Log HijackThis

Bienvenido: ( Identificarse | Registrarse )

Foros de Trucos Windows

Indice Foros Descargas eLinks Analisis Procesos Buscar Nuevos Ayuda

√ Foros de Windows y Seguridad Informática > Sistemas Operativos > Windows XP

1 2

Closed Topic

Start new topic

Start Poll

Outline · [ Estándar ] · Lineal+

Log HijackThis, se agradese de antemano la ayuda.

Suscribirse | Enviar por correo | Imprimir

Caito	Jun 16 2008, 03:48 PM Publicado: #16
No Spiware Grupo: Supervisor Global Mensajes: 18.061 Registrado: 15-August 04 Desde: Argentina Miembro nº: 13.043	Descarga la utilidad ComboFix.exe (Windows 98/ME/2000/XP) http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://subs.geekstogo.com/Beta/ComboFix.exe Desactiva temporalmente el Antivirus y/o Antispyware. Cierra todas las ventanas abiertas. Nota Mientras CF este trabajando no mover el mouse ya que pararía su proceso. Nota ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación. -Ejecuta ComboFix.exe para iniciar el programa. -Se abrirá la ventana del programa en modo MS-DOS. Pulsa inmediatamente la tecla "Y" (Yes) y después sobre ENTER para iniciar el proceso de detección y limpieza. -Los iconos del Escritorio desaparecerán (esto es normal) y aparecerá el mensaje "Performing a scan of your machine". - A continuación, aparecerá el mensaje "Preparing a log report" "This takes a while. So, please be patient". -Seguidamente, aparecerán los mensajes "Almost done..." "A report of Combofix's actions would be produced at C:\Combofix.txt". -Se paciente y espera a que la ventana del programa se cierre sola y se muestre el archivo C:\Combofix.txt. Los iconos del Escritorio volverán a su sitio sin necesidad de tener que reiniciar el PC. -Por último, el informe combofix.txt mostrará los archivos detectados y eliminados, ese tal reporte lo pegas acá - Además pon un nuevo log del hijack Saludos Caito

