Author Topic: Viruses in system32 folder  (Read 52170 times)

0 Members and 1 Guest are viewing this topic.

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #15 on: April 15, 2007, 05:01:27 AM »
Try the other two files as well.  With the changes to the Folder View you should be able to find them.

After scanning the three please add any that are infected to the user files in the avast! chest before running AVG AntiSpyware.

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #16 on: April 15, 2007, 05:14:25 AM »
Im doing a complete sytem scan with AVGAS too so ill post the log. It will be a bit before its finished.

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #17 on: April 15, 2007, 05:24:02 AM »
So far for the AVGAS scan, I have found 55 infected files.

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #18 on: April 15, 2007, 05:25:26 AM »
Make sure to quarantine anything found in AVG.

Did Virus Total find anything in the other two files?

I'll check back later.
« Last Edit: April 15, 2007, 05:27:10 AM by mauserme »

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #19 on: April 15, 2007, 05:27:04 AM »
Oh, I forgot to switch pages so I didnt know you replied so I ran the AVG  :-\ I'll get the firewalls too.

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #20 on: April 15, 2007, 05:31:05 AM »
Oh, I forgot to switch pages so I didnt know you replied so I ran the AVG  :-\ I'll get the firewalls too.
Install the firewall before the next hijackthis log.  If we haven't removed everything you still could find malware downloading.  The firewall will help prevent this and the next hijackthis log will help us see if this happened or if we missed something.

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #21 on: April 15, 2007, 05:32:50 AM »
Ok, I searched the whole c drive and I can't find wvvtsr.dll and opmkjh.dll

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #22 on: April 15, 2007, 06:00:12 AM »
Ok, I think i've done everything you've asked. Here's the hijack this log, oh and by the way thanks for all this help! ;D

Logfile of HijackThis v1.99.1
Scan saved at 11:57:32 AM, on 4/14/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\mine\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\System32\tmp8C.tmp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\wmplayer.dll (file missing)
O2 - BHO: (no name) - {cb97713c-658a-43a7-8d4f-bffdc4eb9bea} - C:\WINDOWS\system32\din700.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\wvvtsr.dll",setvm
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\opmkjh.dll",realset
O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\System32\svehost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MS_update_0704_KB74073.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O20 - AppInit_DLLs: 
O20 - Winlogon Notify: din700 - din700.dll (file missing)
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ieupdater2 (Microsoft IEUpdater2) - Unknown owner - C:\ie_updater.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #23 on: April 15, 2007, 03:59:24 PM »
Please download   OTMoveIt   by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:\WINDOWS\System32\svehost.exe
c:\documents and settings\All Users\start menu\programs\startup\MS_update_0704_KB74073.exe



Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Now make sure your folder options is still set to Show Hidden Files and Folders.  Boot into safe mode.  Look for and rename these files

C:\WINDOWS\wvvtsr.dll   rename to   C:\WINDOWS\wvvtsr.old

C:\WINDOWS\opmkjh.dll   rename to   C:\WINDOWS\opmkjh.old

Boot back into normal mode and send the 2 renamed files to virus total and post the results of the scans.

Then run Deckard's System Scanner again and post the entire log in multiple, consecutive posts.


Also, if you've done anything financial on this computer (banking, eBay, etc) you should notify these institutions of your situation and start changing paswords from a different computer (this computer is almost clean but we have a couple more steps).


Quote
I went into windows in my c drive then went into temp, there was a folder there _avast4_ i went into and theres a file there trzC.tmp
Does this file still exist?


Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #24 on: April 15, 2007, 11:20:50 PM »
I downloaded OTMove it and did all that but when I try to boot into safe mode it doesn't work. Do you know whats wrong? I tried 5 times to get it but it still wouldn't.

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #25 on: April 15, 2007, 11:46:11 PM »
The malware may be preventing you from booting into safemode.

