BleepingComputer.com: ijw.exe infected computer, removed but problems persist

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

ijw.exe infected computer, removed but problems persist doesn't recognize executables anymore

#1 User is offline   Locust of Chiron 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 22-May 11

Posted 22 May 2011 - 04:57 PM

on the internet I got the standard allow/deny windows message for ijw.exe. after denying multiple times it managed to mess up my PC anyway, and installed a rogue program that posed as bitdefender and looked almost identical to the windows 7 action center when it popped up. I logged off and changed to my admin account and ran Malwarebytes to remove the infection, and ran a second scan after restarting just to be sure and the virus seems to be removed but now on the infected account whenever I try to run an exe i get the "Open With" window for when windows doesn't recognize an extension, and I have no idea what to do. I've gotten around it by telling it to use the exe I want to open the exe (for example open firefox.exe with firefox.exe) but it's an annoying workaround and it doesn't work for all programs. here's the log, Thanks in Advance!

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Admin at 14:37:17 on 2011-05-22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8190.4679 [GMT -7:00]
.
AV: The Shield Deluxe Antivirus *Enabled/Updated* {5988F8C3-A12C-B8DD-7291-D5248C8353F8}
SP: The Shield Deluxe Antispyware *Enabled/Updated* {E2E91927-8716-B753-4821-EE56F7041945}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\DAODx.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\seccenter.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Weston\Desktop\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: The Shield Deluxe 2010 Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - "C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Antispam32\IEToolbar.dll"
uRun: [EADM] "C:\Program Files (x86)\Electronic Arts\EADM\EADMUI.exe"
mRun: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - B:\Backup\Stardock\Impulse\Now\ImpulseNow.exe
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - B:\Programs\LimeWire\LimeWire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} - hxxps://portal.cwu.edu/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/LocalExec.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: The Shield Deluxe 2010 Toolbar: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEToolbar.dll"
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [BDAgent] "C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe"
mRun-x64: [BitDefender Antiphishing Helper 32] "C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Antispam32\IEShow.exe"
mRun-x64: [BitDefender Antiphishing Helper] "C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe"
mRun-x64: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qxfwx96u.default\
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\system32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Firewall\bdfwfpf.sys [2009-9-1 88584]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-11-10 96896]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BDFM;BDFM;C:\Windows\system32\DRIVERS\bdfm.sys --> C:\Windows\system32\DRIVERS\bdfm.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-8-30 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-19 365568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Arrakis3;The Shield Deluxe Arrakis Server;C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exe [2009-9-14 278224]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;B:\Programs\Steam\SteamApps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-6-19 25832]
S3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
.
=============== Created Last 30 ================
.
2011-05-22 20:56:41 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-05-22 20:56:41 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-22 20:56:41 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-22 20:56:41 1974616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-22 20:56:41 1892184 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-22 20:56:41 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-05-22 20:56:41 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-22 20:56:41 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-22 20:39:05 -------- d-----w- C:\Users\Admin\AppData\Local\Mozilla
2011-05-21 03:41:12 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-05-20 08:15:33 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E1AFDDF-CF87-45EA-AA4E-44BBAD117174}\mpengine.dll
2011-05-15 13:10:23 306176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-05-15 13:07:30 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-05-15 13:05:56 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-05-15 13:05:03 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-05-15 13:04:29 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-05-15 13:04:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-05-15 13:04:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-05-15 13:02:26 1923584 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-05-15 13:00:08 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-05-15 12:59:34 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-05-15 12:58:31 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-05-15 12:56:30 9319936 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-05-15 12:55:46 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-05-15 12:55:33 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-05-15 12:55:24 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-05-15 12:54:57 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-05-15 12:54:57 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-05-15 12:54:46 17693184 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-05-15 12:54:28 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-05-15 12:54:28 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-05-15 12:48:28 6389760 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-05-15 12:47:54 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-05-15 12:47:50 7768064 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-05-15 12:47:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-05-15 12:47:39 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-05-15 12:47:15 22900736 ----a-w- C:\Windows\System32\atio6axx.dll