k-LiWuLa	Jun 17 2008, 09:43 PM Publicado: #17
Miembro Grupo: Members Mensajes: 41 Registrado: 12-December 07 Miembro nº: 219.688	salu2 caito ak te dejo los 2 resultados ke me pides.. Esperando indicaciones ComboFix 08-06-16.5 - Miguel 2008-06-17 16:26:38.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.566 [GMT -4:00] Se ejecuta desde: C:\Documents and Settings\Miguel\Mis documentos\ComboFix.exe * Creado un nuevo punto de restauración ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION! . (((((((((((((((((((((((((((((((((((( Otras eliminaciones ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\regedit.com C:\WINDOWS\system32\taskmgr.com . (((((((((((((((((( Archivos creados desde 2008-05-17 - 2008-06-17 ))))))))))))))))))))))))))))))))) . 2008-06-16 23:07 . 2008-06-17 16:25 <DIR> d-------- C:\Documents and Settings\Miguel\Datos de programa\MegauploadToolbar 2008-06-16 23:07 . 2008-06-16 23:07 <DIR> d-------- C:\Archivos de programa\MegauploadToolbar 2008-06-15 10:56 . 2008-06-15 10:56 <DIR> d-------- C:\Documents and Settings\Miguel\Datos de programa\Malwarebytes 2008-06-15 10:56 . 2008-06-15 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes 2008-06-15 10:56 . 2008-06-15 10:56 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware 2008-06-15 10:56 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-15 10:56 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-14 00:16 . 2008-06-14 00:16 <DIR> d-a------ C:\WINDOWS\zts2.exe 2008-06-14 00:16 . 2008-06-14 00:16 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll 2008-06-14 00:16 . 2008-06-14 00:16 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll 2008-06-14 00:16 . 2008-06-14 00:16 <DIR> d-a------ C:\WINDOWS\rundll16.exe 2008-06-14 00:16 . 2008-06-14 00:16 <DIR> d-a------ C:\WINDOWS\rundl132.dll 2008-06-14 00:16 . 2008-06-14 00:16 <DIR> d-a------ C:\WINDOWS\logo1_.exe 2008-06-14 00:04 . 2008-06-15 02:26 0 --a------ C:\23990098.$$$ 2008-06-13 23:58 . 2008-06-14 23:48 26 --a------ C:\WINDOWS\Lic.xxx 2008-06-13 23:57 . 2008-04-13 22:19 152,064 --a------ C:\WINDOWS\R.COM 2008-06-13 23:57 . 2008-04-13 22:19 141,312 --a------ C:\WINDOWS\system32\T.COM 2008-06-12 00:09 . 2008-06-12 00:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-11 23:33 . 2008-06-11 23:33 <DIR> d-------- C:\WINDOWS\system32\es 2008-06-11 23:33 . 2008-06-11 23:33 <DIR> d-------- C:\WINDOWS\system32\bits 2008-06-11 23:33 . 2008-06-11 23:33 <DIR> d-------- C:\WINDOWS\l2schemas 2008-06-11 23:30 . 2008-06-11 23:34 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-06-11 23:16 . 2008-04-13 22:18 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2008-06-11 23:15 . 2008-04-13 22:18 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-06-11 23:14 . 2008-04-13 22:18 136,192 --------- C:\WINDOWS\system32\aaclient.dll 2008-06-11 23:14 . 2008-04-13 22:18 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll 2008-06-11 23:14 . 2008-04-13 22:18 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll 2008-06-11 23:14 . 2008-04-13 22:18 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll 2008-06-11 23:14 . 2008-04-13 22:18 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll 2008-06-11 23:14 . 2008-04-13 22:18 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll 2008-06-11 23:14 . 2008-04-13 22:18 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll 2008-06-11 23:14 . 2008-04-13 22:18 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll 2008-06-11 09:51 . 2008-06-11 09:51 <DIR> d-------- C:\Archivos de programa\Borland 2008-06-11 09:51 . 2001-11-28 19:50 430,080 --a------ C:\WINDOWS\system32\ibmgr.cpl 2008-06-11 09:51 . 2001-11-28 19:50 376,832 --a------ C:\WINDOWS\system32\gds32.dll 2008-06-11 09:51 . 2001-11-28 19:50 177,152 --a------ C:\WINDOWS\system32\ibinstall.dll 2008-06-11 09:51 . 2001-11-28 19:50 28,672 --a------ C:\WINDOWS\system32\ibxml.dll 2008-06-11 09:18 . 2008-04-14 11:59 272,512 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 09:18 . 2008-04-14 11:59 272,512 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-11 09:18 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-01 09:28 . 2005-05-18 11:43 81,920 --a------ C:\WINDOWS\system32\closeapp.exe 2008-06-01 09:28 . 2008-06-01 09:28 76,214 --a------ C:\WINDOWS\Icon_11.ico 2008-06-01 09:28 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\moveex.exe . (((((((((((((((((((((((((((((((((((((( Reporte Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-16 21:31 --------- d-----w C:\Archivos de programa\Messenger Plus! Live 2008-06-13 20:55 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy 2008-06-11 14:26 --------- d-----w C:\Archivos de programa\No-IP 2008-06-11 14:24 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe 2008-06-01 13:31 --------- d-----w C:\Archivos de programa\LClock 2008-05-29 01:59 --------- d-----w C:\Archivos de programa\LimeWire 2008-05-15 13:19 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help 2008-05-13 15:45 --------- d-----w C:\Archivos de programa\Archivos comunes\Ahead 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-27 03:02 --------- d-----w C:\Archivos de programa\MSN Webcam Recorder 2008-04-27 02:56 --------- d-----w C:\Archivos de programa\Windows Media Components 2008-04-26 16:24 --------- d-----w C:\Archivos de programa\Archivos comunes\SWF Studio 2008-04-26 16:05 --------- d-----w C:\Archivos de programa\sXe Injected 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-19 20:24 --------- d-----w C:\Archivos de programa\Spybot - Search & Destroy 2008-04-14 11:49 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 11:48 424,448 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-14 11:48 1,000,960 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 02:34 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 02:22 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 02:18 98,304 ----a-w C:\WINDOWS\system32\slbiop.dll 2008-04-14 02:17 763,904 ----a-w C:\WINDOWS\system32\winntbbu.dll 2008-04-14 02:17 730,624 ----a-w C:\WINDOWS\system32\ntdll.dll 2008-04-14 02:17 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 02:17 5,632 ----a-w C:\WINDOWS\system32\wmi.dll 2008-04-14 02:17 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 02:17 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 02:17 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-14 01:57 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 01:57 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 01:56 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 01:55 90,624 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 01:54 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 01:53 565,760 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 01:53 50,176 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 01:52 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 01:51 68,608 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 01:51 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 01:50 8,704 ----a-w C:\WINDOWS\system32\asferror.dll 2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe 2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe 2008-04-13 18:40 481,792 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-13 18:36 2,966,528 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-13 18:35 196,096 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll 2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll 2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll 2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll 2008-04-13 15:23 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 187,168 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-01-17 14:13 24,192 ----a-w C:\Documents and Settings\Miguel\usbsermptxp.sys 2008-01-17 14:13 22,768 ----a-w C:\Documents and Settings\Miguel\usbsermpt.sys 2007-06-23 18:23 774,144 ----a-w C:\Archivos de programa\RngInterstitial.dll 2007-04-09 21:08 92,064 ----a-w C:\Documents and Settings\Miguel\mqdmmdm.sys 2007-04-09 21:08 9,232 ----a-w C:\Documents and Settings\Miguel\mqdmmdfl.sys 2007-04-09 21:08 79,328 ----a-w C:\Documents and Settings\Miguel\mqdmserd.sys 2007-04-09 21:08 66,656 ----a-w C:\Documents and Settings\Miguel\mqdmbus.sys 2007-04-09 21:08 6,208 ----a-w C:\Documents and Settings\Miguel\mqdmcmnt.sys 2007-04-09 21:08 5,936 ----a-w C:\Documents and Settings\Miguel\mqdmwhnt.sys 2007-04-09 21:08 4,048 ----a-w C:\Documents and Settings\Miguel\mqdmcr.sys 2006-12-30 00:11 92,064 ----a-w C:\Documents and Settings\usuario\mqdmmdm.sys 2006-12-30 00:11 9,232 ----a-w C:\Documents and Settings\usuario\mqdmmdfl.sys 2006-12-30 00:11 79,328 ----a-w C:\Documents and Settings\usuario\mqdmserd.sys 2006-12-30 00:11 66,656 ----a-w C:\Documents and Settings\usuario\mqdmbus.sys 2006-12-30 00:11 6,208 ----a-w C:\Documents and Settings\usuario\mqdmcmnt.sys 2006-12-30 00:11 5,936 ----a-w C:\Documents and Settings\usuario\mqdmwhnt.sys 2006-12-30 00:11 4,048 ----a-w C:\Documents and Settings\usuario\mqdmcr.sys 2006-12-30 00:11 25,600 ----a-w C:\Documents and Settings\usuario\usbsermptxp.sys 2006-12-30 00:11 22,768 ----a-w C:\Documents and Settings\usuario\usbsermpt.sys 2007-06-04 17:06 168 --sh--r C:\WINDOWS\system32\5AB48C281A.sys 2007-11-20 22:55 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot[arroba]2008-03-23_13.45.36,65 ))))))))))))))))))))))))))))))))))))))))) . + 2008-02-20 05:20:23 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll + 2008-02-20 18:50:24 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll + 2007-03-06 01:27:45 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll + 2007-03-06 01:27:50 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe + 2007-03-06 01:27:44 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll + 2007-03-06 01:28:08 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe + 2007-03-06 01:29:00 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll + 2008-03-01 12:34:17 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll + 2008-03-01 12:34:17 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll + 2008-03-01 12:34:17 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll + 2008-03-01 12:34:17 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll + 2008-03-01 12:34:17 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll + 2008-02-22 09:39:56 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe + 2008-03-01 12:34:17 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll + 2008-03-01 12:34:17 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll + 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat + 2008-03-01 12:34:17 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll + 2008-03-01 12:34:18 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll + 2008-03-01 12:34:19 6,067,712 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll + 2008-03-01 12:34:19 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll + 2008-03-01 12:34:19 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll + 2008-02-22 09:39:56 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe + 2008-02-22 09:40:22 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe + 2008-03-01 12:34:19 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll + 2008-03-01 12:34:20 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll + 2008-03-01 12:34:20 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll + 2008-03-01 12:34:21 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll + 2008-03-01 12:34:21 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll + 2008-03-01 12:34:21 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll + 2008-03-01 12:34:21 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll + 2008-03-01 12:34:21 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll + 2008-03-01 12:34:21 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll + 2008-03-01 12:34:22 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\url.dll + 2008-03-01 12:34:22 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll + 2008-03-01 12:34:22 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll + 2008-03-01 12:34:22 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll + 2007-03-06 01:27:44 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spmsg.dll + 2007-03-06 01:27:50 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spuninst.exe + 2007-03-06 01:27:43 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\spcustom.dll + 2007-03-06 01:28:08 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe + 2007-03-06 01:29:00 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\updspapi.dll + 2007-03-06 01:27:44 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll + 2007-03-06 01:27:50 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe + 2007-03-06 01:27:43 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll + 2007-03-06 01:28:08 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe + 2007-03-06 01:29:00 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll + 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll + 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll + 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll + 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll + 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll + 2007-11-01 05:15:19 187,168 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll + 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll + 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll + 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll + 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll + 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll + 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll + 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll + 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll + 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll + 2007-11-01 05:15:20 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll + 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll + 2007-03-06 01:27:45 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll + 2007-03-06 01:27:50 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe + 2007-03-06 01:27:44 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll + 2007-03-06 01:28:08 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe + 2007-03-06 01:29:00 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll + 2007-03-06 01:27:50 215,776 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe + 2007-03-06 01:29:00 389,856 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\updspapi.dll + 2007-03-08 15:46:02 1,844,096 -c----w C:\WINDOWS\$NtUninstallKB941693$\win32k.sys + 2006-06-26 17:41:27 148,480 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsapi.dll + 2004-08-19 13:42:02 45,568 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll + 2007-03-06 01:27:50 215,776 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe + 2007-03-06 01:29:00 389,856 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\updspapi.dll + 2007-06-19 13:41:24 282,112 -c----w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll + 2007-03-06 01:27:50 215,776 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe + 2007-03-06 01:29:00 389,856 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi.dll + 2007-03-06 01:27:50 215,776 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe + 2007-03-06 01:29:00 389,856 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\updspapi.dll + 2004-08-19 13:42:00 561,179 -c----w C:\WINDOWS\$NtUninstallKB950749$\dao360.dll + 2004-08-19 13:42:16 512,029 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexch40.dll + 2004-08-19 13:42:16 319,517 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexcl40.dll + 2004-08-19 13:42:18 1,507,356 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjet40.dll + 2004-07-17 09:34:48 358,976 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjetoledb40.dll + 2004-08-19 13:42:18 180,255 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjint40.dll + 2004-08-19 13:42:18 53,279 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjter40.dll + 2004-08-19 13:42:18 241,693 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjtes40.dll + 2004-08-19 13:42:18 213,023 -c----w C:\WINDOWS\$NtUninstallKB950749$\msltus40.dll + 2004-08-19 13:42:18 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\mspbde40.dll + 2004-08-19 13:42:18 421,919 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd2x40.dll + 2004-08-19 13:42:18 315,423 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd3x40.dll + 2004-08-19 13:42:18 552,989 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrepl40.dll + 2004-08-19 13:42:18 258,077 -c----w C:\WINDOWS\$NtUninstallKB950749$\mstext40.dll + 2004-08-19 13:42:20 831,519 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswdat10.dll + 2004-08-19 13:42:20 614,429 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswstr10.dll + 2004-08-19 13:42:20 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\msxbde40.dll + 2007-03-06 01:27:50 215,776 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe + 2007-03-06 01:29:00 389,856 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\updspapi.dll - 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll + 2008-04-14 02:18:18 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll - 2004-08-19 13:41:40 1,852,416 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll + 2008-04-14 02:18:18 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll - 2004-08-19 13:41:40 450,048 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll + 2008-04-14 02:18:18 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll - 2004-08-19 13:41:40 137,728 ----a-w C:\WINDOWS\AppPatch\AcLua.dll + 2008-04-14 02:18:18 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll - 2004-08-19 13:41:40 244,736 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll + 2008-04-14 02:18:18 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll - 2004-08-19 13:41:42 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll + 2008-04-14 02:18:18 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll + 2008-06-17 19:17:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2004-10-08 20:01:22 372,736 ----a-w C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll + 2006-06-20 19:44:04 379,704 ----a-w C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll + 2007-01-09 12:28:18 110,592 ----a-w C:\WINDOWS\Downloaded Program Files\PURes-es.dll + 2008-04-14 15:59:30 272,512 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys + 2008-04-14 02:19:01 58,368 ------w C:\WINDOWS\ehome\medctrro.exe - 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE - 2007-06-13 13:22:28 1,249,280 ----a-w C:\WINDOWS\explorer.exe + 2008-04-14 02:18:57 1,036,288 ----a-w C:\WINDOWS\explorer.exe + 2000-08-31 12:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe + 2000-08-31 12:00:00 80,412 ----a-w C:\WINDOWS\grep.exe - 2004-08-19 13:42:26 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll + 2008-04-14 02:18:36 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll - 2004-08-19 13:42:28 33,280 ----a-w C:\WINDOWS\Help\sstub.dll + 2008-04-14 02:18:44 33,280 ----a-w C:\WINDOWS\Help\sstub.dll - 2004-08-19 13:42:28 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll + 2008-04-14 02:18:44 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll - 2005-08-14 16:18:32 143,872 ----a-w C:\WINDOWS\hh.exe + 2008-04-14 02:18:59 10,752 ----a-w C:\WINDOWS\hh.exe + 2007-12-07 02:08:48 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll + 2007-12-19 22:53:07 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll + 2007-12-07 02:08:49 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll + 2007-12-07 02:08:49 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll + 2007-12-07 02:08:49 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll + 2007-12-06 11:01:34 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe + 2007-12-07 02:08:49 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll + 2007-12-07 02:08:49 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll + 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll + 2007-12-07 02:08:49 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll + 2007-12-07 02:08:49 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll + 2007-12-07 02:08:51 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll + 2007-12-07 02:08:51 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll + 2007-12-07 02:08:51 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll + 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe + 2007-12-06 11:02:07 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe + 2007-12-07 02:08:52 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll + 2007-12-07 02:08:52 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll + 2007-12-07 02:08:52 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll + 2007-12-08 14:38:54 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll + 2007-12-07 02:08:54 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll + 2007-12-07 02:08:54 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll + 2007-12-07 02:08:54 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll + 2007-12-07 02:08:54 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll + 2008-01-11 05:37:31 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll + 2007-03-06 01:27:50 215,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe + 2007-03-06 01:29:00 389,856 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll + 2007-12-07 02:08:54 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll + 2007-12-07 02:08:55 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll + 2007-12-07 02:08:55 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll + 2007-12-07 02:08:55 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll + 2008-03-01 12:58:33 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll + 2008-03-01 12:58:33 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll + 2008-03-01 12:58:33 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll + 2008-03-01 12:58:33 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll + 2008-03-01 12:58:33 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll + 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe + 2008-03-01 12:58:33 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll + 2008-03-01 12:58:34 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll + 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll + 2008-03-01 12:58:34 