RPC Virus virus [Archive] - Safer-Networking Forums

Sonic40

2011-08-30, 21:56

Hello,

My PC action centre warned me last night that I have the RPC Virus virus, and offered a link for security software. The virus virus term didnt look kosher, so I asked my fiancee to look at my computer. Since then we have ran trend micro housecall, malwarebytes, spybot, escan, microsoft MRT and my comodo internet security/MS security essentials. We have found nothing.

Google points this to be the blaster worrm, but surely something would have flagged this up by now? I'm really sorry if this is a waste of your time, but something isn't right.

I enclose my DDS logs below, thanks for your time.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Fluffy at 19:34:50 on 2011-08-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2542 [GMT 1:00]
.
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files (x86)\Micronet\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Micronet\11n USB Wireless LAN Utility\RtWlan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.bbc.co.uk/weather/
mWinlogon: Userinit=userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2AE74FA8-C992-4F82-BDEF-3DB85E49414C} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{B756CA8A-884A-4354-BD45-26F181DF7F30} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B756CA8A-884A-4354-BD45-26F181DF7F30}\24450264573796F6E6D283130323 : DhcpNameServer = 192.168.178.254
TCP: Interfaces\{B756CA8A-884A-4354-BD45-26F181DF7F30}\244524573796E6563737845726D2130323 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B756CA8A-884A-4354-BD45-26F181DF7F30}\45D2D4F62696C6560275962756C65637370205F696E6475627434343 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{B756CA8A-884A-4354-BD45-26F181DF7F30}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B756CA8A-884A-4354-BD45-26F181DF7F30}\84453402E6564777F627B6 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fluffy\AppData\Roaming\Mozilla\Firefox\Profiles\kla99ti7.default\
FF - prefs.js: browser.startup.homepage - GOOGLE.CO.UK
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-11 2255464]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Micronet\11n USB Wireless LAN Utility\RtlService.exe [2010-9-30 36864]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-30 1153368]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
SUnknown ALSysIO;ALSysIO; [x]
SUnknown cpuz130;cpuz130; [x]
.
=============== Created Last 30 ================
.
2011-08-30 18:11:20 -------- d---a-w- C:\Windows\rundll16.exe
2011-08-30 18:11:20 -------- d---a-w- C:\Windows\logo1_.exe
2011-08-30 18:08:29 -------- d---a-w- C:\Windows\VDLL.DLL
2011-08-30 18:08:29 -------- d---a-w- C:\Windows\SysWow64\runouce.exe
2011-08-30 18:08:29 -------- d---a-w- C:\Windows\RUNDL132.EXE
2011-08-30 18:08:29 -------- d---a-w- C:\Windows\logo_1.exe
2011-08-30 18:05:11 632064 ----a-w- C:\Windows\SysWow64\msvcr80.dll
2011-08-30 18:05:10 554240 ----a-w- C:\Windows\SysWow64\msvcp80.dll
2011-08-30 18:05:09 34048 ----a-w- C:\Windows\SysWow64\eEmpty.exe
2011-08-30 18:05:05 -------- d-----w- C:\Program Files (x86)\Common Files\MicroWorld
2011-08-30 18:05:00 -------- d-----w- C:\ProgramData\MicroWorld
2011-08-30 08:44:30 -------- d--h--w- C:\VritualRoot
2011-08-30 08:41:49 -------- d-----w- C:\Program Files\COMODO
2011-08-30 08:41:07 -------- d-----w- C:\ProgramData\Comodo Downloader
2011-08-30 07:50:22 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9A29CA77-4875-41AF-98F0-195DED8BC692}\mpengine.dll
2011-08-30 06:33:02 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-08-30 06:33:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-08-29 18:25:06 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{21A1171D-D93D-4E8B-8DE2-BDB9A0DAE64E}\gapaengine.dll
2011-08-29 18:23:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-08-29 18:23:29 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-29 18:23:26 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-08-29 18:17:47 -------- d-----w- C:\Users\Fluffy\AppData\Roaming\Malwarebytes
2011-08-29 18:17:44 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-29 18:17:43 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-29 18:17:41 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-29 18:17:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-24 15:24:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 15:24:53 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-24 10:00:09 -------- d-----w- C:\Program Files (x86)\Starbreeze Studios
2011-08-13 09:41:23 -------- d-----w- C:\ProgramData\Samsung
2011-08-12 11:24:15 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll
2011-08-12 11:24:09 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2011-08-11 21:26:03 980072 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-08-11 21:26:03 61544 ----a-w- C:\Windows\System32\nvshext.dll
2011-08-11 21:26:03 6136936 ----a-w- C:\Windows\System32\nvcpl.dll
2011-08-11 21:26:03 3021416 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-08-11 21:26:03 2560616 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-08-11 21:26:03 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-08-11 21:22:29 -------- d-----w- C:\Program Files (x86)\Phyxion.net
2011-08-11 10:49:07 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-08-06 19:42:15 -------- d-----w- C:\Users\Fluffy\.thumbnails
2011-08-06 19:41:00 -------- d-----w- C:\Users\Fluffy\.gimp-2.6
2011-08-05 12:36:15 -------- d-----w- C:\Users\Fluffy\AppData\Local\Amazon
2011-08-04 19:56:23 -------- d-----w- C:\Users\Fluffy\AppData\Roaming\Foxit Software
.
==================== Find3M ====================
.
2011-08-25 20:01:07 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-30 08:38:10 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-06-30 08:38:08 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-06-30 08:38:08 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-06-30 08:37:26 363560 ----a-w- C:\Windows\System32\guard64.dll
2011-06-30 08:37:26 285256 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 19:37:07.97 ===============