So, before my flight left, I decided to give my iPod a fresh charge. Now it, my laptop, and my flashdrive are all subsequently infected with the nar.vbs virus.
** As I was preparing a new HijackThis log, an error came up alerting me that it was denied access to my Host files. It wasn't two days ago!!
I have an HP Pavilion dv6500. I'm sure there are a few other minor malware infections on here, as I have had incessant problems with it almost since day one. Never let parents borrow your computers--ever. (again, )
Help me please!
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/08 12:31
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: CO_Mon.sys
Image Path: C:\Windows\system32\drivers\CO_Mon.sys
Address: 0xA0F7F000 Size: 30592 File Visible: No Signed: -
Status: -
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x88D05000 Size: 778240 File Visible: No Signed: -
Status: -
Name: mchInjDrv.sys
Image Path: C:\Windows\system32\Drivers\mchInjDrv.sys
Address: 0xA3FED000 Size: 2560 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xCC4FB000 Size: 49152 File Visible: No Signed: -
Status: -
Name: SYMDNS.SYS
Image Path: C:\Windows\System32\Drivers\SYMDNS.SYS
Address: 0x8E65C000 Size: 6912 File Visible: No Signed: -
Status: -
Name: SYMEVENT.SYS
Image Path: C:\Windows\system32\Drivers\SYMEVENT.SYS
Address: 0x8E633000 Size: 151552 File Visible: No Signed: -
Status: -
Name: SYMFW.SYS
Image Path: C:\Windows\System32\Drivers\SYMFW.SYS
Address: 0x8E66B000 Size: 89856 File Visible: No Signed: -
Status: -
Name: SYMNDISV.SYS
Image Path: C:\Windows\System32\Drivers\SYMNDISV.SYS
Address: 0x8E65E000 Size: 53248 File Visible: No Signed: -
Status: -
Name: SYMREDRV.SYS
Image Path: C:\Windows\System32\Drivers\SYMREDRV.SYS
Address: 0x8E658000 Size: 15616 File Visible: No Signed: -
Status: -
Name: SYMTDI.SYS
Image Path: C:\Windows\System32\Drivers\SYMTDI.SYS
Address: 0x8E607000 Size: 177792 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1324 Status: Locked to the Windows API!
SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8e55f1e8
#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8e55f2c8
#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8e5194f8
#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "<unknown>" at address 0x8828d950
#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8e55df18
#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x83738282
#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x83738474
#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x97dd8ed4
#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x8e55dc78
#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8e519358
#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8e55d008
#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8e55f108
#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8e519278
#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8e55de38
#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x97dd8ec0
#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8e517ad0
#: 201 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x97dd8ec5
#: 202 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x8e55f7a0
#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8e56e688
#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8e55f6c0
#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8e519120
#: 306 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8e55f5d0
#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8e55dd58
#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8e55f410
#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x97dd8ecf
#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8e55f4f0
#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8e589da8
#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x97dd8eca
#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8373867c
==EOF==
DDS (Ver_09-09-29.01) - NTFSx86
Run by Cally at 12:25:39.09 on Thu 10/08/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.908 [GMT -4:00]
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rpcnet.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\Windows Calendar\WinCal.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cally\Pictures\downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\cally\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpzsetup.lnk - c:\users\cally\appdata\local\temp\7zs2da3\HPZstub.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
AppInit_DLLs: APSHook.dll
LSA: Notification Packages = scecli ASWLNPkg
================= FIREFOX ===================
FF - ProfilePath - c:\users\cally\appdata\roaming\mozilla\firefox\profiles\mxjthdsg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\cally\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-25 130936]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-5-23 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-5-23 21504]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-25 348752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-1 24652]
S2 gupdate1c993159372cb60;Google Update Service (gupdate1c993159372cb60);c:\program files\google\update\GoogleUpdate.exe [2009-2-20 133104]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-3-5 118784]
SUnknown IDSvix86;IDSvix86; [x]
=============== Created Last 30 ================
2009-10-06 17:54 <DIR> --d----- c:\program files\Coupons
2009-10-06 12:13 <DIR> --d----- c:\program files\Trend Micro
2009-10-05 15:11 <DIR> --d----- c:\programdata\Avg8
2009-10-05 15:11 <DIR> --d----- c:\progra~2\Avg8
2009-10-04 22:18 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-28 17:13 390 a------- c:\windows\ArcView9x.INI
2009-09-28 17:09 1,867,776 a------- c:\windows\system32\python24.dll
2009-09-28 17:07 <DIR> --d----- c:\program files\ESRI
2009-09-28 17:06 <DIR> --d----- c:\users\cally\appdata\roaming\ESRI
2009-09-28 16:53 <DIR> --d----- c:\programdata\ESRI
2009-09-28 16:53 <DIR> --d----- c:\progra~2\ESRI
2009-09-28 16:51 <DIR> --d----- c:\program files\common files\ESRI
2009-09-28 16:50 <DIR> --d----- c:\program files\Leica Geosystems
2009-09-28 16:46 <DIR> --d----- c:\program files\common files\AnswerWorks 4.0
2009-09-28 16:45 <DIR> --d----- C:\Python24
2009-09-28 16:45 <DIR> --d----- c:\program files\ArcGIS
2009-09-08 17:48 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-08 17:48 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-08 17:48 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-08 17:48 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-08 17:48 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-08 17:48 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-08 17:48 17,920 a------- c:\windows\system32\netevent.dll
2009-09-08 17:48 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-08 17:48 10,240 a------- c:\windows\system32\finger.exe
2009-09-08 17:48 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-08 17:47 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-08 17:47 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-08 17:47 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-08 17:47 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-08 17:47 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-08 17:47 2,868,224 a------- c:\windows\system32\mf.dll
==================== Find3M ====================
2009-10-08 12:19 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-08 12:19 143,360 a------- c:\windows\inf\infstor.dat
2009-10-08 12:19 86,016 a------- c:\windows\inf\infpub.dat
2009-10-06 12:22 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-10-06 12:22 56,680 a------- c:\windows\system32\rpcnet.dll
2009-09-30 08:41 41,335 a------- c:\users\cally\appdata\roaming\nvModes.dat
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 08:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 06:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-17 23:01 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-08-04 18:01 569,363 a------- c:\windows\hpoins29.dat
2009-07-18 12:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 12:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 05:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 10:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 09:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 08:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 08:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 06:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-26 05:33 174 a--sh--- c:\program files\desktop.ini
2009-03-26 03:14 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-10 00:23 3,132 a------- c:\users\cally\appdata\roaming\wklnhst.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 12:26:41.72 ===============
Attached Files
Edited by cpapareli, 08 October 2009 - 10:34 AM.