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll + 2008-03-01 12:58:34 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll + 2008-03-01 12:58:36 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll + 2008-03-01 12:58:36 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll + 2008-03-01 12:58:37 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll + 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe + 2008-02-29 08:55:45 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe + 2008-03-01 12:58:38 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll + 2008-03-01 12:58:38 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll + 2008-03-01 12:58:38 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll + 2008-03-01 22:28:42 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll + 2008-03-01 12:58:40 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll + 2008-03-01 12:58:40 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll + 2008-03-01 12:58:41 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll + 2008-03-01 12:58:41 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll + 2008-03-01 12:58:41 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll + 2007-03-06 01:27:50 215,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe + 2007-03-06 01:29:00 389,856 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll + 2008-03-01 12:58:41 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll + 2008-03-01 12:58:42 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll + 2008-03-01 12:58:42 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll + 2008-03-01 12:58:42 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll - 2004-08-19 13:42:16 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll + 2008-04-14 02:18:25 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll - 2004-08-19 13:42:26 130,048 ----a-w C:\WINDOWS\ime\SOFTKBD.DLL + 2008-04-14 02:18:36 130,048 ----a-w C:\WINDOWS\ime\softkbd.dll - 2004-08-19 13:40:30 62,976 ----a-w C:\WINDOWS\ime\SPGRMR.dll + 2008-04-13 16:43:18 62,976 ----a-w C:\WINDOWS\ime\spgrmr.dll - 2004-08-19 13:42:26 272,384 ----a-w C:\WINDOWS\ime\SPTIP.dll + 2008-04-14 02:18:43 272,384 ----a-w C:\WINDOWS\ime\sptip.dll + 2007-08-29 03:38:10 500,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\MORPH9.DLL + 2007-08-29 03:38:46 9,584,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\MSPUB.EXE + 2007-08-29 03:06:16 467,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\POWERPNT.EXE + 2007-08-29 03:06:44 7,990,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\PPCORE.DLL + 2007-08-24 07:43:28 138,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\PRTF9.DLL + 2007-08-29 03:39:14 625,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\PTXT9.DLL + 2007-08-24 07:43:36 593,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\PUBCONV.DLL + 2007-08-24 11:10:14 1,846,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL + 2007-08-29 03:16:00 350,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\WINWORD.EXE + 2007-09-06 22:03:02 4,280,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\WRD12CNV.DLL + 2007-08-29 04:07:58 24,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\WRD12EXE.EXE + 2007-09-06 21:56:32 17,490,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\WWLIB.DLL - 2008-03-13 01:29:17 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2008-05-15 13:19:50 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe - 2008-03-13 01:29:18 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2008-05-15 13:19:51 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2008-03-13 01:29:18 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2008-05-15 13:19:50 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe - 2008-03-13 01:29:18 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe + 2008-05-15 13:19:51 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe - 2008-03-13 01:29:18 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe + 2008-05-15 13:19:51 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe - 2008-03-13 01:29:18 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2008-05-15 13:19:51 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2008-03-13 01:29:18 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2008-05-15 13:19:50 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2008-03-13 01:29:18 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe + 2008-05-15 13:19:51 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2008-03-13 01:29:18 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2008-05-15 13:19:51 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe - 2008-03-13 01:29:18 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe + 2008-05-15 13:19:51 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2008-03-13 01:29:17 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2008-05-15 13:19:50 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2008-03-26 21:22:46 25,214 ----a-r C:\WINDOWS\Installer\{CF097717-F174-4144-954A-FBC4BF301034}\ARPPRODUCTICON.exe - 2008-03-06 14:06:05 29,926 ----a-r C:\WINDOWS\Installer\{FC411B47-30BF-428C-9C1E-F6C54A94EA7E}\MsblIco.Exe + 2008-06-12 03:43:39 29,926 ----a-r C:\WINDOWS\Installer\{FC411B47-30BF-428C-9C1E-F6C54A94EA7E}\MsblIco.Exe + 2008-01-18 15:13:09 2,247 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscdsbl.bat + 2007-12-12 10:33:51 18,917 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs + 2007-10-30 10:06:46 13,801 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs + 2008-04-14 02:18:06 25,600 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscupdc.dll - 2004-08-19 13:41:44 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll + 2008-04-14 02:18:18 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll - 2004-08-19 13:41:44 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll + 2008-04-14 02:18:18 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll - 2006-10-12 13:55:52 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll + 2008-04-14 02:18:18 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll - 2007-03-09 13:58:58 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll + 2008-04-14 02:18:18 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll - 2004-08-19 13:41:44 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll + 2008-04-14 02:18:18 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll - 2004-08-19 13:41:44 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll + 2008-04-14 02:18:18 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll - 2004-08-19 13:41:44 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll + 2008-04-14 02:18:18 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll - 2006-10-12 11:54:07 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe + 2008-04-14 02:18:49 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe - 2004-08-19 13:41:44 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll + 2008-04-14 02:18:19 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll - 2002-09-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll + 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll - 2002-09-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll + 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll - 2002-09-24 12:00:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll + 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll - 2002-09-24 12:00:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll + 2007-04-02 18:26:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll - 2002-09-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll + 2008-04-13 17:32:28 19,968 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll - 2002-09-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll + 2007-04-02 18:26:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll - 2002-09-24 12:00:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll + 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll - 2002-09-24 12:00:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll + 2007-04-02 18:26:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll - 2002-09-24 12:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll + 2007-04-02 18:26:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll - 2002-09-24 12:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll + 2007-04-02 18:26:01 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll - 2002-09-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll - 2002-09-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll - 2002-09-24 12:00:00 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll + 2007-04-02 18:26:01 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll - 2002-09-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll - 2002-09-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll - 2002-09-24 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll - 2002-09-24 12:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll + 2007-04-02 18:26:02 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll - 2002-09-24 12:00:00 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll + 2007-04-02 18:26:02 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll - 2004-08-19 13:42:18 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll + 2008-04-14 02:18:27 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll - 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll + 2008-04-14 02:18:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll - 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe + 2008-04-13 18:53:32 558,080 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe - 2004-08-19 13:43:00 70,144 ----a-w C:\WINDOWS\NOTEPAD.EXE + 2008-04-14 02:19:06 70,144 ----a-w C:\WINDOWS\notepad.exe - 2004-08-19 13:42:50 768,512 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe + 2008-04-14 02:18:58 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe - 2004-08-19 13:42:50 743,936 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe + 2008-04-14 02:18:58 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe - 2004-08-19 13:42:50 18,944 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HscUpd.exe + 2008-04-14 02:18:59 18,432 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe - 2004-08-19 13:42:58 174,080 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe + 2008-04-14 02:19:04 171,520 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe - 2004-08-19 13:42:16 380,928 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll + 2008-04-14 02:18:26 381,440 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll - 2004-08-19 13:42:22 102,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll + 2008-04-14 02:18:33 102,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll - 2004-08-19 13:42:22 38,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll + 2008-04-14 02:18:33 38,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - 2006-09-24 07:26:44 86,327 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat + 2008-06-12 03:36:05 86,327 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat + 2008-06-12 03:36:05 2,740 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin - 2004-08-19 13:43:14 151,040 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe + 2008-04-14 02:19:14 151,040 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe - 2004-08-19 13:42:26 151,552 ----a-w C:\WINDOWS\PeerNet\sqldb20.dll + 2008-04-14 02:18:43 151,552 ----a-w C:\WINDOWS\PeerNet\sqldb20.dll - 2004-08-19 13:42:26 462,848 ----a-w C:\WINDOWS\PeerNet\sqlqp20.dll + 2008-04-14 02:18:43 462,848 ----a-w C:\WINDOWS\PeerNet\sqlqp20.dll - 2004-08-19 13:42:26 110,592 ----a-w C:\WINDOWS\PeerNet\sqlse20.dll + 2008-04-14 02:18:43 110,592 ----a-w C:\WINDOWS\PeerNet\sqlse20.dll - 2004-08-19 13:43:06 429,056 ----a-w C:\WINDOWS\regedit.exe + 2008-04-14 02:19:09 152,064 ----a-w C:\WINDOWS\regedit.exe + 2002-12-11 19:16:58 7,680 ----a-w C:\WINDOWS\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\asferror.dll + 2002-11-06 06:10:14 167,936 ----a-w C:\WINDOWS\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\wmserror.dll + 2002-11-06 06:45:32 327,680 ----a-w C:\WINDOWS\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\wmsservertypelib.dll + 2000-08-31 12:00:00 98,816 ----a-w C:\WINDOWS\sed.exe + 2008-04-13 18:46:18 53,376 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys + 2008-04-13 18:40:50 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys + 2008-04-13 18:46:20 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys + 2008-04-14 02:18:18 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll + 2008-04-14 02:18:18 136,192 ------w C:\WINDOWS\ServicePackFiles\i386\aaclient.dll + 2005-08-14 22:16:50 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys + 2005-08-14 22:16:48 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys + 2008-04-14 02:18:18 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\acadproc.dll + 2008-04-14 02:18:49 188,928 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe + 2008-04-14 02:18:18 1,852,928 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll + 2008-04-14 02:18:18 451,072 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll + 2008-04-14 02:18:18 141,312 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll + 2008-04-14 02:18:18 118,272 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll + 2008-04-14 01:48:46 189,056 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys + 2008-04-14 02:18:18 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll + 2008-04-14 02:18:18 193,536 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll + 2008-04-14 02:18:49 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe + 2008-04-14 02:18:18 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll + 2008-04-14 02:18:18 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll + 2008-04-14 02:18:18 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\admexs.dll + 2008-04-14 02:18:18 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll + 2008-04-14 02:18:49 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe + 2005-08-14 22:16:42 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys + 2008-04-14 02:18:18 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll + 2008-04-14 02:18:18 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\admwprox.dll + 2008-04-14 02:18:18 290,816 ------w C:\WINDOWS\ServicePackFiles\i386\adsiis51.dll + 2008-04-14 02:18:18 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll + 2008-04-14 02:18:18 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll + 2008-04-14 02:18:18 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll + 2008-04-14 02:18:18 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll + 2008-04-14 02:18:18 123,392 ------w C:\WINDOWS\ServicePackFiles\i386\adsnw.dll + 2007-04-02 13:10:44 85,813 ------w C:\WINDOWS\ServicePackFiles\i386\adsutil.vbs + 2008-04-14 02:18:18 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll + 2008-04-14 02:18:18 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll + 2008-04-14 02:18:18 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll + 2008-04-14 02:18:18 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll + 2008-04-14 02:18:18 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll + 2008-04-14 02:18:18 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll + 2008-04-14 02:18:18 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll + 2008-04-14 02:18:18 685,056 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll + 2008-04-14 02:18:18 101,376 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll + 2008-04-13 16:39:23 142,592 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys + 2008-04-13 19:19:23 138,112 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys + 2008-04-14 02:18:18 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll + 2008-04-14 02:18:18 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll + 2008-04-14 02:18:18 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll + 2008-04-14 02:18:18 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll + 2008-04-14 02:18:18 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll + 2008-04-14 02:18:18 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll + 2008-04-14 02:18:18 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll + 2008-04-14 02:18:49 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe + 2008-04-13 18:36:38 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys + 2008-04-13 18:36:39 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys + 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0401.dll + 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0404.dll + 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0405.dll + 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0406.dll + 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt0407.dll + 2007-04-02 18:26:00 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\agt0408.dll + 2008-04-13 17:32:28 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt0409.dll + 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040b.dll + 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt040c.dll + 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040d.dll + 2007-04-02 18:26:00 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt040e.dll + 2007-04-02 18:26:00 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0410.dll + 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0411.dll + 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0412.dll + 2007-04-02 18:26:01 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0413.dll + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0414.dll + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0415.dll + 2007-04-02 18:26:01 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0416.dll + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0419.dll + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041d.dll + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041f.dll + 2007-04-02 18:26:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0804.dll + 2007-04-02 18:26:02 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0816.dll + 2007-04-02 18:26:02 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0c0a.dll + 2008-04-14 02:18:19 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll + 2008-04-14 02:18:49 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe + 2008-04-14 02:18:49 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe + 2008-04-13 18:36:38 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys + 2008-04-14 02:18:19 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll + 2008-04-13 18:36:39 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys + 2008-04-14 01:49:41 41,600 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys + 2008-04-14 01:49:41 41,984 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys + 2008-04-14 02:18:19 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll + 2005-08-14 22:16:46 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys + 2008-04-14 02:18:19 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\appconf.dll + 2008-04-14 02:18:19 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll + 2008-04-14 02:18:19 175,104 ------w C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll + 2008-04-14 02:18:19 300,032 ------w C:\WINDOWS\ServicePackFiles\i386\appmgr.dll + 2008-04-14 02:18:19 332,800 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll + 2008-04-13 18:51:25 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys + 2008-04-14 02:18:19 375,808 ------w C:\WINDOWS\ServicePackFiles\i386\asp51.dll + 2008-04-13 16:09:58 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_filter.dll + 2008-04-13 16:09:59 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_isapi.dll + 2008-04-13 16:10:01 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe + 2008-04-13 16:10:01 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_state.exe + 2008-04-13 16:10:01 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe + 2008-04-14 02:18:49 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe + 2008-04-14 02:18:49 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe + 2008-04-14 02:18:19 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll + 2008-04-13 18:57:27 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys + 2008-04-14 02:18:49 25,600 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe + 2008-04-13 18:40:30 96,512 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys + 2005-08-14 22:16:50 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys + 2005-08-14 22:16:44 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys + 2005-08-14 22:16:42 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys + 2005-08-14 22:16:44 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys + 2005-08-14 22:16:42 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys + 2005-08-14 22:16:40 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys + 2005-08-14 22:16:42 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys + 2005-08-14 22:16:52 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys + 2005-08-14 22:16:40 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys + 2005-08-14 22:16:48 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys + 2008-04-14 02:18:19 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll + 2008-04-14 02:18:19 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll + 2008-04-14 02:18:19 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll + 2005-08-14 22:16:46 327,168 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys + 2005-08-14 22:16:48 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys + 2008-04-14 02:18:19 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll + 2008-04-14 02:18:19 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll + 2008-04-14 02:18:19 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll + 2005-08-14 22:16:46 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys + 2005-08-14 22:16:40 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys + 2005-08-14 22:16:40 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys + 2005-08-14 22:16:42 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys + 2005-08-14 22:16:52 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys + 2005-08-14 22:16:52 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys + 2005-08-14 22:16:40 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys + 2005-08-14 22:16:50 73,216 ------w C:\WINDOWS\