2011-05-15 12:47:13 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-05-15 12:47:11 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-05-15 12:47:04 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-05-15 12:46:51 366080 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-05-15 12:46:48 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-05-15 12:46:41 480256 ----a-w- C:\Windows\System32\atieclxx.exe
2011-05-15 12:46:41 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-05-15 12:46:41 1222656 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-05-11 04:56:57 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 04:56:56 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 04:56:56 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 04:54:52 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 04:54:52 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 04:54:52 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 04:54:52 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 04:54:52 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 04:54:52 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 04:54:52 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-03 21:40:08 -------- d-----w- C:\Program Files (x86)\GOG.com
2011-04-30 13:56:59 -------- d-----w- C:\Program Files (x86)\GameSpy Arcade
2011-04-30 11:22:10 -------- d-----w- C:\Users\Admin\AppData\Local\EA Core
2011-04-30 11:08:54 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2011-04-30 11:08:54 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-04-30 11:08:54 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2011-04-30 11:08:54 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-04-30 11:08:53 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2011-04-30 11:08:53 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-04-27 19:06:53 2870272 ----a-w- C:\Windows\explorer.exe
2011-04-27 19:06:53 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-27 19:06:45 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-27 19:06:45 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-27 19:05:42 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-04-27 19:05:42 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-04-27 19:05:42 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-04-27 19:05:42 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-04-27 19:05:42 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-04-27 19:05:42 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-04-27 19:05:41 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-04-27 19:05:41 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-04-27 19:05:41 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-04-27 19:05:15 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-27 19:05:15 31232 ----a-w- C:\Windows\System32\prevhost.exe
.
==================== Find3M ====================
.
2011-05-15 13:10:56 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-05-15 13:09:13 4056576 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-05-15 13:08:30 4286464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-05-15 13:06:37 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-05-15 13:04:52 676864 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-05-15 13:04:26 4161536 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-05-15 13:02:16 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-05-15 13:01:34 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-05-15 13:01:00 5440000 ----a-w- C:\Windows\System32\atiumd64.dll
2011-05-15 12:55:53 795648 ----a-w- C:\Windows\System32\aticfx64.dll
2011-05-15 12:54:52 4951552 ----a-w- C:\Windows\System32\atidxx64.dll
2011-05-15 12:54:45 3868672 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-05-15 12:47:13 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-05-15 12:47:03 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-04-20 05:10:34 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-04-20 05:10:32 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-04-20 05:10:22 53760 ----a-w- C:\Windows\System32\OpenCL.dll
2011-04-20 05:10:18 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-04-20 05:10:14 16116224 ----a-w- C:\Windows\System32\amdocl64.dll
2011-04-20 05:10:02 12385280 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-04-10 01:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-04-10 01:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2011-04-09 06:08:07 118784 ----a-w- C:\Windows\System32\atibtmon.exe
2011-04-09 05:32:27 51200 ----a-w- C:\Windows\System32\ATIODCLI.exe
2011-04-09 05:31:20 332800 ----a-w- C:\Windows\System32\ATIODE.exe
2011-03-16 06:26:17 1391104 ----a-w- C:\apploc.msi
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2010-12-13 04:26:46 281974195 ----a-w- C:\Program Files (x86)\LostSagaSetup100723.exe
.
============= FINISH: 14:37:33.81 ===============

#2 User is offline   snemelk 

  • inżynier
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 1,368
  • Joined: 26-February 08

Posted 31 May 2011 - 08:03 AM

Hi Locust of Chiron, and welcome to Bleeping Computer.

Please run this scan:

Download OTL.com by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • On the upper bar, place a check next to: Scan all Users.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

This post has been edited by snemelk: 31 May 2011 - 08:14 AM

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!
"If I had some duct tape, I could fix that." - MacGyver

#3 User is offline   snemelk 

  • inżynier
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 1,368
  • Joined: 26-February 08

Posted 14 June 2011 - 01:38 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!
"If I had some duct tape, I could fix that." - MacGyver

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users