help needed with possable win32.ih, w3 iq5

**mjd59** · 2012-03-17, 05:36

i have being trying to identify and kill a virus on my laptop for about a week now nothing i do seems to work , just as you think your winning i take a step back . access denied in rkill , and think it is updating itself instead of my security patches , cannot download the dss log , please help !!!

**shelf life** · 2012-03-19, 01:13

hi mjd59,

Ok, since we have to start somewhere: If you have Malwarebytes installed try updating it first then do a scan, but most likely you already did this-- If you cant run it normally because of the malware tricks: then you can boot into safe mode. To reach safe mode you would tap the f8 key during a computer restart, chose the first option form the list: safe mode. Log into your account and run MBAM.

If you dont have it installed:

Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

Try running it normally or in safe mode as described above.

Are you having browser re-direction?

**mjd59** · 2012-03-19, 19:43

yes i was having rediretion will do the scan , and save it i also suspect my desktop is infected as modem has changed some settings ! also babylon tool bar sometimes appears

**shelf life** · 2012-03-20, 03:27

Until your machine is clean you really shouldnt be using it other than to download and run the scans.
In fact, when not in use make sure it has no network connectivity. If your not sure how to do that then just power it off.

You can get another download to use. If you cant get to certain websites you can download the software to a USB flash drive from another machine if thats possible then transfer it to the compromised one to run.

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C) as: TDSSKiller.2.7.9.0_05.02.2012_17.32.21_log (name, version#, date, time)

**mjd59** · 2012-03-20, 18:48

ok, i downloaded a new mamb, scanned -nothing found, saved log
could not download tdsskiller but had an early version on my desktop which at first would not run [could not find driver] not sure but on default mode found nothing. with the tdfs files ticked found 2 files on harddisk tdss, which i quarrantiened, with everything ticked 21 problems i did not have any options and all were marked to be skipped as i scroled down the page was moving so slow and i am thinking the program is infected , anyway all problems were quarrentined and then microsoft security came up with a problem that needs cleaning , alurion -ct .i did have an alurion virus about a year ago which was cleaned by microsoft securty . i am also finding files are starting to appear all over the place , please what next steps would you want me to implement ,and thanks for you help so far .

**shelf life** · 2012-03-20, 22:48

Tdsskiller should prompt you to check for updates before it runs. I dont know how old your version is but running the updated version would be best.
Could you get the latest tdsskiller from another machine using a USB drive to transfer the file? Also go ahead and run the version you have in safe mode before you do anything. To reach safe mode you would tap the f8 key during a computer restart, chose the first option from the list: safe mode, log into your usual account. After you run tdsskiller in safe mode, just restart like you normally would to get back to your desktop.

We will get another download also, it requires you to read a guide first. You can do this on another machine if you have to. I will assume your not running a 64bit version of XP. Combofix wont run on a 64bit XP machine.
If you manage to download it and it gives problems when running you can also run it in safe mode.
Again, no network connectivity except to grab the files, disconnect and run the scans.

Guide to using Combofix

**mjd59** · 2012-03-21, 19:46

tdsskiller found 21 threats mainly unsigned files which i went through and put to quarrantine[sorry about spelling] combofix ran,at first it could not find file. and had to download a restore file from microsoft .i ran tdss again and it can up with the same files so this time i deleted the ones i thought was not needed ,rebooted and ran again, came up with 5 files also ran combofix afterwards had to run combofix in safe mode as before it saved the log in normal mode an error screen appeared for a second then computor shut down . had to do a system restore before i could run programs to get internet connection

**shelf life** · 2012-03-22, 03:39

Did you manage to update tdsskiller? Can you post its log. Try downloading and running DDS now also. Take a look in your root drive: C:\ for a combofix.txt file
If its there please copy/paste it in your reply along with the tdsskiller log and a DDS log if you can manage to get it downloaded.