If you 've already moved those files with OTMoveIt try again to find and rename C:\WINDOWS\wvvtsr.dll  and C:\WINDOWS\opmkjh.dll.  Whether or not you're able to rename them run Deckards System Scanner in normal mode and post the log.

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #26 on: April 15, 2007, 11:48:08 PM »
Nevermind I finally go it. Heres the OTMoveIt log.

File/Folder C:\WINDOWS\System32\svehost.exe not found.
c:\documents and settings\All Users\start menu\programs\startup\MS_update_0704_KB74073.exe moved successfully.
 
Created on 04/15/2007 05:03:23

I also couldn't find the 2 files. I used the microsoft search thing, and I looked for a bit myself too. Are these files critical for my system, like do I need them for my system?

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #27 on: April 15, 2007, 11:49:54 PM »
Oh, and even at system start, it says Cannot find file c:\WINDOWS\wvvtsr.dll for both files.

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #28 on: April 15, 2007, 11:53:52 PM »
Heres the DSS log

Deckard's System Scanner v20070411.38
Run by mine on 2007-04-15 at 05:52:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as mine.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:52:45 AM, on 4/15/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\mine\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\mine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\System32\tmp8C.tmp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\wmplayer.dll (file missing)
O2 - BHO: (no name) - {cb97713c-658a-43a7-8d4f-bffdc4eb9bea} - C:\WINDOWS\system32\din700.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\wvvtsr.dll",setvm
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\opmkjh.dll",realset
O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\System32\svehost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O20 - AppInit_DLLs: 
O20 - Winlogon Notify: din700 - din700.dll (file missing)
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ieupdater2 (Microsoft IEUpdater2) - Unknown owner - C:\ie_updater.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #29 on: April 15, 2007, 11:54:27 PM »
-- Files created between 2007-03-15 and 2007-04-15 -----------------------------

