TechSpot

I have a virus, Help!

By 12cuerdas
Apr 9, 2011
  1. Please help me out. I have a virus and I can't get rid of it.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum (you abandoned 1 topic in the past, so make sure, you don't do it again!)
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.

    I had to edit all the other post. Please delete other post. Thanks.
     
  4. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.
     
  5. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.
     
  6. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.
     
  7. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.
     
  8. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.
     
  9. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.
     
  10. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.
     
  11. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.
     
  12. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.
     
  13. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.
     
  14. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.
     
  15. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.
     
  16. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I am going to re-install the whole system and re run this logs for you, I don't want to take any chances. I want to make sure this virus is gone. So I think the best is to clear everything and start all over.
     
  17. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    I reformatted my computer and would like to confirm that this virus is gone.
    Here the updates logs. Thanks.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6327

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    4/10/2011 2:11:21 PM
    mbam-log-2011-04-10 (14-11-21).txt

    Scan type: Quick scan
    Objects scanned: 151473
    Time elapsed: 5 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-12 05:35:50
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS021G
    Running: 5e6l0kqq.exe; Driver: C:\DOCUME~1\ADOLFO~1\LOCALS~1\Temp\pwtdrpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9EB8026]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9EB7E91]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA9F018DE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/10/2011 2:14:54 PM
    System Uptime: 4/12/2011 5:30:54 AM (0 hours ago)
    .
    Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | U1 | 1596/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 93 GiB total, 78.644 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 4/10/2011 2:15:00 PM - System Checkpoint
    RP2: 4/10/2011 1:27:13 PM - avast! Free Antivirus Setup
    RP3: 4/10/2011 1:35:58 PM - Installed Windows XP KB932823-v3.
    RP4: 4/10/2011 1:46:15 PM - Installed Windows Internet Explorer 8.
    RP5: 4/10/2011 2:12:58 PM - Installed Java(TM) 6 Update 24
    RP6: 4/10/2011 2:54:17 PM - Installed Windows Internet Explorer 8.
    RP7: 4/10/2011 3:36:49 PM - Software Distribution Service 3.0
    RP8: 4/10/2011 3:52:51 PM - Software Distribution Service 3.0
    RP9: 4/10/2011 4:30:19 PM - Removed Adobe Reader 7.0
    RP10: 4/10/2011 4:30:53 PM - Installed Adobe Reader X.
    RP11: 4/10/2011 5:21:59 PM - Software Distribution Service 3.0
    RP12: 4/12/2011 5:33:40 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe Reader X
    America Online (Choose which version to remove)
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Connectivity Services
    AOL Spyware Protection
    AOL You've Got Pictures Screensaver
    avast! Free Antivirus
    Bejeweled 2 Deluxe
    Blasterball 2 Revolution
    Bluetooth Stack for Windows by Toshiba
    CD/DVD Drive Acoustic Silencer
    DVD-RAM Driver
    ESET Online Scanner v3
    ESPNMotion
    FATE
    GemMaster Mystic
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    J2SE Runtime Environment 5.0 Update 4
    Java Auto Updater
    Java(TM) 6 Update 24
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    McAfee VirusScan
    mCore
    mDrWiFi
    Metamail (Toshiba Registration Utility)
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Office OneNote 2003
    Microsoft Office Standard Edition 2003
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox 4.0 (x86 en-US)
    mPfMgr
    mPfWiz
    mProSafe
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    MyConnect Special Offer
    mZConfig
    Office 2003 Trial Assistant
    Otto
    Polar Golfer
    Pure Networks Port Magic
    QuickTime
    RealPlayer Basic
    Realtek High Definition Audio Driver
    SCRABBLE
    SD Secure Module
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB982665)
    Sonic DLA
    Sonic Encoders
    Sonic RecordNow!
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Game Console
    TOSHIBA Hotkey Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA TouchPad ON/Off Utility
    TOSHIBA TV Tuner 4.0.12.73
    TOSHIBA Utilities
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Viewpoint Media Player
    WebFldrs XP
    WildTangent Web Driver
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB888316
    Windows XP Media Center Edition 2005 KB894553
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB908250
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Yahoo! Music Engine