**mjd59** · 2012-03-22, 18:14

here are the logs of combofix, tdsskiller and dss

dss

DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by MICK at 19:39:11 on 2012-03-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.314 [GMT 11:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
SVCHOST.EXE
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Acer\Empowering Technology\admServ.exe
SVCHOST.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\System32\snmp.exe
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxext.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\DOCUME~1\MICK\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm021YYAU&fl=0&ptb=d2pABN5CKpHB4S6_WXKxbQ&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.homecallbroadband.com/customer/
uURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: PopKiller Class: {9a23b8a4-c6c9-4a68-8fa6-5f905dc8ff80} - c:\program files\sysshield tools\internet eraser\pkext.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AbsoluteShield: {ee9dd090-902d-4623-9360-fb7d8666202b} - c:\program files\sysshield tools\internet eraser\AbsoluteBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {56CF4856-ECB4-4E46-A897-A378821F97B9} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [SkyTel] SkyTel.EXE
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [LaunchApp] Alaunch
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [bgsmsnd.exe] c:\windows\system32\bgsmsnd.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\mick\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\mick\startm~1\programs\startup\absolu~1.lnk - c:\program files\sysshield tools\internet eraser\cseraser.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
Trusted Zone: mcafee.com\www
Trusted Zone: swingingheaven.co.uk
Trusted Zone: swingingheaven.co.uk\www
Trusted Zone: swingingheaven.co.uk\www.photos
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MpKsl1ee285c0;MpKsl1ee285c0;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b0a700c1-073d-4f02-b5f6-5c6810276e22}\MpKsl1ee285c0.sys [2012-3-22 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-17 652360]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-3-15 1181104]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-3-15 1185704]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2012-2-27 173880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-4 20464]
S1 MpKsl53772ca5;MpKsl53772ca5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a475bb5-88e9-45df-bb9a-44f8a897b491}\mpksl53772ca5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a475bb5-88e9-45df-bb9a-44f8a897b491}\MpKsl53772ca5.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-2-26 217088]
S3 cpuz132;cpuz132;\??\c:\docume~1\mick\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\mick\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2012-2-26 20032]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\fsusbexdisk.sys --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys --> c:\windows\system32\drivers\lv321av.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-3-7 24064]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\908.tmp --> c:\windows\system32\908.tmp [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-2-26 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-2-26 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-2-26 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-2-26 114280]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-2-26 30312]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
.
=============== Created Last 30 ================
.
2012-03-22 08:23:28 -------- d-sh--w- C:\Recycled
2012-03-22 07:51:08 4392 ----a-w- c:\windows\system32\drivers\NdisFilt.sys
2012-03-22 07:48:35 7296 ----a-w- c:\windows\system32\drivers\osaio.sys
2012-03-22 07:48:35 12106 ----a-w- c:\windows\system32\drivers\OsaFsLoc.sys
2012-03-22 07:48:25 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b0a700c1-073d-4f02-b5f6-5c6810276e22}\MpKsl1ee285c0.sys
2012-03-21 08:02:10 -------- d-sha-r- C:\cmdcons
2012-03-21 07:46:11 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b0a700c1-073d-4f02-b5f6-5c6810276e22}\mpengine.dll
2012-03-21 07:44:42 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-21 07:44:42 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-21 07:44:32 -------- d-----w- c:\program files\Panda Security
2012-03-21 07:44:27 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-03-21 07:44:27 -------- d-----w- c:\program files\PC Cleaners
2012-03-21 07:44:10 -------- d-----w- c:\program files\iPod
2012-03-21 07:43:59 -------- d-----w- c:\program files\MediaConverter
2012-03-21 07:43:55 -------- d-----w- c:\program files\SoMud
2012-03-21 07:43:52 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-03-21 07:43:48 -------- d-----w- c:\program files\Tracks Eraser(2)
2012-03-21 05:47:55 -------- d-----w- c:\windows\LastGood(2)
2012-03-21 05:47:52 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-03-21 04:49:51 -------- d-----w- C:\Recycled(2)
2012-03-21 04:34:22 -------- d-----w- C:\FOUND.002
2012-03-21 04:09:58 -------- d-----w- C:\ComboFix(2)
2012-03-21 03:11:17 -------- d---a-w- C:\cmdcons(2)
2012-03-21 01:55:36 -------- d-----w- C:\FOUND.001