2008-11-27 18:14:34     56832 -----n--- C:\WINDOWS\System32\iyvu9_32.dll
2008-11-27 18:14:34    143872 -----n--- C:\WINDOWS\System32\iacenc.dll
2007-04-15 01:37:24         0 d-------- C:\Documents and Settings\mine\Application Data\Turbine
2007-04-15 01:29:06   2297552 --a------ C:\WINDOWS\System32\d3dx9_26.dll
2007-04-15 01:24:08         0 d-------- C:\WINDOWS\System32\URTTemp
2007-04-14 12:33:12         0 d-------- C:\Documents and Settings\mine\Application Data\GetRightToGo<GETRIG~1>
2007-04-14 11:48:59         0 d-------- C:\Documents and Settings\mine\Application Data\Comodo
2007-04-14 11:48:58         0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-04-14 11:47:22     51328 --a------ C:\WINDOWS\System32\drivers\inspect.sys
2007-04-14 11:47:22     75520 --a------ C:\WINDOWS\System32\drivers\cmdmon.sys
2007-04-14 11:47:21         0 d-------- C:\Program Files\Comodo
2007-04-14 11:07:08      3968 --a------ C:\WINDOWS\System32\drivers\AvgAsCln.sys
2007-04-13 09:45:28         0 d-------- C:\Program Files\IObit
2007-04-12 06:44:17    200704 --a------ C:\WINDOWS\System32\teulKit.dll
2007-04-12 06:44:17         0 d-------- C:\Program Files\Netscape
2007-04-12 06:44:16         0 d-------- C:\Program Files\Playnet
2007-04-12 06:41:43         0 d-------- C:\Program Files\CRS
2007-04-11 07:44:41         0 d-------- C:\Documents and Settings\mine\Application Data\SlySoft
2007-04-11 07:43:32         0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-04-08 09:44:50         0 d-------- C:\Documents and Settings\mine\Application Data\Azureus
2007-04-07 11:42:13         0 d-------- C:\Documents and Settings\mine\Application Data\SystemRequirementsLab<SYSTEM~1>
2007-04-07 11:42:09         0 d-------- C:\WINDOWS\Sun
2007-04-07 11:42:09         0 d-------- C:\Documents and Settings\mine\Application Data\Sun
2007-04-07 11:41:12         0 d-------- C:\Program Files\Java
2007-04-07 11:39:50         0 d-------- C:\Program Files\Common Files\Java
2007-04-07 11:39:24       671 --a------ C:\WINDOWS\mozver.dat
2007-04-06 13:36:17    646392 --a------ C:\WINDOWS\System32\drivers\sptd.sys
2007-04-04 08:46:38         0 d-------- C:\Documents and Settings\mine\Application Data\Talkback
2007-04-04 08:46:07         0 --a------ C:\WINDOWS\nsreg.dat
2007-04-04 07:13:06      8192 --a------ C:\WINDOWS\System32\kbdkor.dll
2007-04-04 07:13:06      8704 --a------ C:\WINDOWS\System32\kbdjpn.dll
2007-04-04 07:13:06      6144 --a------ C:\WINDOWS\System32\kbd106.dll
2007-04-04 07:13:06      5632 --a------ C:\WINDOWS\System32\kbd103.dll
2007-04-04 07:13:06      6144 --a------ C:\WINDOWS\System32\kbd101c.dll
2007-04-04 07:13:06      6144 --a------ C:\WINDOWS\System32\kbd101b.dll
2007-04-03 02:53:57     22584 --a------ C:\WINDOWS\System32\drivers\PnkBstrK.sys
2007-04-03 02:53:53     99904 --a------ C:\WINDOWS\System32\PnkBstrB.exe
2007-04-03 02:53:47     63040 --a------ C:\WINDOWS\System32\PnkBstrA.exe
2007-04-03 02:53:47         0 d-------- C:\WINDOWS\System32\LogFiles
2007-04-02 06:46:46         0 d-------- C:\Program Files\SystemRequirementsLab<SYSTEM~1>
2007-03-28 09:18:09         0 d-------- C:\Documents and Settings\mine\Application Data\Lavasoft
2007-03-28 09:17:59         0 d-------- C:\Program Files\Lavasoft
2007-03-26 10:26:35         0 d-------- C:\WINDOWS\LastGood
2007-03-25 04:31:51         0 d-------- C:\WINDOWS\System32\appmgmt
2007-03-21 20:27:47         0 d-------- C:\Documents and Settings\mine\Application Data\Xfire
2007-03-21 20:27:46         0 d---s---- C:\Program Files\Xfire


-- Find3M Report ---------------------------------------------------------------

2007-04-15 05:42:14        24 --a------ C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000004-00511102}.dat<DVCSTA~2.DAT>
2007-04-15 05:42:14        24 --a------ C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000A-00001102-00000004-00511102}.dat<DVCSTA~1.DAT>
2007-04-15 01:33:03         0 d---s---- C:\Documents and Settings\mine\Application Data\Microsoft<MICROS~1>
2007-04-14 02:42:43     90112 --a------ C:\WINDOWS\System32\AVASTSS.scr
2007-04-12 06:38:07         0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-04-12 06:03:45         0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-10 06:18:32    712832 --a------ C:\WINDOWS\System32\aswBoot.exe
2007-04-08 09:39:54         0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-04 08:46:04         0 d-------- C:\Documents and Settings\mine\Application Data\Mozilla
2007-03-28 09:26:56         0 d-------- C:\Program Files\Soldat
2007-03-06 17:57:31         0 d-------- C:\Program Files\Activision<ACTIVI~1>
2007-03-04 21:25:41         0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-19 00:10:09         0 d-------- C:\Documents and Settings\mine\Application Data\Ahead
2007-02-15 21:54:48         0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-02-15 21:53:34         0 d-------- C:\Program Files\Guild Wars<GUILDW~1>
2007-02-14 21:08:13         0 -ra------ C:\logwmemory.bin<LOGWME~1.BIN>
2007-02-14 13:19:14       347 --a------ C:\WINDOWS\ereg077.dat