ShannonG

Hi folks,

A couple of months ago my dad destroyed the Family PC after careless browsing and downloading, installing numerous viruses and trojans. There was no alternative but to reformat; this was actually a blessing in disguise as the computer had not reformatted for over three years and was due for one, unfortunately though we lost many files.

I'm back home from University for holidays and have been installing drivers and getting it in order; my dad wanted me to get a DVD Ripper program for him tonight, however at 2am I had an error of judgment; I downloaded a devious file disguised as the program.

This has installed the Win32/SillyDI.HDL trojan onto the computer; CA Security Scanner is recognizing it, deleting the file but it always pops up again. I was reading on the CA site in their virus description that their virus scanner is prone to this, so this is quite a common problem that they themselves have admitted.

I'm pretty angry at myself, and I want to get rid of it post-haste. Especially after such a short period of time of formatting the computer. Can anyone give me some help? What programs and methods are more capable of removing it?

I tried using GMER, but at the end of the scan it gave a warning saying that the rootkit activity has interrupted??? Attached is a photo of what CA Security Scanner is doing, for some reason I can't find my Attach.txt but I will get it tomorrow.

Cheers,
Shannon

P.S: Haven't used the basics like Ad-aware, Spybot, ZoneAlarm etc yet; I haven't had the time and I want to see some suggestions by you guys, so I can work on it tomorrow (it's 3am). Furthermore, many programs are out of date as I haven't had the time to update them (Intenet Explorer, for example).

--------

DDS.txt:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Geoff at 2:39:32.79 on Tue 16/06/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.618 [GMT -7:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.510\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\mqtoa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Geoff\Geoff.exe
C:\DOCUME~1\Geoff\LOCALS~1\Temp\ms1245141991.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Geoff\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Geoff] c:\documents and settings\geoff\Geoff.exe /i
uRun: [InetChk] c:\docume~1\geoff\locals~1\temp\ms1245141991.exe work
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [cctray] c:\program files\ca\ca internet security suite\casc.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-7.0.0.510\QOELoader.exe"
mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"
mRun: [mqtoa] c:\windows\system32\mqtoa.exe \u
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Geoff] c:\documents and settings\geoff\Geoff.exe /i
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: UmxSbxExw.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\geoff\applic~1\mozilla\firefox\profiles\4b6ldrik.default\

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-1-9 107512]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-1-9 72696]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-1-9 52728]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-1-9 115704]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-6-15 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-6-15 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-6-15 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-6-15 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-6-15 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-6-15 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-6-15 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-1-9 144376]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-7-30 58872]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-1-9 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-1-9 797176]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-1-9 297464]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-6-15 292080]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-1-9 205304]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-6-15 222448]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-6-15 108368]
S2 fips32cup;fips32cup;c:\windows\system32\drivers\fips32cup.sys [2009-5-25 41216]
S2 ws2_32sik;ws2_32sik;c:\windows\system32\drivers\ws2_32sik.sys [2009-6-14 41216]