2012-03-20 07:36:02 -------- d-----w- c:\program files\Smith Micro
2012-03-17 18:50:51 -------- d-----w- c:\documents and settings\mick\local settings\application data\WinZipBar
2012-03-17 18:50:49 -------- d-----w- c:\program files\WinZipBar
2012-03-17 18:48:17 -------- d-----w- c:\documents and settings\mick\local settings\application data\WinZip
2012-03-17 10:16:28 0 ----a-w- c:\windows\system32\REN2B.tmp
2012-03-17 10:16:28 0 ----a-w- c:\windows\system32\REN2A.tmp
2012-03-17 10:16:28 0 ----a-w- c:\windows\system32\REN29.tmp
2012-03-17 10:15:03 0 ----a-w- c:\windows\system32\REN22.tmp
2012-03-17 10:15:03 0 ----a-w- c:\windows\system32\REN21.tmp
2012-03-17 10:15:03 0 ----a-w- c:\windows\system32\REN20.tmp
2012-03-17 10:14:39 0 ----a-w- c:\windows\system32\REN1A.tmp
2012-03-17 10:14:39 0 ----a-w- c:\windows\system32\REN19.tmp
2012-03-17 10:14:39 0 ----a-w- c:\windows\system32\REN18.tmp
2012-03-16 17:22:07 -------- d-----w- c:\documents and settings\mick\application data\Safer Networking
2012-03-16 14:26:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-16 14:09:05 -------- d-----w- c:\program files\XAce
2012-03-15 07:22:54 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-03-15 07:22:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-03-15 07:03:49 -------- d-----w- c:\program files\SysShield Tools
2012-03-15 07:03:17 -------- d-----w- c:\documents and settings\mick\application data\SUPERAntiSpyware.com
2012-03-15 07:03:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-15 07:00:47 -------- d-----w- C:\FOUND.000
2012-03-15 06:56:19 -------- d-----w- c:\program files\EnglishOtto
2012-03-15 06:56:18 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-15 06:56:18 -------- d-----w- c:\documents and settings\all users\application data\eBay
2012-03-15 06:56:18 -------- d-----w- c:\documents and settings\all users\application data\DataCardService
2012-03-12 10:36:01 -------- d-----w- c:\program files\Safer Networking
2012-03-07 09:24:20 -------- d-----w- c:\program files\Trend Micro
2012-03-07 08:35:18 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-03-07 06:36:38 -------- d-----w- c:\documents and settings\mick\application data\PC Cleaners
2012-03-07 06:36:37 -------- d-----w- c:\documents and settings\mick\application data\PCPro
2012-03-07 06:36:31 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2012-03-04 07:35:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-03 10:09:50 -------- d-----w- c:\program files\Sophos
2012-02-27 14:42:19 726 ----a-w- c:\windows\system32\drivers\bybnrqse.dat
2012-02-27 08:01:06 -------- d-----w- C:\Netgear
2012-02-27 04:58:46 -------- d-----w- c:\documents and settings\mick\application data\QFX Software
2012-02-27 04:58:46 -------- d-----w- c:\documents and settings\all users\application data\QFX Software
2012-02-27 04:44:27 173880 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2012-02-27 04:44:26 -------- d-----w- c:\program files\KeyScrambler
2012-02-27 04:14:56 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2012-02-27 04:14:50 -------- d-----w- c:\program files\Security Task Manager
2012-02-27 04:14:28 2094432 ----a-w- C:\SecurityTaskManager_Setup.exe
2012-02-26 09:38:37 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2012-02-26 03:01:11 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2012-02-26 03:01:10 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-02-26 03:01:10 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-02-26 03:01:10 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-02-26 03:01:10 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-02-26 03:01:09 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-02-26 03:01:09 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-02-26 02:50:37 -------- d-----w- c:\program files\MyFree Codec
2012-02-26 01:55:31 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-02-26 01:55:31 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-02-26 01:55:31 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-02-26 00:15:53 217088 ----a-w- c:\windows\system32\FsUsbExService.Exe
2012-02-26 00:15:53 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2012-02-26 00:13:46 -------- d-----w- c:\program files\PC Connectivity Solution
2012-02-26 00:10:43 -------- d-----w- c:\program files\common files\Samsung
2012-02-24 21:14:08 -------- d-----w- c:\documents and settings\mick\application data\BeNaughtyChat
2012-02-24 21:14:03 -------- d-----w- c:\documents and settings\mick\application data\vcards
.
==================== Find3M ====================
.
2012-03-16 08:59:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 06:36:08 5330704 ----a-w- c:\windows\uninst.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 02:05:02 11139944 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-01-09 16:20:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-30 06:03:08 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2010-01-09 10:33:24 203776 --sh--w- c:\windows\system32\unrar.exe
.
============= FINISH: 19:39:46.10 ===============

**mjd59** · 2012-03-22, 18:26

Attachment 9337

Attachment 9338

Thread: help needed with possable win32.ih, w3 iq5

Thread Tools

Display

help needed with possable win32.ih, w3 iq5

Posting Permissions