Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with 'BOO/Whistler.A'


  • This topic is locked This topic is locked
2 replies to this topic

#1 chien-hou

chien-hou

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 13 July 2011 - 09:31 AM

Few hours ago, when I start up my system and get into windows(I'm running on Windows 7 32bit), Avira prompt out the 'detection' given an option 'remove', thought it won't affect any partition from booting up. And I made a choice to scan the system with Malwarebytes' Anti-Malware, later on with Avira, attached both scan logs.

After I restart the system, 3 partition is 'gone' from 'my computer', in computer management show the drive become raw partition.

Please advice.

Below is the 'detection' show by Avira antivirus:

The file 'Boot sector 'E:\''
contained a virus or unwanted program 'BOO/Whistler.A' [virus]
Action(s) taken:
Contains code of the BOO/Whistler.A boot sector virus.

The file 'Master boot sector HD1'
contained a virus or unwanted program 'BOO/Whistler.A' [virus]
Action(s) taken:
Contains code of the BOO/Whistler.A boot sector virus.

The file 'Boot sector 'G:\''
contained a virus or unwanted program 'BOO/Whistler.A' [virus]
Action(s) taken:
Contains code of the BOO/Whistler.A boot sector virus.

The file 'Boot sector 'F:\''
contained a virus or unwanted program 'BOO/Whistler.A' [virus]
Action(s) taken:
Contains code of the BOO/Whistler.A boot sector virus.

The file 'Master boot sector HD0'
contained a virus or unwanted program 'BOO/Whistler.A' [virus]
Action(s) taken:
Contains code of the BOO/Whistler.A boot sector virus.