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/10/2011 4:41:34 PM, error: Service Control Manager [7034] - The McAfee.com McShield service terminated unexpectedly. It has done this 1 time(s).
    4/10/2011 4:39:05 PM, error: Service Control Manager [7034] - The TOSHIBA Application Service service terminated unexpectedly. It has done this 1 time(s).
    4/10/2011 4:39:05 PM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
    4/10/2011 4:39:05 PM, error: Service Control Manager [7034] - The McAfee Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
    4/10/2011 4:39:05 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    4/10/2011 4:38:35 PM, error: Service Control Manager [7034] - The McAfee WSC Integration service terminated unexpectedly. It has done this 1 time(s).
    4/10/2011 4:38:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL TopSpeed Monitor service to connect.
    4/10/2011 4:36:05 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    4/10/2011 4:36:05 PM, error: Service Control Manager [7034] - The DVD-RAM_Service service terminated unexpectedly. It has done this 1 time(s).
    4/10/2011 4:36:05 PM, error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).
    4/10/2011 4:36:04 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
    4/10/2011 4:36:04 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    4/10/2011 4:36:00 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    4/10/2011 4:35:59 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Adolfo Albarran at 5:36:22.25 on Tue 04/12/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.584 [GMT -7:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\igfxtray.exe
    svchost.exe
    C:\WINDOWS\system32\igfxpers.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\dla\DLACTRLW.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\RAMASST.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\update\update.exe
    \\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
    C:\Documents and Settings\Adolfo Albarran\My Documents\Downloads\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=2
    uSearch Bar = hxxp://www.toshiba.com/search
    uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    mRun: [TFncKy] TFncKy.exe
    mRun: [TDispVol] TDispVol.exe
    mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
    mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
    mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
    mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302474879140
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\adolfo~1\applic~1\mozilla\firefox\profiles\8yno2gmk.default\
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-10 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-10 301528]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-10 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-10 42184]
    R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-2-24 126976]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-2-24 221184]
    R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-2-24 122368]
    R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-2-24 114464]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-10 136176]
    S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-2-24 245760]
    .
    =============== Created Last 30 ================
    .
    2011-04-11 01:21:08 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-04-11 01:20:37 590848 ----a-w- c:\windows\system32\SET2B.tmp
    2011-04-11 01:20:37 5120 ------w- c:\windows\system32\SET2C.tmp
    2011-04-11 00:45:42 -------- d-----w- c:\windows\system32\scripting
    2011-04-11 00:45:41 -------- d-----w- c:\windows\system32\en
    2011-04-11 00:45:41 -------- d-----w- c:\windows\system32\bits
    2011-04-11 00:45:41 -------- d-----w- c:\windows\l2schemas
    2011-04-11 00:38:36 -------- d-----w- c:\windows\network diagnostic
    2011-04-11 00:11:58 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
    2011-04-11 00:11:58 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
    2011-04-11 00:11:58 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
    2011-04-11 00:11:51 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
    2011-04-11 00:11:39 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
    2011-04-11 00:11:39 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
    2011-04-11 00:11:39 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
    2011-04-10 23:06:38 -------- d-----w- c:\program files\MSXML 4.0
    2011-04-10 23:04:07 -------- d-----w- c:\windows\ie8updates
    2011-04-10 23:01:49 -------- d-----w- c:\windows\ServicePackFiles
    2011-04-10 22:52:14 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-04-10 22:52:09 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-04-10 22:52:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-04-10 22:52:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-04-10 22:52:07 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-04-10 22:52:07 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-04-10 22:52:06 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-04-10 22:52:05 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-04-10 22:49:12 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-04-10 22:49:07 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-04-10 22:48:45 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2011-04-10 22:47:17 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-04-10 22:47:17 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-04-10 22:47:00 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-04-10 22:44:05 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-04-10 22:43:08 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
