Tech Support Forum - View Single Post - multiple trojans infected my pc, please help

seigen · 06-18-2009, 10:34 AM

Hi, i was recently attacked by several forms of trojans/viruses, and I desperately need your help. Since I am writing this post from another computer, I cannot provide you with detailed info. regarding the locations and names of suspicious files, but I will try my best to describe what I know is happening to my infected computer...

Here are some of the problems I am experiencing so far:

safe mode does not work
both IE and Mozilla redirects me to random ad sites
Avast!Antivir program was installed on my computer without my awareness
crashes will occur in random occasions, especially when connected to the internet. When disconnected, the computer may survive longer but crashes do happen from time to time regardless of internet connection
My main source of firewall, McAffee OAS, does not function properly: the scan interface will not appear no matter how many times I attempt to run a scan

I have not yet attempted to remove Avast from the system yet, as I would like you to evaluate it before taking action myself (as stated earlier, the program had been automatically installed on to my system, and I do not believe that a simple removal via add/remove programs will solve anything). In addition, the Gmer scan that you have provided for the preperation process will not run, but the DDS scan did succeed in providing the two reports that you requested. Also, just to save your time, I have read and now aware of the consequences of using p2p programs i.e. Azureus and limewire in my case. I will wait for your proper instructions before deleting ANYTHING from my computer. Thank you for taking the time to help out a PC noob like me, and I will be looking forward to your reputable assistance.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Yuji Moriya at 17:44:29.34 on Mon 06/15/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.520 [GMT -4:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\WINDOWS\dhcp\svchost.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\TEMP\b.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe "C:\WINDOWS\system32\actmoviej.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\TEMP\c.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe
C:\WINDOWS\System32\reader_s.exe
C:\windows\ld08.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe
C:\Documents and Settings\Yuji Moriya\reader_s.exe
C:\program Files\MicPhone\antit.exe
C:\Documents and Settings\Yuji Moriya\Yuji Moriya.exe
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
C:\DOCUME~1\YUJIMO~1\LOCALS~1\Temp\_A00F2AFF36A.exe
C:\DOCUME~1\YUJIMO~1\LOCALS~1\Temp\zcb8ho.exe
C:\DOCUME~1\YUJIMO~1\LOCALS~1\Temp\zcb8ho.exe
C:\DOCUME~1\YUJIMO~1\LOCALS~1\Temp\win.exe
C:\WINDOWS\TEMP\_A00F2B1048C.exe
C:\Documents and Settings\Yuji Moriya\Application Data\psvr32.exe
C:\WINDOWS\TEMP\_A00F1BA23.exe
C:\WINDOWS\TEMP\_A00F2281F.exe
C:\WINDOWS\TEMP\_A00F1C166.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\YUJIMO~1\LOCALS~1\Temp\_A00F1CA02.exe
C:\WINDOWS\9129837.exe
C:\Documents and Settings\Yuji Moriya\Application Data\psvr32.exe
C:\DOCUME~1\YUJIMO~1\LOCALS~1\Temp\_A00F1BF34.exe
C:\DOCUME~1\YUJIMO~1\LOCALS~1\Temp\_A00F23DCA.exe
C:\WINDOWS\system32\SYSDLL.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
svchost
svchost
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Yuji Moriya\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3071214
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3071214
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3071214
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=userinit.exe
mWinlogon: Taskman=c:\recycler\s-1-5-21-5648628131-6768448527-663210914-9081\wnzip32.exe
BHO: c:\windows\system32\yhafd78auhd.dll: {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\yhafd78auhd.dll
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [WinProx32_1] c:\windows\system32\config\systemprofile\application data\psvrr.exe
uRun: [reader_s] c:\documents and settings\yuji moriya\reader_s.exe
uRun: [shv] c:\program files\micphone\antit.exe
uRun: [Yuji Moriya] c:\documents and settings\yuji moriya\Yuji Moriya.exe /i
uRun: [12CFG515-K641-55SF-N66P] c:\recycler\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
uRun: [A00F2AFF36A.exe] c:\docume~1\yujimo~1\locals~1\temp\_A00F2AFF36A.exe
uRun: [<NO NAME>] c:\docume~1\yujimo~1\locals~1\temp\zcb8ho.exe
uRun: [nzdflkioezncfiunfindiuchiuenfcdc] c:\docume~1\yujimo~1\locals~1\temp\zcb8ho.exe
uRun: [Windows System Recover!] c:\docume~1\yujimo~1\locals~1\temp\win.exe
uRun: [A00F2B1048C.exe] c:\windows\temp\_A00F2B1048C.exe
uRun: [A00F1BA23.exe] c:\windows\temp\_A00F1BA23.exe
uRun: [A00F2281F.exe] c:\windows\temp\_A00F2281F.exe
uRun: [A00F1C166.exe] c:\windows\temp\_A00F1C166.exe
uRun: [A00F1CA02.exe] c:\docume~1\yujimo~1\locals~1\temp\_A00F1CA02.exe
uRun: [ttool] c:\windows\9129837.exe
uRun: [A00F1BF34.exe] c:\docume~1\yujimo~1\locals~1\temp\_A00F1BF34.exe
uRun: [A00F23DCA.exe] c:\docume~1\yujimo~1\locals~1\temp\_A00F23DCA.exe
uRun: [Cognac] c:\windows\temp\b.exe
uRun: [SYSDLL] SYSDLL
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [spywareguard] c:\program files\spyware guard 2008\spywareguard.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [WinProx32_1] c:\windows\system32\config\systemprofile\application data\psvrr.exe
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [sysldtray] c:\windows\ld08.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [WinProx32_1] c:\windows\system32\config\systemprofile\application data\psvrr.exe
StartupFolder: c:\documents and settings\yuji moriya\start menu\programs\startup\asgupd32.exe
StartupFolder: c:\documents and settings\yuji moriya\start menu\programs\startup\fmnupd32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\openmg~1.lnk - c:\program files\sony\openmg jukebox\Omgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: __c00b438c - c:\windows\system32\__c00B438C.dat
AppInit_DLLs: c:\progra~1\micphone\antit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
STS: c:\windows\system32\yhafd78auhd.dll: {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\yhafd78auhd.dll
{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
LSA: Authentication Packages = msv1_0 c:\windows\system32\opnkhebX
LSA: Notification Packages = scecli c:\windows\system32\vuzasufa.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\yujimo~1\applic~1\mozilla\firefox\profiles\xlruofsr.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - HiddenExtension: XUL Cache: {795843E7-F10A-4AE4-82F1-E1E1C08723C6} - c:\documents and settings\yuji moriya\local settings\application data\{795843E7-F10A-4AE4-82F1-E1E1C08723C6}