DSS log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by G12 at 21:51:28 on 2011-07-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2571 [GMT 8:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system\HsMgr.exe
C:\Program Files\ASUS Xonar U1 Audio\customapp\program\XONARU1AUDIOCENTER.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\G12\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\GridService\peer.exe
C:\Program Files\ASUS Xonar U1 Audio\customapp\program\XONARU1AUDIOCENTER.EXE
C:\Windows\system\Cm112eye.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.my/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\g12\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Memory Cleaner] c:\users\g12\appdata\roaming\koshyjohn.com\memclean\MemClean.exe boot
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Grid Service] "c:\program files\gridservice\peer.exe" -n Grid
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Cm112Sound] RunDll32 cm112.cpl,CMICtrlWnd
mRun: [Cm112GX] c:\windows\system\HsMgr.exe Envoke
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Download all by FlashGet3 - c:\users\g12\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\g12\appdata\roaming\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{0DB2FAC5-459F-4E50-A23E-380C46DC8116} : NameServer = 202.87.216.8 202.87.216.198
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\g12\appdata\roaming\mozilla\firefox\profiles\ole5u0fb.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\g12\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2011-6-6 106904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-5-25 176128]
R2 AntiVirFirewallService;Avira FireWall;c:\program files\avira\antivir desktop\avfwsvc.exe [2011-6-6 567464]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-6-6 340136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-6 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-6 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-6-6 428200]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-6 66616]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-5-12 1051976]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-5-25 7800832]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-5-25 245760]
R3 ASUSU1;ASUS Xonar U1 Audio Interface;c:\windows\system32\drivers\cm112.sys [2011-6-6 1515520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-31 100880]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2011-6-6 82952]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-6-27 103040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-20 22712]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-6 15872]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2010-3-15 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2010-3-15 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2010-3-15 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2010-3-15 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2010-3-15 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2010-3-15 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2010-3-15 123504]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-6-26 152064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-6 1343400]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-20 366640]
.
=============== Created Last 30 ================
.
2011-07-13 10:52:30 3313664 ----a-w- C:\bootwizard.exe
2011-07-12 23:30:55 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-12 23:27:49 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-10 15:42:39 -------- d-----w- C:\Download
2011-07-10 15:42:08 -------- d-----w- c:\programdata\Grid
2011-07-10 15:42:08 -------- d-----w- c:\program files\RaySource
2011-07-10 15:42:08 -------- d-----w- c:\program files\GridService
2011-07-02 14:59:50 -------- d-----w- c:\users\g12\appdata\roaming\foobar2000
2011-07-02 14:59:46 -------- d-----w- c:\program files\foobar2000
2011-06-29 09:50:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 09:50:56 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 09:50:56 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 09:50:56 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 09:50:56 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 09:50:56 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 09:50:56 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 09:50:56 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 09:50:56 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 09:50:56 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-28 07:05:29 -------- d-----w- c:\users\g12\appdata\local\ElevatedDiagnostics
2011-06-27 06:12:46 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-06-27 06:12:46 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-06-27 06:12:46 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-06-27 06:12:46 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-06-27 06:12:46 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-06-27 06:12:22 -------- d-----w- c:\program files\Maxis Broadband
2011-06-26 12:52:05 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-26 12:52:05 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-25 12:30:32 -------- d-----w- c:\program files\Image Resizer
2011-06-25 09:18:02 -------- d-----w- c:\programdata\Avanquest
2011-06-25 09:18:02 -------- d-----w- c:\program files\Avanquest update
2011-06-23 23:36:25 -------- d-----w- c:\program files\AMD APP
2011-06-23 23:36:21 -------- d-----w- c:\program files\common files\ATI Technologies
2011-06-23 23:34:41 -------- d-----w- c:\program files\ATI Technologies
2011-06-20 15:40:02 -------- d-----w- c:\users\g12\appdata\roaming\Malwarebytes
2011-06-20 15:39:47 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-20 15:39:46 -------- d-----w- c:\programdata\Malwarebytes
2011-06-20 15:39:43 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 15:39:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-20 15:29:31 -------- d-----w- c:\users\g12\appdata\local\Sony Ericsson
2011-06-20 15:25:52 -------- d-----w- c:\programdata\Sony Ericsson
2011-06-20 15:25:52 -------- d-----w- c:\program files\Sony Ericsson
2011-06-19 00:42:30 -------- d-----w- c:\program files\Steam
2011-06-17 13:27:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-17 13:27:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-17 13:27:35 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-17 10:00:45 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-17 10:00:45 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 10:00:45 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 10:00:38 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 10:00:38 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 09:55:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-17 09:52:28 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 09:50:03 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 09:50:03 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 09:50:03 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 09:59:31 -------- d-----w- c:\users\g12\appdata\local\Ahead
2011-06-15 09:55:54 -------- d-----w- c:\programdata\Nero
2011-06-15 09:55:54 -------- d-----w- c:\program files\Nero
.
==================== Find3M ====================
.
2011-06-28 13:47:52 82952 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-06-28 13:47:52 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-28 13:47:52 106904 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-06-20 14:24:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 04:55:32 70656 ----a-w- c:\windows\system32\dfboottime.exe
2011-06-06 09:20:00 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-06 09:20:00 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-06 08:59:42 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-06 08:12:03 0 ----a-w- c:\windows\ativpsrm.bin
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-25 04:25:48 7800832 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:31:38 17940992 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-25 03:07:58 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-25 03:07:48 688128 ----a-w- c:\windows\system32\aticfx32.dll
2011-05-25 03:04:16 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:03:54 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-05-25 03:03:26 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-05-25 03:02:24 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-05-25 03:02:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 03:02:00 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 03:01:52 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-05-25 03:01:46 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:59:38 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-05-25 02:58:52 4219904 ----a-w- c:\windows\system32\atidxx32.dll
2011-05-25 02:50:38 4017152 ----a-w- c:\windows\system32\atiumdva.dll
2011-05-25 02:47:38 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-25 02:47:28 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-25 02:43:52 6847488 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-25 02:39:16 4330496 ----a-w- c:\windows\system32\atiumdag.dll
2011-05-25 02:38:14 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-25 02:38:14 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:26:10 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:26:00 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-05-25 02:25:48 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-05-25 02:25:20 245760 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24:50 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-05-25 02:24:36 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-05-25 02:24:08 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:18:58 52736 ----a-w- c:\windows\system32\coinst.dll
2011-05-24 15:44:26 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 15:43:50 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-24 11:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-03 20:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-26 05:58:12 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-26 05:58:12 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-19 17:21:02 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-04-19 14:10:18 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-15 08:00:36 53248 ----a-w- c:\windows\system32\CSVer.dll
.
============= FINISH: 21:51:56.69 ===============

Attached Files


Edited by chien-hou, 13 July 2011 - 09:44 AM.


BC AdBot (Login to Remove)

 


#2 chien-hou

chien-hou
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 15 July 2011 - 11:16 AM

SOLVED with EASEUS Partition Recovery 5.0.1
but don't know how to close topic...

Edited by chien-hou, 15 July 2011 - 11:18 AM.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:35 PM

Posted 15 July 2011 - 05:10 PM

Thanks for posting back to inform us that the issue you were experiencing has been resolved. We greatly appreciate the courtesy of being informed.

This thread will now be closed.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users