Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ijw.exe infected computer, removed but problems persist


  • This topic is locked This topic is locked
2 replies to this topic

#1 Locust of Chiron

Locust of Chiron

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 22 May 2011 - 04:57 PM

on the internet I got the standard allow/deny windows message for ijw.exe. after denying multiple times it managed to mess up my PC anyway, and installed a rogue program that posed as bitdefender and looked almost identical to the windows 7 action center when it popped up. I logged off and changed to my admin account and ran Malwarebytes to remove the infection, and ran a second scan after restarting just to be sure and the virus seems to be removed but now on the infected account whenever I try to run an exe i get the "Open With" window for when windows doesn't recognize an extension, and I have no idea what to do. I've gotten around it by telling it to use the exe I want to open the exe (for example open firefox.exe with firefox.exe) but it's an annoying workaround and it doesn't work for all programs. here's the log, Thanks in Advance!

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Admin at 14:37:17 on 2011-05-22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8190.4679 [GMT -7:00]
.
AV: The Shield Deluxe Antivirus *Enabled/Updated* {5988F8C3-A12C-B8DD-7291-D5248C8353F8}
SP: The Shield Deluxe Antispyware *Enabled/Updated* {E2E91927-8716-B753-4821-EE56F7041945}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\DAODx.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\seccenter.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Weston\Desktop\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: The Shield Deluxe 2010 Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - "C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Antispam32\IEToolbar.dll"
uRun: [EADM] "C:\Program Files (x86)\Electronic Arts\EADM\EADMUI.exe"
mRun: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - B:\Backup\Stardock\Impulse\Now\ImpulseNow.exe
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - B:\Programs\LimeWire\LimeWire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} - hxxps://portal.cwu.edu/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/LocalExec.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: The Shield Deluxe 2010 Toolbar: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEToolbar.dll"
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [BDAgent] "C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe"
mRun-x64: [BitDefender Antiphishing Helper 32] "C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Antispam32\IEShow.exe"
mRun-x64: [BitDefender Antiphishing Helper] "C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe"
mRun-x64: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qxfwx96u.default\
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\system32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Firewall\bdfwfpf.sys [2009-9-1 88584]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-11-10 96896]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BDFM;BDFM;C:\Windows\system32\DRIVERS\bdfm.sys --> C:\Windows\system32\DRIVERS\bdfm.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-8-30 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-19 365568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Arrakis3;The Shield Deluxe Arrakis Server;C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exe [2009-9-14 278224]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;B:\Programs\Steam\SteamApps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-6-19 25832]
S3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
.
=============== Created Last 30 ================
.
2011-05-22 20:56:41 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-05-22 20:56:41 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-22 20:56:41 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-22 20:56:41 1974616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-22 20:56:41 1892184 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-22 20:56:41 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-05-22 20:56:41 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-22 20:56:41 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-22 20:39:05 -------- d-----w- C:\Users\Admin\AppData\Local\Mozilla
2011-05-21 03:41:12 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-05-20 08:15:33 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E1AFDDF-CF87-45EA-AA4E-44BBAD117174}\mpengine.dll
2011-05-15 13:10:23 306176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-05-15 13:07:30 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-05-15 13:05:56 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-05-15 13:05:03 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-05-15 13:04:29 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-05-15 13:04:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-05-15 13:04:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-05-15 13:02:26 1923584 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-05-15 13:00:08 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-05-15 12:59:34 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-05-15 12:58:31 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-05-15 12:56:30 9319936 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-05-15 12:55:46 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-05-15 12:55:33 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-05-15 12:55:24 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-05-15 12:54:57 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-05-15 12:54:57 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-05-15 12:54:46 17693184 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-05-15 12:54:28 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-05-15 12:54:28 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-05-15 12:48:28 6389760 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-05-15 12:47:54 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-05-15 12:47:50 7768064 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-05-15 12:47:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-05-15 12:47:39 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-05-15 12:47:15 22900736 ----a-w- C:\Windows\System32\atio6axx.dll
2011-05-15 12:47:13 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-05-15 12:47:11 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-05-15 12:47:04 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-05-15 12:46:51 366080 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-05-15 12:46:48 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-05-15 12:46:41 480256 ----a-w- C:\Windows\System32\atieclxx.exe
2011-05-15 12:46:41 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-05-15 12:46:41 1222656 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-05-11 04:56:57 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 04:56:56 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 04:56:56 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 04:54:52 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 04:54:52 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 04:54:52 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 04:54:52 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 04:54:52 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 04:54:52 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 04:54:52 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-03 21:40:08 -------- d-----w- C:\Program Files (x86)\GOG.com
2011-04-30 13:56:59 -------- d-----w- C:\Program Files (x86)\GameSpy Arcade
2011-04-30 11:22:10 -------- d-----w- C:\Users\Admin\AppData\Local\EA Core
2011-04-30 11:08:54 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2011-04-30 11:08:54 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-04-30 11:08:54 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2011-04-30 11:08:54 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-04-30 11:08:53 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2011-04-30 11:08:53 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-04-27 19:06:53 2870272 ----a-w- C:\Windows\explorer.exe
2011-04-27 19:06:53 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-27 19:06:45 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-27 19:06:45 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-27 19:05:42 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-04-27 19:05:42 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-04-27 19:05:42 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-04-27 19:05:42 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-04-27 19:05:42 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-04-27 19:05:42 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-04-27 19:05:41 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-04-27 19:05:41 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-04-27 19:05:41 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-04-27 19:05:15 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-27 19:05:15 31232 ----a-w- C:\Windows\System32\prevhost.exe
.
==================== Find3M ====================
.
2011-05-15 13:10:56 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-05-15 13:09:13 4056576 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-05-15 13:08:30 4286464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-05-15 13:06:37 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-05-15 13:04:52 676864 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-05-15 13:04:26 4161536 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-05-15 13:02:16 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-05-15 13:01:34 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-05-15 13:01:00 5440000 ----a-w- C:\Windows\System32\atiumd64.dll
2011-05-15 12:55:53 795648 ----a-w- C:\Windows\System32\aticfx64.dll
2011-05-15 12:54:52 4951552 ----a-w- C:\Windows\System32\atidxx64.dll
2011-05-15 12:54:45 3868672 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-05-15 12:47:13 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-05-15 12:47:03 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-04-20 05:10:34 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-04-20 05:10:32 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-04-20 05:10:22 53760 ----a-w- C:\Windows\System32\OpenCL.dll
2011-04-20 05:10:18 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-04-20 05:10:14 16116224 ----a-w- C:\Windows\System32\amdocl64.dll
2011-04-20 05:10:02 12385280 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-04-10 01:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-04-10 01:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2011-04-09 06:08:07 118784 ----a-w- C:\Windows\System32\atibtmon.exe
2011-04-09 05:32:27 51200 ----a-w- C:\Windows\System32\ATIODCLI.exe
2011-04-09 05:31:20 332800 ----a-w- C:\Windows\System32\ATIODE.exe
2011-03-16 06:26:17 1391104 ----a-w- C:\apploc.msi
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2010-12-13 04:26:46 281974195 ----a-w- C:\Program Files (x86)\LostSagaSetup100723.exe
.
============= FINISH: 14:37:33.81 ===============

BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:28 PM

Posted 31 May 2011 - 08:03 AM

Hi Locust of Chiron, and welcome to Bleeping Computer.

Please run this scan:

Download OTL.com by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • On the upper bar, place a check next to: Scan all Users.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Edited by snemelk, 31 May 2011 - 08:14 AM.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:28 PM

Posted 14 June 2011 - 01:38 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users