[Resolved] Possible laptop infection from infected flash drive
#16
Posted 14 December 2009 - 12:18 PM
Register to Remove
#17
Posted 14 December 2009 - 12:25 PM
------------------------------------------------------------
Microsoft MVP 2010-2014
#18
Posted 18 December 2009 - 05:13 PM
#19
Posted 18 December 2009 - 07:37 PM
------------------------------------------------------------
Microsoft MVP 2010-2014
#20
Posted 20 December 2009 - 10:46 PM
DDS (Ver_09-06-26.01) - NTFSx86
Run by Cece at 23:42:09.58 on Sun 12/20/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.1982.966 [GMT -5:00]
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\nvvsvc.exe
D:\Windows\system32\svchost.exe -k rpcss
D:\Windows\System32\svchost.exe -k secsvcs
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k GPSvcGroup
D:\Windows\system32\SLsvc.exe
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\rundll32.exe
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Windows\system32\svchost.exe -k NetworkService
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Windows\system32\svchost.exe -k imgsvc
D:\Windows\System32\svchost.exe -k WerSvcGroup
D:\Windows\system32\SearchIndexer.exe
D:\Windows\system32\taskeng.exe
D:\Windows\system32\taskeng.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Windows\System32\rundll32.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Windows\vsnp2uvc.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
D:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
D:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Internet Explorer\IELowutil.exe
D:\Users\Cece_Phoenix\Desktop\dds.scr
D:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
mStart Page = about:blank
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - d:\program files\wot\WOT.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - d:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: {73F7F495-A325-4C52-BE48-5F97FA511E89} - No File
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - d:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] d:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] d:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] d:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ISUSPM] "d:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVP] "d:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "d:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [snp2uvc] d:\windows\vsnp2uvc.exe
mRun: [RoxWatchTray] "d:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [B Register d:\program files\divx\divx codec\divxdec.ax] "d:\windows\system32\rundll32.exe" "d:\program files\divx\divx codec\divxdec.ax",DllRegisterServer
StartupFolder: d:\users\cece\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - d:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: HideSCABattery = 0 (0x0)
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAVolume = 0 (0x0)
mPolicies-explorer: NoAutorun = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - d:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - d:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - {73F7F495-A325-4C52-BE48-5F97FA511E89}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - d:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - d:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - d:\program files\wot\WOT.dll
Notify: klogon - d:\windows\system32\klogon.dll
AppInit_DLLs: d:\progra~1\kasper~1\kasper~2\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;d:\windows\system32\drivers\klim6.sys [2008-3-26 21008]
R3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
S3 FontCache;Windows Font Cache Service;d:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-3-24 21504]
=============== Created Last 30 ================
2009-12-18 18:25 <DIR> --d----- d:\programdata\Trymedia
2009-12-18 18:25 <DIR> --d----- d:\progra~2\Trymedia
2009-12-18 18:07 <DIR> --d----- d:\program files\Infogrames
2009-12-09 01:43 24,064 a------- d:\windows\system32\nshhttp.dll
2009-12-09 01:43 411,648 a------- d:\windows\system32\drivers\http.sys
2009-12-09 01:43 30,720 a------- d:\windows\system32\httpapi.dll
2009-12-08 18:51 243,712 a------- d:\windows\system32\rastls.dll
2009-12-03 19:07 <DIR> --d----- d:\program files\ESET
2009-12-01 19:19 77,312 a------- d:\windows\MBR.exe
2009-11-25 20:46 2,048 a------- d:\windows\system32\tzres.dll
2009-11-25 08:03 1,401,856 a------- d:\windows\system32\msxml6.dll
2009-11-25 08:03 1,248,768 a------- d:\windows\system32\msxml3.dll
2009-11-25 08:03 714,240 a------- d:\windows\system32\timedate.cpl
==================== Find3M ====================
2009-12-20 23:35 56,800 a------- d:\programdata\nvModes.dat
2009-12-20 23:35 56,800 a------- d:\progra~2\nvModes.dat
2009-12-06 21:09 382,072 a------- d:\windows\system32\perfh011.dat
2009-12-06 21:09 101,350 a------- d:\windows\system32\perfc011.dat
2009-11-21 01:40 916,480 a------- d:\windows\system32\wininet.dll
2009-11-21 01:34 109,056 a------- d:\windows\system32\iesysprep.dll
2009-11-21 01:34 71,680 a------- d:\windows\system32\iesetup.dll
2009-11-20 23:59 133,632 a------- d:\windows\system32\ieUnatt.exe
2009-11-20 09:11 411,368 a------- d:\windows\system32\deploytk.dll
2009-11-14 01:47 260,608 a------- d:\windows\PEV.exe
2009-11-13 19:47 856,064 a------- d:\windows\system32\divx_xx0c.dll
