Tech Support Forum banner
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Hi, my World of Warcraft account was recently hacked. I've retrieved my password but it was changed again the next day which has me suspecting i might have some sort of keylogger. I've already scanned the computer with multiple programs (Spybot S&D, Ad-Aware, MBAM, NOD32) and removed everything those found. I've now followed the instructions posted, I should probably note i recently changed from nvidia to ATI since my old card died which would explain entries in Attach.txt, also quite abit of that report was in a different language (my windows is a hebrew version) ive done my best to translate the hebrew parts to english but i can post the original as well if needed.
All the errors in the event viewer part at the end of attach.txt either say the service did not respond or the file could not be located.


DDS (Ver_09-12-01.01) - NTFSx86
Run by €Œ‹‘ at 22:03:05.04 on Mon 12/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1037.18.2047.1154 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Restore Desktop\RestoreDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Documents and Settings\אלכס\שולחן העבודה\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.walla.co.il/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: עוזר הכניסה של Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RestoreDesktop] c:\program files\restore desktop\RestoreDesktop.exe
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SetPointII] c:\program files\logitech\setpoint ii\SetPointII.exe
uRun: [itype] c:\program files\microsoft intellitype pro\itype.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Office Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180988721781
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {999C3D86-4E61-45DD-AF85-5BF993AF3860} = 10.11.176.1
TCP: {C1117931-C73F-4E2D-836D-1BEDD0F79025} = 192.117.235.235 62.219.186.7
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fcb4~1\applic~1\mozilla\firefox\profiles\zzxjp4ue.default\
FF - component: c:\documents and settings\אלכס\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\׳�׳œ׳›׳¡\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-9-26 353672]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest ultimate edition\kerneld.wnt [2009-8-4 26736]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-3-9 38304]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2002-9-12 3584]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-7-8 12672]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-11-30 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-5-19 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-5-19 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-5-19 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-5-19 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-5-19 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-5-19 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-5-19 117672]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-10 25832]
S4 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-12-31 693512]
S4 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-12-31 910600]

=============== Created Last 30 ================

2009-12-07 18:24:15 0 ----a-w- c:\documents and settings\אלכס\ntuser.tmp
2009-12-07 06:02:10 0 d-----w- c:\docume~1\fcb4~1\applic~1\Malwarebytes
2009-12-07 06:02:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-07 06:02:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-07 06:02:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-07 06:02:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 05:59:05 0 d-----w- c:\program files\Trend Micro
2009-12-06 22:36:55 54156 ---ha-w- c:\windows\QTFont.qfn
2009-12-06 22:36:55 1409 ----a-w- c:\windows\QTFont.for
2009-12-05 02:24:26 0 d-----w- c:\program files\K-Lite Codec Pack
2009-12-05 02:17:12 0 d-----w- c:\program files\VS Revo Group
2009-12-03 20:33:05 0 d-----w- c:\program files\Haali
2009-12-02 19:20:18 0 d-----w- c:\windows\system32\AGEIA
2009-12-02 18:29:10 19344 ----a-w- c:\docume~1\fcb4~1\applic~1\b.exe
2009-12-02 17:04:56 0 d-----w- c:\program files\ATI Technologies
2009-12-02 17:04:53 0 d-----w- c:\program files\ATI
2009-12-02 17:03:54 0 d-----w- C:\ATI
2009-11-30 19:33:46 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-30 18:21:41 788 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
2009-11-30 18:21:41 55468 ----a-w- c:\windows\system32\BMXState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
2009-11-30 18:20:54 7062 ----a-w- c:\windows\system32\audiopid.vxd
2009-11-30 18:19:59 102400 ----a-w- c:\windows\system32\cttele32.dll
2009-11-30 18:15:03 22691984 ----a-w- c:\windows\system32\AppSetup.exe
2009-11-30 18:13:34 0 d-----w- c:\program files\common files\Creative Labs Shared
2009-11-30 17:21:55 0 d-----w- c:\program files\Serious Sam HD The First Encounter
2009-11-30 16:32:26 0 d-----w- c:\program files\Mindware Studios
2009-11-28 23:05:27 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-28 21:49:23 0 d-----w- c:\windows\LastGood(2)
2009-11-28 20:15:06 839680 ----a-w- c:\windows\system32\lameACM.acm
2009-11-28 20:15:06 414 ----a-w- c:\windows\system32\lame_acm.xml
2009-11-28 20:15:06 118784 ----a-w- c:\windows\system32\ac3acm.acm
2009-11-28 17:44:38 8743 ----a-w- c:\windows\system32\nvinfo.pb
2009-11-27 13:26:46 31 ----a-w- c:\windows\progress
2009-11-26 23:40:59 36962304 ----a-w- c:\documents and settings\אלכס\ntuser.dat
2009-11-17 12:43:30 0 d-----w- c:\docume~1\fcb4~1\applic~1\Mumble
2009-11-17 12:43:06 0 d-----w- c:\program files\Mumble
2009-11-16 21:54:01 0 d-----w- c:\windows\usgwmt
2009-11-12 16:58:28 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-12 16:58:27 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-12 16:58:27 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-12 16:58:26 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-12 16:58:25 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-12 16:58:24 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-12 16:58:23 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-10 23:53:46 0 d-----w- c:\program files\Microsoft
2009-11-09 23:14:58 0 d-----w- c:\docume~1\alluse~1\applic~1\BioWare
2009-11-09 23:06:05 0 d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-11-09 22:51:51 0 d-----w- c:\program files\Dragon Age
2009-11-09 22:51:50 0 d-----w- c:\program files\common files\BioWare

==================== Find3M ====================

2009-12-07 18:35:54 79650 ----a-w- c:\windows\system32\perfc00d.dat
2009-12-07 18:35:54 373546 ----a-w- c:\windows\system32\perfh00d.dat
2009-11-30 18:19:49 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-30 18:19:48 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-29 00:04:51 106496 ----a-w- c:\windows\DUMP4bbe.tmp
2009-11-29 00:03:23 106496 ----a-w- c:\windows\DUMP4bdd.tmp
2009-11-04 16:15:30 4423168 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-04 15:45:14 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-04 15:44:14 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-04 15:29:44 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-04 15:29:28 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-04 15:29:16 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 15:29:08 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-04 15:28:54 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-04 15:28:16 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-04 15:27:40 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 15:26:18 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-04 15:18:50 3518304 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-04 15:17:48 13000704 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-04 15:05:10 2135680 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-04 15:04:46 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-04 14:51:08 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-04 14:51:08 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-04 14:47:16 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-04 14:46:58 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-04 14:46:44 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-04 14:45:30 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-04 14:45:08 3526656 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-04 14:45:04 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-04 14:44:48 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-04 14:44:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-04 14:39:26 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-11-02 18:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 11:03:09 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-23 02:24:36 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-11 14:18:30 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 10:43:08 210352 ----a-w- c:\windows\system32\idmmbc.dll
2006-06-23 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 22:05:16.50 ===============
 

Attachments

1 - 1 of 1 Posts
Status
Not open for further replies.
Top