:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-24 12416]
R3 ms_mpu401;Controlador UART MIDI Microsoft MPU-401; G:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler; G:\WINDOWS\system32\drivers\psxpad.sys [2002-05-15 12160]
R3 PsxPortEnumerator;Psx Port Enumerator; G:\WINDOWS\System32\Drivers\psxenum.sys [2002-09-26 16896]
R3 rtl8139;Controlador de Windows NT del adaptador Fast Ethernet PCI basado en Realtek RTL8139(A/B/C); G:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SbieDrv;SbieDrv; \??\G:\Archivos de programa\Sandboxie\SbieDrv.sys []
R3 usbccgp;Controlador primario genérico USB de Microsoft; G:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft; G:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Controlador de concentrador estándar USB de Microsoft; G:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Clase de impresora USB de Microsoft; G:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB; G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Controlador minipuerto de la controladora de host universal USB de Microsoft; G:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 at78m1jm;at78m1jm; G:\WINDOWS\system32\drivers\at78m1jm.sys []
S3 catchme;catchme; \??\G:\ComboFix\catchme.sys []
S3 iAimFP0;iAimFP0; G:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; G:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; G:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; G:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; G:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; G:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; G:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; G:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; G:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; G:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; G:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; G:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; G:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; G:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 ltmodem5;LT Modem Driver; G:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
S3 pcouffin;VSO Software pcouffin; G:\WINDOWS\System32\Drivers\pcouffin.sys [2009-06-24 47360]
S3 USBAAPL;Apple Mobile USB Driver; G:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; G:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; G:\ARCHIV~1\AVG\AVG8\avgemc.exe [2009-08-16 908056]
R2 avg8wd;AVG Free8 WatchDog; G:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe [2009-08-16 297752]
R2 JavaQuickStarterService;Java Quick Starter; G:\Archivos de programa\Java\jre6\bin\jqs.exe [2009-08-24 153376]
R2 SbieSvc;Sandboxie Service; G:\Archivos de programa\Sandboxie\SbieSvc.exe [2009-05-28 53760]
R3 iPod Service;Servicio del iPod; G:\Archivos de programa\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 aspnet_state;ASP.NET State Service; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; G:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; G:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; G:\Archivos de programa\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Hope this helps.

PS,. Also, i don't know your escudo. De donde es?

Cheers!

#14 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 25 August 2009 - 07:35 AM



NOTICE:
These steps are for member: ajora ONLY. If you are a lurker, do NOT try this on your system! If you are not the topic starter and have a similar problem, do NOT post here; DO NOT follow these directions as they could damage the workings of your system. Please start your own topic.


Hello Net_Surfer, i already unistalled the previous Java, but there are a lot of programs in the Add/Remove that cant be removed, and ver13 of Java is one of them. I already tried with JavaRa and it deleted all previous versions, any idea on how to clear the add/remove program list?

Hello again ajora, :)

I see you having problems with uninstalling some programs.

Ok let's try the following:


:) Please download CCleaner from here and install it.
  • Doubleclick the Posted Image on your desktop to start the program.
  • Next Click The Tools button then the UnInstall Button as seen in the following picture:

    Posted Image


  • Next click each older version of JAVA one at a time and click the RUN UNINSTALLER BUTTON for each older version.
  • Do this to all but the most recent version of Java.
  • You may use the uninstaller to remove other programs that you do not need.
  • You may now uninstall CCleaner if you like by using ADD/REMOVE Programs
Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

CCleaner

Additional instructions can be found here if needed.

-------------------------*-------------------------


Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Please note:
Ensure that spybot teatimer is disable and You may have to disable any script protection running before you run any scan with the tools I will suggest. After downloading the tools, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control
HERE

:cool: We need to run a CF Script by using ComboFix again
  • Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Open Notepad and copy/paste the text in the below code box into it (Do not include the word: CODE):

    File::
    C:\Windows\System32\drivers\geyekrrivblxnf.dll
    C:\Windows\System32\drivers\geyekrdbginael.dat
    C:\Windows\System32\drivers\geyekrwhpfyxbe.dll
    C:\Windows\System32\drivers\geyekryvvdlyik.dat
    C:\Windows\System32\drivers\geyekrbqeuymbp.sys
    G:\DOCUME~1\eid\CONFIG~1\Temp\geyekrjibcpeafuu.tmp
    G:\WINDOWS\system32\drivers\at78m1jm.sys
    G:\WINDOWS\system32\kamsoft.exe
    G:\WINDOWS\system32\olhrwef.exe
    g:\windows\system32\REN1B.tmp
    g:\windows\system32\REN1A.tmp
    g:\windows\system32\REN19.tmp
    g:\windows\system32\REN18E.tmp
    g:\windows\system32\REN18D.tmp
    g:\windows\system32\REN18C.tmp
    g:\windows\system32\mlfcache.dat
    
    Driver::
    geyekruspmetdc
    geyekrbqeuymbp.sys
    geyekrbqeuymbp
    at78m1jm
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kamsoft]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000000
    
    Regnull::
    [HKEY_USERS\S-1-5-21-2000478354-1303643608-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{451E1468-B877-9E57-075B-A2093EF94579}*]
    
    DirLook:: 
    g:\documents and settings\All Users\Datos de programa\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    Posted Image

  • Now refering to the picture above, use your mouse to drag CFScript.text on top of ComboFix.exe
  • This will start ComboFix again. Please follow the prompts.
  • When finished, after reboot (in case it asks to reboot), it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
CAUTION: Do not mouseclick combofix's window while it is running. That may cause it to stall.

* Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


:) We should Re-run MBAM like this:

Open Posted ImageMBAM and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

:) Please Re-scan with RSIT and post the log here in your next reply.

Summary of the logs I will need in your next reply:
  • The report log of ComboFix
  • The report log of MBAM
  • The log of RSIT.
And a description of any remaining problems in your next post.

How is your Computer running now ajora?.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

:thumbup2:
Pss....... El escudo es el que pertenese al estado de Sinaloa. y ustedes de que parte de Mexico son?

Edited by Net_Surfer, 25 August 2009 - 08:06 AM.


#15 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 29 August 2009 - 03:54 PM

:) Bump :)
Hello ajora. :cool:

Are you still there
???
:thumbup2:

If you are please follow the instructions in my previous post.


Please continue to review my answers until I tell you your machine appears to be clear. Remember absence of symptoms does not mean that everything is clear.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Unfortunately, if I do not hear back from you within 2 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread.


Kind regards
Net_Surfer

:)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users