A few days a go I went onto a site and it initially prompted me to open Adobe to read a .pdf file, I had no idea what this was for so I chose not to open it. Although that didn't stop a LOT of .exe files and .tmp files from trying to open up on my computer. Naturally I didn't let any of them through that I could avoid. but some managed through and eventually my computer was going crazy. I fixed it in safe mode by removeing the obvious malware that was popping up on my screen that was stopping me from using my user account on Windows Vista.
That was 2 days ago, I've ran CCleaner, Spybot S&D, Ad-Aware and a one year old (hasn't been updated in a year since I have no subscription to it) Norton AV scan, several times.
It picked up a few initially, Spybot being the most helpful in finding them and since then none pick up anything.
But I still get the site
http://error404.com/index.php
popping up every say 10 minutes in a new tab on firefox. This happens only when I have just booted up my computer, only 4-5 times per boot, in a time-frame of about an hour, and then it just lays dormant again until I restart my PC.
It is extremely annoying, it doesn't look like much BUT I want to be sure it's not a sympton of a much larger problem lying in my PC.
Thanks
RootRepeal came up with an error in the scan that said 'Could not read System registry! Please contact the author'
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/12 17:30
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x974A8000 Size: 778240 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1288 Status: Locked to the Windows API!
SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x90d126a8
#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x90d12788
#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x90cf42e8
#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "<unknown>" at address 0x8e3fb830
#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x90d123f8
#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x90cf44f8
#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x90cfefd0
#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x90d12f80
#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x90d124e8
#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x90d125c8
#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x90d12ea0
#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x90d12318
#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x90d18a28
#: 197 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x90d120c8
#: 202 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x90d12c40
#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x90cf6608
#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x90d12b80
#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x90d12d10
#: 306 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x90d12a90
#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x90d121d8
#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x90d128d0
#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x904054e8
#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x90d129b0
#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x90d12de0
#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x90cf4218
==EOF==
DDS (Ver_09-06-26.01) - NTFSx86
Run by Matt at 17:15:16.42 on 12/11/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_03
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2046.880 [GMT 0:00]
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
D:\MATLAB7\webserver\bin\win32\matlabserver.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
d:\matlab7\bin\win32\matlab.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wuauclt.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Matt\AppData\Local\Temp\RtkBtMnt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymCUW.exe
C:\Program Files\Ghostgum\gsview\gsview32.exe
D:\MATLAB7\bin\win32\MATLAB.exe
C:\Program Files\Ghostgum\gsview\gsview32.exe
C:\Program Files\ERUNT\ERUNT.EXE
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Norton Internet Security\nisoptui.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\Users\Matt\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://en.uk.acer.yahoo.com
uSEARCH PAGE = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Defence] "c:\programdata\defence\smss.exe" -SystemDefence
uRun: [Lsass Service] c:\users\matt\appdata\roaming\microsoft\windows\lsass.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: eNetHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\y95ct9y3.default\
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - component: c:\program files\mozilla firefox\components\MGSHelper.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-8-29 210432]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-10 64288]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20081210.002\IDSvix86.sys [2008-12-10 270384]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-5-10 50688]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-3-2 149352]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-10 1153368]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-5-9 179712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-3 99376]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-5-9 43008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-2 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [2008-10-1 101504]
=============== Created Last 30 ================
2009-11-11 12:08 2,035,712 a------- c:\windows\system32\win32k.sys
2009-11-11 12:08 351,232 a------- c:\windows\system32\WSDApi.dll
2009-11-10 12:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-11-10 12:19 93,360 a------- c:\windows\system32\drivers\SBREDrv.sys
2009-11-10 02:50 64,288 a------- c:\windows\system32\drivers\Lbd.sys
2009-11-10 02:30 <DIR> -cd-h--- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-10 02:30 <DIR> -cd-h--- c:\progra~2\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-10 00:18 <DIR> --d----- c:\programdata\30945425
2009-11-10 00:18 <DIR> --d----- c:\progra~2\30945425
2009-11-10 00:18 <DIR> --dsh--- c:\users\matt\appdata\roaming\Windows System Defender
2009-11-10 00:18 <DIR> --dsh--- c:\programdata\WSDDSys
2009-11-10 00:18 <DIR> --dsh--- c:\progra~2\WSDDSys
2009-11-10 00:17 <DIR> --dsh--- c:\programdata\0431db2
2009-11-10 00:17 <DIR> --dsh--- c:\progra~2\0431db2
2009-11-10 00:07 <DIR> --d----- c:\programdata\Defence
2009-11-10 00:07 <DIR> --d----- c:\progra~2\Defence
2009-11-04 12:16 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-11-04 12:16 87,552 a------- c:\windows\system32\wudriver.dll
2009-11-04 12:15 171,608 a------- c:\windows\system32\wuwebv.dll
2009-11-04 12:15 33,792 a------- c:\windows\system32\wuapp.exe
2009-10-28 13:13 310,784 a------- c:\windows\system32\unregmp2.exe
2009-10-28 13:13 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-10-22 17:14 <DIR> --d----- c:\program files\Gmask 1.70 English
2009-10-14 20:52 213,504 a------- c:\windows\system32\msv1_0.dll
2009-10-14 20:52 175,104 a------- c:\windows\system32\wdigest.dll
2009-10-14 20:52 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-10-14 20:52 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-10-14 20:52 72,704 a------- c:\windows\system32\secur32.dll
2009-10-14 20:52 9,728 a------- c:\windows\system32\lsass.exe
2009-10-14 20:50 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-14 20:50 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
==================== Find3M ====================
2009-11-12 12:59 48,032 a------- c:\programdata\nvModes.dat
2009-11-12 12:59 48,032 a------- c:\progra~2\nvModes.dat
2009-11-10 12:19 15,880 a------- c:\windows\system32\lsdelete.exe
2009-11-02 20:42 195,456 -------- c:\windows\system32\MpSigStub.exe
2009-09-04 12:24 61,440 a------- c:\windows\system32\msasn1.dll
2009-08-31 13:55 293,376 a------- c:\windows\system32\psisdecd.dll
2009-08-31 13:55 428,544 a------- c:\windows\system32\EncDec.dll
2009-08-28 12:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 12:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 12:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 12:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 12:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 10:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32 833,024 a------- c:\windows\system32\wininet.dll
2009-08-27 13:29 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-27 10:58 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-06-24 17:37 56 a---h--- c:\programdata\ezsidmv.dat
2009-06-24 17:37 56 a---h--- c:\progra~2\ezsidmv.dat
2009-06-15 20:53 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-15 20:53 51,200 a------- c:\windows\inf\infpub.dat
2009-06-15 20:53 86,016 a------- c:\windows\inf\infstor.dat
2009-06-15 19:04 27,744 a------- c:\users\matt\appdata\roaming\nvModes.dat
2008-06-23 23:12 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-23 19:48 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-12-30 20:07 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-12-30 20:07 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-12-30 20:07 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-06-21 21:27 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-06-21 21:27 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-06-21 21:27 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 17:17:32.46 ===============
Attached Files
Edited by Firepandaa, 12 November 2009 - 11:53 AM.