k-LiWuLa	Jun 17 2008, 09:59 PM Publicado: #18
Miembro Grupo: Members Mensajes: 41 Registrado: 12-December 07 Miembro nº: 219.688	aka esta el log hijack lo habia olvidado- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:58:34 p.m., on 17/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Archivos de programa\Bonjour\mDNSResponder.exe C:\Archivos de programa\Borland\InterBase\bin\ibguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Archivos de programa\Archivos comunes\Protexis\License Service\PSIService.exe C:\WINDOWS\RTHDCPL.EXE C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\System32\PAStiSvc.exe C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe C:\Archivos de programa\Borland\InterBase\bin\ibserver.exe C:\Archivos de programa\WinZip\WZQKPICK.EXE C:\Archivos de programa\HP\Digital Imaging\bin\hpqgalry.exe C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\explorer.exe C:\Archivos de programa\Windows Media Player\wmplayer.exe C:\Archivos de programa\Internet Explorer\iexplore.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8081 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Archivos de programa\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Complemento del Asistente para Internet de Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Asistente para Internet de Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [PrevxOne] "C:\Archivos de programa\Prevx1\PXConsole.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LClock] C:\Archivos de programa\LClock\LClock.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [E07EXLRD_702156] "C:\Archivos de programa\Microsoft Encarta\Encarta 2007 Biblioteca Premium DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Yahoo! Pager] "C:\ARCHIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Inicio rápido de HP Image Zone.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Messenger Power Live 9.lnk = C:\Archivos de programa\MSN Messenger\msngserv.exe O4 - Global Startup: Windows Live Messenger.lnk = C:\Archivos de programa\Windows Live\Messenger\msngserv.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://aba.cantv.net/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0270E604-387F-48ED-BB6D-AA51F51D6FC3} (Image Uploader Control) - http://iu.sonico.com//ImageUploader.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://kaliwula.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Archivos de programa\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Archivos de programa\Borland\InterBase\bin\ibserver.exe O23 - Service: NBService - Nero AG - C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Archivos de programa\Archivos comunes\Protexis\License Service\PSIService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 14222 bytes

Lestat	Jun 18 2008, 02:39 AM Publicado: #19
Experto Logs HijackThis Grupo: Global Mensajes: 9.989 Registrado: 15-April 06 Desde: Vigo-Galicia Miembro nº: 165.999	EL PROXIMO REPORT DEL COMBOFIX LO PEGAS EN DOS MESAJES QUE EN UNO NO CABE, ESE ULTIMO QUE PEGASTE NO ESTABA ENTERO 1.-Abre el Notepad (Bloc de Notas) * Ir a INICIO > EJECUTAR > * Y ahí pones notepad.exe y ACEPTAR 2.-Ahora copia y pega estos archivos dentro del Notepad CODE KillAll:: File:: C:\WINDOWS\zts2.exe C:\WINDOWS\system32\vcmgcd32.dll C:\WINDOWS\system32\iifgfgf.dll C:\WINDOWS\rundll16.exe C:\WINDOWS\rundl132.dll C:\WINDOWS\logo1_.exe C:\23990098.$$$ C:\WINDOWS\Lic.xxx C:\WINDOWS\R.COM C:\WINDOWS\system32\T.COM C:\WINDOWS\system32\closeapp.exe C:\WINDOWS\Icon_11.ico C:\WINDOWS\system32\moveex.exe 3.- Graba este archivo con el nombre CFScript.txt ,déjalo en tu escritorio y reinicia en Modo Seguro. 4.-A continuación arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente. Pegas el report y un nuevo log de Hijackthis Un Saludo