2009-11-13 19:47 856,064 a------- d:\windows\system32\divx_xx07.dll
2009-11-13 19:47 847,872 a------- d:\windows\system32\divx_xx0a.dll
2009-11-13 19:47 843,776 a------- d:\windows\system32\divx_xx16.dll
2009-11-13 19:47 839,680 a------- d:\windows\system32\divx_xx11.dll
2009-11-13 19:47 696,320 a------- d:\windows\system32\DivX.dll
2009-11-11 20:49 143,360 a------- d:\windows\inf\infstrng.dat
2009-11-11 20:49 51,200 a------- d:\windows\inf\infpub.dat
2009-11-11 20:49 86,016 a------- d:\windows\inf\infstor.dat
2009-11-02 20:42 195,456 -------- d:\windows\system32\MpSigStub.exe
2009-10-28 00:25 665,600 a------- d:\windows\inf\drvindex.dat
2009-10-28 00:24 0 a---h--- d:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-28 00:22 0 a---h--- d:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-08 16:08 555,520 a------- d:\windows\system32\UIAutomationCore.dll
2009-10-08 16:08 234,496 a------- d:\windows\system32\oleacc.dll
2009-10-08 16:07 4,096 a------- d:\windows\system32\oleaccrc.dll
2009-09-30 20:02 2,537,472 a------- d:\windows\system32\wpdshext.dll
2009-09-30 20:02 30,208 a------- d:\windows\system32\WPDShextAutoplay.exe
2009-09-30 20:02 334,848 a------- d:\windows\system32\PortableDeviceApi.dll
2009-09-30 20:02 87,552 a------- d:\windows\system32\WPDShServiceObj.dll
2009-09-30 20:02 31,232 a------- d:\windows\system32\BthMtpContextHandler.dll
2009-09-30 20:01 546,816 a------- d:\windows\system32\wpd_ci.dll
2009-09-30 20:01 160,256 a------- d:\windows\system32\PortableDeviceTypes.dll
2009-09-30 20:01 350,208 a------- d:\windows\system32\WPDSp.dll
2009-09-30 20:01 196,608 a------- d:\windows\system32\PortableDeviceWMDRM.dll
2009-09-30 20:01 100,864 a------- d:\windows\system32\PortableDeviceClassExtension.dll
2009-09-30 20:01 60,928 a------- d:\windows\system32\PortableDeviceConnectApi.dll
2009-09-30 20:01 81,920 a------- d:\windows\system32\wpdbusenum.dll
2009-09-30 20:01 226,816 a------- d:\windows\system32\WpdMtp.dll
2009-09-30 20:01 61,952 a------- d:\windows\system32\WpdMtpUS.dll
2009-09-30 20:01 33,280 a------- d:\windows\system32\WpdConns.dll
2009-09-24 21:10 974,848 a------- d:\windows\system32\WindowsCodecs.dll
2009-09-24 21:07 189,440 a------- d:\windows\system32\WindowsCodecsExt.dll
2009-09-24 21:04 321,024 a------- d:\windows\system32\PhotoMetadataHandler.dll
2009-09-24 20:49 1,554,432 a------- d:\windows\system32\xpsservices.dll
2009-09-24 20:48 351,232 a------- d:\windows\system32\XpsPrint.dll
2009-09-24 20:38 847,360 a------- d:\windows\system32\OpcServices.dll
2009-09-24 20:36 280,064 a------- d:\windows\system32\XpsGdiConverter.dll
2009-09-24 20:35 135,680 a------- d:\windows\system32\XpsRasterService.dll
2009-09-24 20:33 195,584 a------- d:\windows\system32\dxdiagn.dll
2009-09-24 20:33 829,440 a------- d:\windows\system32\d3d10warp.dll
2009-09-24 20:33 369,664 a------- d:\windows\system32\WMPhoto.dll
2009-09-24 20:32 252,928 a------- d:\windows\system32\dxdiag.exe
2009-09-24 20:31 519,680 a------- d:\windows\system32\d3d11.dll
2009-09-24 20:31 486,912 a------- d:\windows\system32\d3d10level9.dll
2009-09-24 20:31 161,280 a------- d:\windows\system32\d3d10_1.dll
2009-09-24 20:31 218,112 a------- d:\windows\system32\d3d10_1core.dll
2009-09-24 20:31 1,030,144 a------- d:\windows\system32\d3d10.dll
2009-09-24 20:31 828,928 a------- d:\windows\system32\d2d1.dll
2009-09-24 20:30 481,792 a------- d:\windows\system32\dxgi.dll
2009-09-24 20:30 190,464 a------- d:\windows\system32\d3d10core.dll
2009-09-24 20:27 1,064,448 a------- d:\windows\system32\DWrite.dll
2009-09-24 20:27 793,088 a------- d:\windows\system32\FntCache.dll
2009-09-24 20:27 37,888 a------- d:\windows\system32\cdd.dll
2009-09-24 17:54 258,048 a------- d:\windows\system32\winspool.drv
2009-09-24 17:54 667,648 a------- d:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 17:54 26,112 a------- d:\windows\system32\printfilterpipelineprxy.dll
2009-08-21 20:01 56 a---h--- d:\programdata\ezsidmv.dat
2009-08-21 20:01 56 a---h--- d:\progra~2\ezsidmv.dat
2009-05-05 19:04 12,978 a------- d:\users\cece\appdata\roaming\nvModes.dat
2009-03-26 02:02 139,030 a------- d:\windows\inf\perflib\0411\perfi.dat
2009-03-26 02:02 139,030 a------- d:\windows\inf\perflib\0411\perfh.dat
2009-03-26 02:02 30,674 a------- d:\windows\inf\perflib\0411\perfd.dat
2009-03-26 02:02 30,674 a------- d:\windows\inf\perflib\0411\perfc.dat
2009-03-25 12:45 174 a--sh--- d:\program files\desktop.ini
2006-11-02 07:40 287,440 a------- d:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:40 287,440 a------- d:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:40 30,674 a------- d:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:40 30,674 a------- d:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- d:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- d:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- d:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- d:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 23:43:23.57 ===============
Attached Files
#21
Posted 21 December 2009 - 12:09 AM
------------------------------------------------------------
Microsoft MVP 2010-2014
#22
Posted 23 December 2009 - 11:32 AM
------------------------------------------------------------
Microsoft MVP 2010-2014
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users