Tech Support Forum banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
Hello.
I would firstly wanna say that English isn't my first language so I hope the guy who's gonna help doesn't mind my horrible English.

I got this virus just today as I believe to have downloaded a .exe and running it without doing a search of information of the .exe file. If I remembered correctly, the file's name is firefox-update.exe. It prompted me to download all of a sudden when I tried to visit a link. The link was loaded like a "firefox" page saying that my firefox browser is outdated. So I foolishly downloaded and tried to install. A moment later, Windows defender started to detect a trojan of some sort and my laptop start to have these random ad music playing, random ad from IE (even though it's not open) and google searches redirected to bing.com.

I think one of the random music playing thing was caused by Sds.exe.

Lastly, I do not have access to a Windows install CD or a boot CD

Thanks in advance to who is helping me. :)

The following is the logs that was requested.


DDS (Ver_10-11-10.01) - NTFSx86
Run by Jian Ming at 16:15:16.37 on Wed 24/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.3060.1649 [GMT 8:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskeng.exe
C:\windows\system32\rundll32.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\windows\system32\DRIVERS\o2flash.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
c:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Svolia.exe
C:\Users\JIANMI~1\AppData\Local\Temp\Sds.exe
C:\Program Files\IObit\Game Booster\GameBox.exe
C:\windows\System32\rundll32.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\snuvcdsm.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\updnavi\updatenv.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Jian Ming\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com.sg/
uDefault_Page_URL = hxxp://www.nyp.edu.sg/
uInternet Settings,ProxyServer = proxy.singnet.com.sg:8080
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMess.dll
mURLSearchHooks: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMess.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMess.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMess.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\users\jian ming\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [UO8KTAT1GY] c:\users\jianmi~1\appdata\local\temp\Sdp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [SNUVCDSM] c:\windows\snuvcdsm.exe
mRun: [CSRSkype] c:\program files\csr\bluetooth feature pack 5.0\CSRSkype.exe
mRun: [ConMgr] "c:\program files\csr\bluetooth feature pack 5.0\ConMgr.exe"
mRun: [FDM7] c:\program files\fujitsu\fdm7\FdmDaemon.exe
mRun: [PSUTility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\application panel\BtnHnd.exe
mRun: [FJBATAID2] c:\program files\fujitsu\batteryaid2\BatteryDaemon.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\updnavi\updatenv.exe
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\jianmi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jian ming\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {9E56EEF9-1BD6-4C2F-ACB7-0B79D417BBDA} = 216.146.35.35,216.146.36.36
TCP: 355474 = 216.146.35.35,216.146.36.36
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jianmi~1\appdata\roaming\mozilla\firefox\profiles\wuovvkxe.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://google.com.sg
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\jian ming\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\jian ming\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\system32\drivers\FBIOSDRV.sys [2009-9-2 17008]
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2010-4-23 12776]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-8-1 1807608]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2010-11-18 83184]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2009-7-27 62824]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-4-23 2314240]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2009-7-15 12800]
R2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\csr\bluetooth feature pack 5.0\VFPRadioSupportService.exe [2009-8-21 111488]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-8-1 659328]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2009-9-2 5632]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-26 125696]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-10-16 274984]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-16 6114816]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-10-26 58240]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-10-26 136704]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-5-2 68200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-21 28000]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-14 214016]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2009-10-30 209920]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-7-20 60576]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-7-16 41632]
S3 PCDSRVC{F819FCA4-67B3B36D-06000000}_0;PCDSRVC{F819FCA4-67B3B36D-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\fujitsu hardware diagnostics tool\pcdsrvc.pkms [2009-11-16 20848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-12-12 174592]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-6 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]

=============== Created Last 30 ================

2010-11-24 06:56:19 -------- d-----w- c:\users\jianmi~1\appdata\roaming\Malwarebytes
2010-11-24 06:56:12 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-24 05:42:41 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-24 05:15:18 -------- d-----w- c:\progra~2\Alwil Software
2010-11-24 04:07:13 196608 ----a-w- c:\windows\Svolia.exe
2010-11-24 02:00:01 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c1bb558e-49bf-4d68-bd9e-cb465fa9a706}\mpengine.dll
2010-11-22 10:46:11 -------- d-----w- c:\program files\Modern Warfare 2
2010-11-21 15:17:38 -------- d-----w- c:\users\jianmi~1\appdata\roaming\IrfanView
2010-11-21 15:17:38 -------- d-----w- c:\program files\IrfanView
2010-11-21 05:30:29 -------- d-----w- c:\users\jianmi~1\appdata\roaming\IDM
2010-11-21 05:30:25 -------- d-----w- c:\program files\Internet Download Manager
2010-11-20 11:31:05 -------- d-----w- c:\program files\IObit
2010-11-20 11:30:59 -------- d-----w- c:\progra~2\IObit
2010-11-17 20:23:37 83184 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2010-11-17 13:05:41 -------- d-sh--w- c:\progra~2\DSS
2010-11-17 12:46:06 -------- d-----w- c:\windows\system32\AGEIA
2010-11-17 12:45:56 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-11-15 03:18:51 -------- d-----w- c:\program files\Microsoft
2010-11-12 17:22:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-07 08:03:23 -------- d-----w- C:\HLServer
2010-11-06 03:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 03:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-10-28 15:59:36 -------- d-----w- c:\users\jianmi~1\appdata\local\DogFighter
2010-10-28 06:14:33 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-28 06:14:33 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-28 06:14:33 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-28 06:14:33 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-28 06:14:11 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

==================== Find3M ====================

2010-10-19 02:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-14 20:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 03:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 03:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2000-05-17 08:23:24 33459 ----a-w- c:\program files\RegSetup.exe
2000-03-22 01:33:26 679424 ----a-w- c:\program files\class.exe

============= FINISH: 16:15:33.40 ===============
 

Attachments

·
Registered
Joined
·
3,217 Posts
Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you install the recovery console if requested

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top