k-LiWuLa	Jun 18 2008, 03:30 AM Publicado: #20
Miembro Grupo: Members Mensajes: 41 Registrado: 12-December 07 Miembro nº: 219.688	aka esta la primera parte.... ComboFix 08-06-16.5 - Miguel 2008-06-17 22:15:44.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.610 [GMT -4:00] Se ejecuta desde: C:\Documents and Settings\Miguel\Mis documentos\ComboFix.exe Command switches used :: C:\Documents and Settings\Miguel\Escritorio\CFScript.txt * Creado un nuevo punto de restauración ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION! FILE :: C:\23990098.$$$ C:\WINDOWS\Icon_11.ico C:\WINDOWS\Lic.xxx C:\WINDOWS\logo1_.exe C:\WINDOWS\R.COM C:\WINDOWS\rundl132.dll C:\WINDOWS\rundll16.exe C:\WINDOWS\system32\closeapp.exe C:\WINDOWS\system32\iifgfgf.dll C:\WINDOWS\system32\moveex.exe C:\WINDOWS\system32\T.COM C:\WINDOWS\system32\vcmgcd32.dll C:\WINDOWS\zts2.exe . (((((((((((((((((((((((((((((((((((( Otras eliminaciones ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\23990098.$$$ C:\WINDOWS\Icon_11.ico C:\WINDOWS\Lic.xxx C:\WINDOWS\R.COM C:\WINDOWS\system32\closeapp.exe C:\WINDOWS\system32\moveex.exe C:\WINDOWS\system32\T.COM . (((((((((((((((((( Archivos creados desde 2008-05-18 - 2008-06-18 ))))))))))))))))))))))))))))))))) . 2008-06-16 23:07 . 2008-06-17 22:13 <DIR> d-------- C:\Documents and Settings\Miguel\Datos de programa\MegauploadToolbar 2008-06-16 23:07 . 2008-06-16 23:07 <DIR> d-------- C:\Archivos de programa\MegauploadToolbar 2008-06-15 10:56 . 2008-06-15 10:56 <DIR> d-------- C:\Documents and Settings\Miguel\Datos de programa\Malwarebytes 2008-06-15 10:56 . 2008-06-15 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes 2008-06-15 10:56 . 2008-06-15 10:56 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware 2008-06-15 10:56 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-15 10:56 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-14 00:16 . 2008-06-14 00:16 <DIR> d-a------ C:\WINDOWS\zts2.exe 2008-06-14 00:16 . 2008-06-14 00:16 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll 2008-06-14 00:16 . 2008-06-14 00:16 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll 2008-06-14 00:16 . 2008-06-14 00:16 <DIR> d-a------ C:\WINDOWS\rundll16.exe 2008-06-14 00:16 . 2008-06-14 00:16 <DIR> d-a------ C:\WINDOWS\rundl132.dll 2008-06-14 00:16 . 2008-06-14 00:16 <DIR> d-a------ C:\WINDOWS\logo1_.exe 2008-06-12 00:09 . 2008-06-12 00:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-11 23:33 . 2008-06-11 23:33 <DIR> d-------- C:\WINDOWS\system32\es 2008-06-11 23:33 . 2008-06-11 23:33 <DIR> d-------- C:\WINDOWS\system32\bits 2008-06-11 23:33 . 2008-06-11 23:33 <DIR> d-------- C:\WINDOWS\l2schemas 2008-06-11 23:30 . 2008-06-11 23:34 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-06-11 23:16 . 2008-04-13 22:18 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2008-06-11 23:15 . 2008-04-13 22:18 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-06-11 23:14 . 2008-04-13 22:18 136,192 --------- C:\WINDOWS\system32\aaclient.dll 2008-06-11 23:14 . 2008-04-13 22:18 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll 2008-06-11 23:14 . 2008-04-13 22:18 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll 2008-06-11 23:14 . 2008-04-13 22:18 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll 2008-06-11 23:14 . 2008-04-13 22:18 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll 2008-06-11 23:14 . 2008-04-13 22:18 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll 2008-06-11 23:14 . 2008-04-13 22:18 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll 2008-06-11 23:14 . 2008-04-13 22:18 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll 2008-06-11 09:51 . 2008-06-11 09:51 <DIR> d-------- C:\Archivos de programa\Borland 2008-06-11 09:51 . 2001-11-28 19:50 430,080 --a------ C:\WINDOWS\system32\ibmgr.cpl 2008-06-11 09:51 . 2001-11-28 19:50 376,832 --a------ C:\WINDOWS\system32\gds32.dll 2008-06-11 09:51 . 2001-11-28 19:50 177,152 --a------ C:\WINDOWS\system32\ibinstall.dll 2008-06-11 09:51 . 2001-11-28 19:50 28,672 --a------ C:\WINDOWS\system32\ibxml.dll 2008-06-11 09:18 . 2008-04-14 11:59 272,512 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 09:18 . 2008-04-14 11:59 272,512 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-11 09:18 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys . (((((((((((((((((((((((((((((((((((((( Reporte Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-16 21:31 --------- d-----w C:\Archivos de programa\Messenger Plus! Live 2008-06-13 20:55 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy 2008-06-11 14:26 --------- d-----w C:\Archivos de programa\No-IP 2008-06-11 14:24 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe 2008-06-01 13:31 --------- d-----w C:\Archivos de programa\LClock 2008-05-29 01:59 --------- d-----w C:\Archivos de programa\LimeWire 2008-05-15 13:19 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help 2008-05-13 15:45 --------- d-----w C:\Archivos de programa\Archivos comunes\Ahead 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-27 03:02 --------- d-----w C:\Archivos de programa\MSN Webcam Recorder 2008-04-27 02:56 --------- d-----w C:\Archivos de programa\Windows Media Components 2008-04-26 16:24 --------- d-----w C:\Archivos de programa\Archivos comunes\SWF Studio 2008-04-26 16:05 --------- d-----w C:\Archivos de programa\sXe Injected 2008-04-19 20:24 --------- d-----w C:\Archivos de programa\Spybot - Search & Destroy 2008-04-14 02:19 70,144 ----a-w C:\WINDOWS\notepad.exe 2008-04-14 02:19 32,866 ------w C:\WINDOWS\slrundll.exe 2008-04-14 02:19 286,720 ----a-w C:\WINDOWS\winhlp32.exe 2008-04-14 02:19 152,064 ----a-w C:\WINDOWS\regedit.exe 2008-04-14 02:18 50,688 ----a-w C:\WINDOWS\twain_32.dll 2008-04-14 02:18 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll 2008-04-14 02:18 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll 2008-04-14 02:18 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll 2008-04-14 02:18 33,280 ----a-w C:\WINDOWS\Help\sstub.dll 2008-04-14 02:18 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll 2008-04-14 02:18 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll 2008-04-14 02:18 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll 2008-04-14 02:18 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll 2008-04-14 02:18 10,752 ----a-w C:\WINDOWS\hh.exe 2008-04-14 02:18 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll 2008-04-14 02:18 1,036,288 ----a-w C:\WINDOWS\explorer.exe 2008-04-13 15:23 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-01-17 14:13 24,192 ----a-w C:\Documents and Settings\Miguel\usbsermptxp.sys 2008-01-17 14:13 22,768 ----a-w C:\Documents and Settings\Miguel\usbsermpt.sys 2007-06-23 18:23 774,144 ----a-w C:\Archivos de programa\RngInterstitial.dll 2007-04-09 21:08 92,064 ----a-w C:\Documents and Settings\Miguel\mqdmmdm.sys 2007-04-09 21:08 9,232 ----a-w C:\Documents and Settings\Miguel\mqdmmdfl.sys 2007-04-09 21:08 79,328 ----a-w C:\Documents and Settings\Miguel\mqdmserd.sys 2007-04-09 21:08 66,656 ----a-w C:\Documents and Settings\Miguel\mqdmbus.sys 2007-04-09 21:08 6,208 ----a-w C:\Documents and Settings\Miguel\mqdmcmnt.sys 2007-04-09 21:08 5,936 ----a-w C:\Documents and Settings\Miguel\mqdmwhnt.sys 2007-04-09 21:08 4,048 ----a-w C:\Documents and Settings\Miguel\mqdmcr.sys 2006-12-30 00:11 92,064 ----a-w C:\Documents and Settings\usuario\mqdmmdm.sys 2006-12-30 00:11 9,232 ----a-w C:\Documents and Settings\usuario\mqdmmdfl.sys 2006-12-30 00:11 79,328 ----a-w C:\Documents and Settings\usuario\mqdmserd.sys 2006-12-30 00:11 66,656 ----a-w C:\Documents and Settings\usuario\mqdmbus.sys 2006-12-30 00:11 6,208 ----a-w C:\Documents and Settings\usuario\mqdmcmnt.sys 2006-12-30 00:11 5,936 ----a-w C:\Documents and Settings\usuario\mqdmwhnt.sys 2006-12-30 00:11 4,048 ----a-w C:\Documents and Settings\usuario\mqdmcr.sys 2006-12-30 00:11 25,600 ----a-w C:\Documents and Settings\usuario\usbsermptxp.sys 2006-12-30 00:11 22,768 ----a-w C:\Documents and Settings\usuario\usbsermpt.sys 2007-06-04 17:06 168 --sh--r C:\WINDOWS\system32\5AB48C281A.sys 2007-11-20 22:55 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot_2008-06-17_16.30.32,28 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-17 19:17:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-18 02:19:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-18 02:19:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_558.dat . ((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 Nota entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 22:18 15360] "TaskSwitchXP"="C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 18:29 62976] "E07EXLRD_702156"="C:\Archivos de programa\Microsoft Encarta\Encarta 2007 Biblioteca Premium DVD\EDICT.exe" [2006-06-12 22:01 351000] "msnmsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ares"="C:\Archivos de programa\Ares\Ares.exe" [ ] "Yahoo! Pager"="C:\ARCHIV~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 18:11 4670968] "swg"="C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-13 14:42 68856] "SpybotSD TeaTimer"="C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 21:51 14864384 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 21:05 7557120] "nwiz"="nwiz.exe" [2006-02-13 21:05 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 21:05 86016] "RemoteControl"="C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "CHotkey"="mHotkey.exe" [2002-07-05 16:39 491008 C:\WINDOWS\MHOTKEY.exe] "HP Software Update"="C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.5.0_09\bin\jusched.exe" [ ] "PCSuiteTrayApplication"="C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [ ] "PrevxOne"="C:\Archivos de programa\Prevx1\PXConsole.exe" [ ] "ISUSPM Startup"="C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184] "ISUSScheduler"="C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920] "LClock"="C:\Archivos de programa\LClock\LClock.exe" [2004-09-20 01:27 65536] "Adobe Photo Downloader"="C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712] "Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "TkBellExe"="C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2008-01-28 23:29 185896] "!AVG Anti-Spyware"="C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312] "NeroFilterCheck"="C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

k-LiWuLa	Jun 18 2008, 03:32 AM Publicado: #21
Miembro Grupo: Members Mensajes: 41 Registrado: 12-December 07 Miembro nº: 219.688	Esta es la segunda parte del log [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 22:18 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]