=============== Created Last 30 ================

2009-06-16 02:03 <DIR> --d----- c:\windows\CAVTemp
2009-06-16 01:46 21,090 ----h--- c:\documents and settings\geoff\Geoff.exe
2009-06-16 01:46 28,672 a------- c:\windows\system32\mqtoa.exe
2009-06-16 01:46 28,672 ----h--- c:\documents and settings\geoff\hex.exe
2009-06-16 01:45 10 a------- c:\windows\system32\kr_done1
2009-06-15 03:01 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-15 00:33 <DIR> --d----- c:\program files\ISSThirdParty
2009-06-15 00:33 250,544 a------- c:\windows\system32\KeyHelp.ocx
2009-06-15 00:33 <DIR> --d----- c:\program files\common files\Scanner
2009-06-15 00:33 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-06-15 00:33 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-06-15 00:33 111,856 a------- c:\windows\system32\isafprod.dll
2009-06-15 00:33 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-06-15 00:33 99,568 a------- c:\windows\system32\isafeif.dll
2009-06-15 00:33 83,256 a------- c:\windows\system32\vetredir.dll
2009-06-15 00:33 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-06-15 00:33 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-06-15 00:33 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-06-15 00:32 111,856 a------- c:\windows\system32\wbem\canvprov.dll
2009-06-15 00:32 6,552 a------- c:\windows\system32\wbem\canvprov.mof
2009-06-14 16:26 <DIR> --d----- c:\program files\PokerStars.NET
2009-06-14 16:25 10,040,736 a------- c:\program files\PokerStarsInstallPM.exe
2009-06-14 09:56 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-06-14 03:08 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-14 03:04 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-14 03:04 333,184 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-14 03:04 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-06-14 03:04 683,520 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-14 03:01 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-06-14 03:01 332,800 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-14 03:01 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-06-14 03:00 1,193,414 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-14 03:00 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-14 03:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-14 03:00 <DIR> --d-h--- c:\windows\$hf_mig$
2009-06-14 02:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2009-06-14 01:55 145,792 ac------ c:\windows\system32\dllcache\portcls.sys
2009-06-14 01:55 <DIR> --d----- c:\program files\Analog Devices
2009-06-14 01:42 <DIR> --ds---- c:\documents and settings\geoff\UserData
2009-06-14 01:29 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-14 01:25 <DIR> --d----- c:\program files\Silicon Integrated Systems
2009-06-14 01:24 31,744 a------- c:\windows\system32\drivers\SiSGbeXP.sys
2009-06-14 01:21 28,544 a------- c:\windows\system32\drivers\SiSRaid2.sys
2009-06-14 01:21 135,168 a------- c:\windows\system32\property.dll
2009-06-14 01:20 35,840 a------- c:\windows\system32\drivers\AmdK8.sys
2009-06-14 01:20 <DIR> --d----- c:\program files\AMD
2009-06-14 00:34 15,781 a------- c:\windows\system32\drivers\mdc8021x.sys
2009-06-14 00:10 88,566 a------- c:\windows\system32\nvapps.xml
2009-06-14 00:10 17,056 a------- c:\windows\system32\nvdisp.nvu
2009-06-14 00:10 <DIR> --d----- c:\windows\nview
2009-06-14 00:09 208,896 a------- c:\windows\system32\nvudisp.exe
2009-06-14 00:09 208,896 a------- c:\windows\system32\NVUNINST.EXE
2009-06-14 00:09 <DIR> --d----- C:\NVIDIA
2009-06-13 23:55 39,040 a------- c:\windows\system32\drivers\ousbehci.sys
2009-06-13 23:55 54,016 a------- c:\windows\system32\drivers\ousb2hub.sys
2009-06-13 23:55 <DIR> --d----- c:\windows\Drivers
2009-06-13 14:13 19,528 a------- c:\windows\000001_.tmp
2009-06-01 12:48 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-01 12:45 <DIR> --d----- c:\program files\Yahoo!
2009-06-01 12:43 <DIR> --d----- c:\windows\Downloaded Installations
2009-06-01 12:43 <DIR> --d----- c:\program files\CA
2009-05-29 14:36 151 a------- c:\windows\PhotoSnapViewer.INI
2009-05-26 18:47 116 a------- c:\windows\NeroDigital.ini
2009-05-26 18:11 <DIR> --d----- c:\program files\Brother
2009-05-26 17:43 49,610 -------- c:\windows\UNNMP.cfg
2009-05-26 17:43 2,670,592 -------- c:\windows\UNNMP.exe
2009-05-26 17:42 125,184 -------- c:\windows\system32\drivers\imagesrv.sys
2009-05-26 17:42 5,504 -------- c:\windows\system32\drivers\imagedrv.sys
2009-05-26 17:42 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-05-26 17:38 218,255 -------- c:\windows\UNNeroVision.cfg
2009-05-26 17:38 2,682,880 -------- c:\windows\UNNeroVision.exe
2009-05-26 17:38 24,064 -------- c:\windows\system32\msxml3a.dll
2009-05-26 17:38 471,040 -------- c:\windows\system32\ImagXRA7.dll
2009-05-26 17:38 364,544 -------- c:\windows\system32\TwnLib4.dll