    2011-04-10 22:41:01 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-04-10 22:41:00 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-04-10 22:41:00 35328 -c----w- c:\windows\system32\dllcache\sc.exe
    2011-04-10 22:41:00 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2011-04-10 22:40:59 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-04-10 22:40:59 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-04-10 22:40:59 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-04-10 22:40:58 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2011-04-10 22:40:58 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2011-04-10 22:40:58 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-04-10 22:40:58 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-04-10 22:40:57 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-04-10 22:40:56 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-04-10 22:40:47 2560 ------w- c:\windows\system32\xpsp4res.dll
    2011-04-10 22:40:46 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-04-10 22:39:54 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
    2011-04-10 22:39:49 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-04-10 22:39:44 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-04-10 22:38:41 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-04-10 22:38:40 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2011-04-10 22:38:35 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-04-10 22:38:20 23040 ------w- c:\windows\kb913800.exe
    2011-04-10 22:37:26 -------- d-----w- c:\windows\system32\PreInstall
    2011-04-10 22:35:12 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
    2011-04-10 22:35:12 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-04-10 22:35:11 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2011-04-10 22:35:11 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2011-04-10 22:35:11 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2011-04-10 22:03:30 -------- d-----w- c:\program files\ESET
    2011-04-10 21:52:51 -------- dc-h--w- c:\windows\ie8
    2011-04-10 21:14:25 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-04-10 21:13:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-04-10 21:13:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-10 21:03:38 -------- d-----w- c:\program files\AVerMedia
    2011-04-10 21:03:23 69632 ----a-r- c:\windows\system32\MCSysUtil.dll
    2011-04-10 21:03:23 4528 ----a-r- c:\windows\system32\SETBROWS.EXE
    2011-04-10 21:03:23 135168 ----a-w- c:\windows\system32\XML30Lib.dll
    2011-04-10 21:03:22 50176 ----a-w- c:\windows\system32\CSH.DLL
    2011-04-10 21:03:22 163840 ----a-w- c:\windows\system32\MCCoreUtil.dll
    2011-04-10 21:03:21 -------- d-----w- c:\program files\Metamail Inc
    2011-04-10 21:02:52 -------- d-----w- c:\program files\common files\InterVideo
    2011-04-10 21:02:29 135168 ----a-w- c:\windows\system32\igfxres.dll
    2011-04-10 21:00:19 -------- d-sh--w- c:\documents and settings\adolfo albarran\IECompatCache
    2011-04-10 21:00:01 -------- d-sh--w- c:\documents and settings\adolfo albarran\PrivacIE
    2011-04-10 20:49:05 -------- d-sh--w- c:\documents and settings\adolfo albarran\IETldCache
    2011-04-10 20:47:10 -------- d-----w- c:\docume~1\adolfo~1\applic~1\Malwarebytes
    2011-04-10 20:47:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-10 20:47:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-04-10 20:46:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-10 20:46:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-10 20:28:00 -------- d-----w- c:\docume~1\adolfo~1\locals~1\applic~1\Temp
    2011-04-10 20:27:38 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-10 20:27:23 40648 ----a-w- c:\windows\avastSS.scr
    2011-04-10 20:27:13 -------- d-----w- c:\program files\AVAST Software
    2011-04-10 20:27:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
    .
    ==================== Find3M ====================
    .
    2011-02-05 00:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
    2011-02-05 00:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
    .
    ============= FINISH: 5:38:29.00 ===============
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Formatting will erase all infection.
    Your logs are clean.
     
  19. 12cuerdas

    12cuerdas TS Rookie Topic Starter Posts: 20

    Okay so my system is clean.
    Now I need to make sure my external hard drive and flash drive(s) are clean. How do I do that?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Install this on your computer and then you're safe to plug anything in and scan it with your AV program and MBAM, if you wish.

    Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

    *Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
    • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

    Windows Vista and Windows 7 users
    Flash Disinfector is not compatible with the above Windows version.
    Please, use Panda USB Vaccine
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...