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R2 avast!antivirus;avast!antivirus;c:\windows\system32\avast!antivirus.exe -k netsvcs --> c:\windows\system32\avast!Antivirus.exe -k netsvcs [?]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R2 dhcpsrv;Dhcp server;c:\windows\dhcp\svchost.exe [2009-5-30 240640]
R2 ias;Ias;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-12-25 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-12-25 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-12-25 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-12-25 170408]
S1 c72547c9;c72547c9;c:\windows\system32\drivers\c72547c9.sys [2009-5-30 0]
S2 acpi32;acpi32;c:\windows\system32\drivers\acpi32.sys [2009-6-1 30976]
S2 fips32cup;fips32cup;c:\windows\system32\drivers\fips32cup.sys [2009-6-1 30976]
S2 port135sik;port135sik;c:\windows\system32\drivers\port135sik.sys [2009-6-4 41216]
S2 spoolerhidserv;Print Spooler SpoolerHidServ;c:\windows\system32\actmoviej.exe srv --> c:\windows\system32\actmoviej.exe srv [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S2 ws2_32sik;ws2_32sik;c:\windows\system32\drivers\ws2_32sik.sys [2004-8-10 30976]
S3 ntalme;ntalme;c:\windows\system32\ntalme.sys [2004-8-10 2304]

=============== Created Last 30 ================

2009-06-12 02:53 17,408 a------- c:\windows\system32\SYSDLL.exe
2009-06-12 02:53 <DIR> --d----- c:\windows\system32\sysloc
2009-06-04 03:42 206,340 a------- c:\windows\system32\msxml71.dll
2009-06-04 03:41 40,449 a------- C:\yykvirg.exe
2009-06-04 03:41 9,216 a------- C:\xbmqgeyn.exe
2009-06-04 03:41 20,702 a------- C:\udwnxe.exe
2009-06-04 03:41 20,703 a------- C:\lhkeufwk.exe
2009-06-04 03:41 25,088 a------- c:\windows\system32\__c00A4499.dat
2009-06-04 03:41 38,400 a------- C:\lquq.exe
2009-06-04 03:41 91,212 a------- c:\windows\system32\drivers\41c962d7.sys
2009-06-04 03:41 41,216 a------- c:\windows\system32\drivers\port135sik.sys
2009-06-04 03:40 2 a------- C:\1946489939
2009-06-04 03:40 20,702 a------- C:\bynhqjb.exe
2009-06-04 03:40 20,703 a------- C:\gmres.exe
2009-06-04 03:40 25,088 a------- c:\windows\system32\__c005154E.dat
2009-06-04 03:40 38,400 a------- C:\buvppwg.exe
2009-06-01 21:58 30,976 a------- c:\windows\system32\drivers\acpi32.sys
2009-06-01 20:49 96,076 a------- c:\windows\system32\drivers\804bd010.sys
2009-06-01 20:49 27,648 a------- c:\windows\system32\__c004A0E1.dat
2009-06-01 20:48 27,648 a------- c:\windows\system32\__c0032F7C.dat
2009-06-01 20:48 30,976 a------- c:\windows\system32\drivers\i386si.sys
2009-06-01 20:00 96,076 a------- c:\windows\system32\drivers\82f8854b.sys
2009-06-01 20:00 27,648 a------- c:\windows\system32\__c002648E.dat
2009-06-01 19:10 30,976 a------- c:\windows\system32\drivers\fips32cup.sys
2009-06-01 18:28 57,345 a------- c:\windows\9129837.exe
2009-06-01 18:28 27,648 a------- c:\windows\system32\__c00BDEE7.dat
2009-06-01 18:28 27,648 a------- c:\windows\system32\__c007724F.dat
2009-06-01 18:27 99,648 a------- c:\windows\system32\drivers\7ec1482.sys
2009-06-01 18:27 51,712 ---shr-- c:\windows\system32\actmoviej.exe
2009-06-01 18:22 27,648 a------- c:\windows\system32\__c0064E4.dat
2009-06-01 18:22 96,076 a------- c:\windows\system32\drivers\c152e63f.sys
2009-06-01 18:22 27,648 a------- c:\windows\system32\__c00586F2.dat
2009-06-01 18:17 27,648 a------- c:\windows\system32\__c0014264.dat
2009-06-01 18:16 96,076 a------- c:\windows\system32\drivers\4788f89e.sys
2009-06-01 18:16 1,611 a------- C:\xcrashdump.dat
2009-06-01 18:16 27,648 a------- c:\windows\system32\__c008B8D1.dat
2009-06-01 05:46 27,648 a------- c:\windows\system32\__c00B044.dat
2009-06-01 05:46 21,017 ----h--- c:\documents and settings\yuji moriya\Yuji Moriya.exe
2009-05-31 09:33 <DIR> --dshr-- c:\program files\MicPhone
2009-05-31 09:33 96,204 a------- c:\windows\system32\drivers\46d1f86c.sys
2009-05-30 23:04 <DIR> --d----- c:\windows\system32\3361
2009-05-30 23:04 <DIR> --d----- c:\windows\dhcp
2009-05-30 23:04 158,720 a------- c:\windows\system32\tpsaxyd.exe
2009-05-30 23:04 123,904 a------- c:\windows\system32\sopidkc.exe
2009-05-30 23:04 8 a------- c:\windows\system32\comsa32.sys
2009-05-30 23:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\92409996
2009-05-30 23:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\12400004
2009-05-30 23:03 40,449 a------- c:\documents and settings\yuji moriya\reader_s.exe
2009-05-30 23:03 15,000 a------- c:\windows\system32\yhafd78auhd.dll
2009-05-30 23:03 27,648 a------- c:\windows\system32\__c00B438C.dat
2009-05-30 23:03 32,768 a------- c:\windows\system32\avast!Antivirus.exe
2009-05-30 23:03 182,656 a------- c:\windows\system32\dllcache\ndis.sys
2009-05-30 23:03 0 a------- c:\windows\system32\drivers\c72547c9.sys
2009-05-30 23:02 40,449 a------- c:\windows\system32\reader_s.exe
2009-05-30 23:02 15,360 ----h--- c:\windows\ld08.exe
2009-05-28 03:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\96131706
2009-05-28 03:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\16121714
2009-05-27 22:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\94928426
2009-05-27 22:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\14918434
2009-05-27 22:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\94133426
2009-05-27 22:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\14123434
2009-05-27 21:57 <DIR> --dsh--- c:\windows\system32\lowsec
2009-05-27 21:57 <DIR> --d----- c:\program files\Microsoft Common

==================== Find3M ====================

2009-06-15 17:44 96,076 a------- c:\windows\system32\drivers\beep.sys
2009-06-15 17:38 6,656 a------- c:\windows\system32\drivers\aec.sys
2009-06-13 17:53 6,656 a------- c:\windows\system32\drivers\asyncmac.sys
2009-06-01 18:28 30,976 a------- c:\windows\system32\drivers\ws2_32sik.sys
2009-05-30 23:03 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-03-19 00:41 229,376 a------- c:\docume~1\yujimo~1\applic~1\psvr32.exe
2007-12-25 17:24 13,907,048 ac------ c:\program files\AIM.exe
2007-12-25 16:39 1,559 ac------ c:\program files\INSTALL.LOG
2006-02-27 16:05 880 a------- c:\program files\Data.cfg
2006-02-24 14:20 917,504 ac------ c:\program files\WirelessCfg.exe
2006-02-24 14:20 90,112 ac------ c:\program files\Mrv8000x.dll
2005-11-11 16:43 1,327,195 ac------ c:\program files\odSupp_M.dll
2005-11-11 16:43 49,152 ac------ c:\program files\AutoLinkLib.dll
2002-07-26 18:02 153,088 a------- c:\program files\UNWISE.EXE
2009-01-22 16:44 409,266 a--sh--- c:\windows\system32\Xbehknpo.ini2

============= FINISH: 17:46:11.45 ===============