2009-05-26 17:38 1,568,768 -------- c:\windows\system32\ImagX7.dll
2009-05-26 17:38 476,320 -------- c:\windows\system32\ImagXpr7.dll
2009-05-26 17:38 262,144 -------- c:\windows\system32\ImagXR7.dll
2009-05-26 17:38 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-05-26 17:38 38,912 -------- c:\windows\system32\picn20.dll
2009-05-25 11:50 50 a------- c:\windows\system32\bridf08b.dat
2009-05-25 11:39 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-05-25 11:39 <DIR> --ds---- c:\windows\system32\Microsoft
2009-05-25 11:35 <DIR> --d----- c:\windows\ServicePackFiles
2009-05-25 11:33 2,897,920 -------- c:\windows\system32\xpsp2res.dll
2009-05-25 11:33 19,528 a------- c:\windows\002111_.tmp
2009-05-25 11:33 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-05-25 11:32 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-05-25 11:31 <DIR> --d----- c:\windows\EHome
2009-05-25 11:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Brother
2009-05-24 21:40 244,232 a------- c:\windows\system32\msflxgrd.ocx
2009-05-24 21:40 189,952 a------- c:\windows\Qcard32.dll
2009-05-24 21:40 140,288 a------- c:\windows\system32\COMDLG32.OCX
2009-05-24 17:51 <DIR> --d----- C:\Movies
2009-05-24 17:03 754 a------- c:\windows\WORDPAD.INI
2009-05-24 17:01 240,640 a------- c:\windows\system32\mpg4dmod.dll
2009-05-24 17:01 156,910 a------- c:\windows\WMSysPr8.prx
2009-05-24 17:01 1,683,792 a------- c:\windows\system32\wmvcore2.dll
2009-05-24 17:01 809,984 a------- c:\windows\system32\wmvdmod.dll
2009-05-24 17:01 759,296 a------- c:\windows\system32\wmsdmod.dll
2009-05-24 17:01 670,720 a------- c:\windows\system32\wmadmoe.dll
2009-05-24 17:01 665,424 a------- c:\windows\system32\wmv8dmoe.dll
2009-05-24 17:01 572,752 a------- c:\windows\system32\wmvdmoe.dll
2009-05-24 17:01 438,608 a------- c:\windows\system32\wmv8dmod.dll
2009-05-24 17:01 408,064 a------- c:\windows\system32\wmadmod.dll
2009-05-24 17:01 285,184 a------- c:\windows\system32\wmidx2.ocx
2009-05-24 17:01 115,200 a------- c:\windows\system32\wmsdmoe.dll
2009-05-24 16:57 <DIR> --d----- c:\program files\Cool Edit Pro
2009-05-24 16:13 <DIR> --d----- C:\OtsLabs
2009-05-24 14:49 <DIR> --d----- c:\program files\MagicDVDRipper
2009-05-24 03:08 <DIR> --d----- C:\Install Files
2009-05-24 03:08 <DIR> --d----- c:\program files\freewiz
2009-05-24 03:08 <DIR> --d----- c:\program files\Freecell
2009-05-24 03:04 <DIR> --d----- C:\Eric L. Green
2009-05-24 03:03 49,152 a----r-- c:\program files\Same.exe
2009-05-24 03:03 15,668 a------- c:\program files\same.zip
2009-05-24 03:03 <DIR> --d----- c:\program files\coolpro2
2009-05-24 03:03 6,301,975 a------- C:\geoff clean.rtf
2009-05-24 01:54 <DIR> --d----- c:\program files\Tardis 2000
2009-05-24 01:54 <DIR> --d----- C:\SESSION
2009-05-24 01:53 <DIR> --d----- c:\program files\OTS Labs
2009-05-24 01:53 <DIR> --d----- c:\program files\Nokia
2009-05-24 01:46 <DIR> --d--r-- C:\My Videos
2009-05-23 19:13 <DIR> --d----- C:\Mp3s
2009-05-23 19:03 <DIR> --dsh--- c:\windows\Installer
2009-05-23 19:02 <DIR> --d----- c:\documents and settings\Geoff
2009-05-23 18:59 8,192 a------- c:\windows\REGLOCS.OLD
2009-05-23 18:57 79,360 ac------ c:\windows\system32\dllcache\winar30.ime
2009-05-23 18:57 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-05-23 18:57 31,232 ac------ c:\windows\system32\dllcache\weitekp9.sys
2009-05-23 18:57 86,073 ac------ c:\windows\system32\dllcache\voicesub.dll
2009-05-23 18:57 48,256 ac------ c:\windows\system32\dllcache\w32.dll
2009-05-23 18:55 274,489 ac------ c:\windows\system32\dllcache\imjputyc.dll
2009-05-23 18:54 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-05-23 18:52 <DIR> --d----- c:\program files\common files\MSSoap
2009-05-23 18:52 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-05-23 18:52 <DIR> --d----- c:\program files\Online Services
2009-05-23 18:52 <DIR> --d----- c:\program files\Messenger
2009-05-23 18:51 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-05-23 18:51 <DIR> --d----- c:\program files\Windows NT
2009-05-23 10:15 <DIR> --d----- c:\program files\common files\ODBC
2009-05-23 10:15 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-05-23 10:14 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-06-16 02:36 41,216 a------- c:\windows\system32\drivers\fips32cup.sys
2009-06-16 02:34 41,216 a------- c:\windows\system32\drivers\port135sik.sys
2009-05-25 11:37 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-23 18:52 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-07 08:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-28 21:52 659,456 a------- c:\windows\system32\wininet.dll
2009-04-28 21:52 81,920 -------- c:\windows\system32\ieencode.dll
2009-04-17 02:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 08:11 584,192 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 2:41:40.34 ===============

Attached Images

grrrr.JPG (80.3 KB, 1 views)

ShannonG

Anyone?