Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

I'm Keylogged, Please Help

This is a discussion on I'm Keylogged, Please Help within the Inactive Malware Help Topics forums, part of the Tech Support Forum category.


 
 
Thread Tools Search this Thread
Old 09-20-2010, 02:29 PM   #1
Registered Member
 
Mstrkurt's Avatar
 
Join Date: Jul 2009
Posts: 236
OS: Win 7 x64

My System


DDS Report:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Kurt at 22:11:42.38 on 20/09/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3069.1636 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kurt\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kurt\appdata\roaming\mozilla\firefox\profiles\4tsuzpj0.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.bt.yahoo.com/
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 21520]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-26 176128]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-26 6380032]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-26 221696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-7-15 99344]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-20 1153368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-20 20:35:55 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-20 20:35:55 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-20 10:46:18 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-09-20 10:46:18 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-09-20 10:46:18 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-09-20 10:46:16 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-09-20 10:46:16 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-09-20 10:46:16 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-09-20 10:33:45 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-09-20 10:23:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-20 10:23:16 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-20 10:23:16 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-09-20 10:23:16 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-20 10:23:16 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-09-20 10:19:54 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-09-20 10:19:53 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-09-20 10:19:53 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-09-20 10:19:53 11264 ----a-w- c:\windows\system32\icardres.dll
2010-09-20 10:19:53 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-09-20 10:19:52 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-09-20 10:16:18 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-09-20 10:16:16 83968 ----a-w- c:\windows\system32\mscories.dll
2010-09-20 10:13:50 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-09-20 10:13:49 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-09-20 10:13:48 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-09-19 21:38:41 0 d-----w- c:\program files\common files\Steam
2010-09-19 21:38:39 0 d-----w- c:\program files\Steam
2010-09-19 14:44:05 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-09-19 14:44:05 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-09-19 14:44:05 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-09-19 14:44:05 38 ----a-w- c:\windows\avisplitter.ini
2010-09-19 14:44:05 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-09-19 14:44:05 165376 ----a-w- c:\windows\system32\unrar.dll
2010-09-19 14:44:05 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-09-19 14:44:05 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-09-19 14:44:04 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-09-19 14:44:04 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-19 14:44:03 0 d-----w- c:\program files\K-Lite Codec Pack
2010-09-19 12:34:12 0 d-----w- c:\program files\SopCast
2010-09-19 02:19:10 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-09-19 02:19:08 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-09-19 02:19:01 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-09-19 02:14:59 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-19 02:13:59 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-09-19 02:12:59 147456 ----a-w- c:\windows\system32\Faultrep.dll
2010-09-19 02:11:59 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-09-19 02:11:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-09-19 02:11:58 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-09-19 02:11:58 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-09-19 02:11:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-19 01:54:15 0 d-----w- c:\windows\Panther
2010-09-19 01:54:08 8192 --s-a-r- C:\BOOTSECT.BAK
2010-09-19 01:54:07 333203 --sha-r- C:\bootmgr
2010-09-19 01:54:07 0 d-sh--w- C:\Boot
2010-09-19 01:53:53 24 ---ha-r- c:\windows\dell_version
2010-09-19 01:53:53 0 d-----w- c:\windows\system32\OEM
2010-09-19 01:25:47 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 17:49:49 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-09-18 17:49:48 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-09-18 17:47:44 0 d-----w- c:\program files\Winamp Detect
2010-09-18 17:47:25 0 d-----w- c:\programdata\Winamp Toolbar
2010-09-18 17:47:25 0 d-----w- c:\program files\Winamp Toolbar
2010-09-18 17:46:57 0 d-----w- c:\program files\common files\PX Storage Engine
2010-09-18 17:42:14 0 d-----w- c:\users\kurt\Tracing
2010-09-18 17:37:29 0 d-----w- c:\programdata\ATI
2010-09-18 17:36:30 0 ----a-w- c:\windows\ativpsrm.bin
2010-09-18 17:34:33 0 d-----w- c:\windows\system32\vmm32
2010-09-18 17:34:33 0 d-----w- c:\program files\Dell
2010-09-18 17:18:00 0 d-----w- c:\program files\Microsoft
2010-09-18 17:17:43 0 d-----w- c:\program files\Windows Live SkyDrive
2010-09-18 17:17:16 0 d-----w- c:\windows\PCHEALTH
2010-09-18 17:13:59 0 d-----w- c:\program files\common files\Windows Live
2010-09-18 17:09:53 0 d-----w- c:\program files\ATI Technologies
2010-09-18 17:09:51 0 d-----w- c:\program files\ATI
2010-09-18 17:09:26 0 d-----w- C:\ATI
2010-09-18 17:07:49 57376992 ----a-w- c:\users\kurt\10-9_vista32_win7_32_dd_ccc_enu.exe
2010-09-18 17:07:07 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-09-18 17:07:06 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-09-18 1742 0 d-----w- c:\programdata\Kaspersky Lab
2010-09-18 1742 0 d-----w- c:\program files\Kaspersky Lab
2010-09-18 17:05:59 0 d-sh--w- c:\windows\Installer
2010-09-18 17:04:01 98304 ----a-w- c:\windows\system32\cabview.dll
2010-09-18 17:04:01 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-09-18 17:03:40 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-09-18 17:00:19 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-09-18 16:59:50 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-09-18 16:59:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-09-18 16:59:42 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-09-18 16:57:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-09-18 16:57:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_AuxiliaryDisplayEnhancedDriver_01_00_00.Wdf
2010-08-26 03:36:28 6380032 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-08-26 02:01:34 76216 ----a-w- c:\windows\system32\atiapfxx.blb
2010-08-26 02:01:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-26 02:01:04 528384 ----a-w- c:\windows\system32\aticfx32.dll
2010-08-26 01:57:58 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-26 01:57:32 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-08-26 01:57:04 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-08-26 01:55:58 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-08-26 01:55:48 15830016 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-26 01:55:42 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-26 01:55:32 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-26 01:55:26 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-08-26 01:55:18 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-26 01:52:22 3914240 ----a-w- c:\windows\system32\atidxx32.dll
2010-08-26 01:34:36 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-26 01:34:26 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-26 01:33:52 4032512 ----a-w- c:\windows\system32\atiumdag.dll
2010-08-26 01:33:08 4375552 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-26 01:25:58 3392000 ----a-w- c:\windows\system32\atiumdva.dll
2010-08-26 01:25:36 583888 ----a-w- c:\windows\system32\atiumdva.cap
2010-08-26 01:21:16 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-26 01:21:06 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-08-26 01:21:00 19968 ----a-w- c:\windows\system32\atigktxx.dll
2010-08-26 01:20:36 221696 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-08-26 01:20:08 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-08-26 01:19:56 28160 ----a-w- c:\windows\system32\atiu9pag.dll
2010-08-26 01:19:36 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-08-26 01:19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-08-26 01:13:16 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-26 01:13:16 52736 ----a-w- c:\windows\system32\amdpcom32.dll

==================== Find3M ====================

2010-09-20 11:12:26 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-09-20 11:12:26 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-20 11:12:26 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-20 11:12:26 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-26 01:27:56 65536 ----a-w- c:\windows\system32\coinst.dll
2010-08-17 13:32:33 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-06-28 16:17:26 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 22:12:08.56 ===============

That's all DDS give me, i even Reformatted my pc to try rid it, however it must be somewhere in my external hard drive, because my new hotmail accounts password has been changed and i changed that after i reformatted. I'm still waiting on GMER, Can anything be made of the above Report?

__________________
Mstrkurt is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 06:52 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts