stain Posted August 27, 2008 Report Share Posted August 27, 2008 Hello all!Once again I am submitting a log, this time for my laptop. See a while ago the motherboard died and had to be replaced, when I got it back I, for some reason, couldn't connect to the internet. so I left it at that. It wasn't that big of a deal since i could just continue using my desktop. I stopped using my laptop since a lot of the programs I used were on my desktops. then a few weeks ago I started getting an itch to play the sims again but didn't want to use any space on my desktop since I need the space for my lightwave projects. So I ended up reinstalling it on my laptop. while using it between sims a little window on the bottom of the screen saying i was now connected to the internet. Great right? now the internet i thought I'd lost on my laptop was back. WRONG! I had removed all the protection i had when I thought I'd lost it. I had been using it for several weeks and likely I was connected without knowing. Before downloading the proper 'd protection I jumped on the sims resource for some quick downloads. I thought I would be fine 'cause I used the desktop for months without protection and was fine. Well I was able to install Ad-Aware 2008 without a hitch, but Comodo doesn't show in my installed programs list and the folder is empty. Avast! won't even start the installation saying that I don't have enough user rights which is crap cause I'm the admin. on this computer. I haven't even attempted to install spybot search and destroy. Need help desperately.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:25:01 AM, on 8/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\ACS.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Toshiba\Power Management\CeEPwrSvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exec:\TOSHIBA\Ivp\Swupdate\swupdtmr.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\EzButton\EzButton.EXEC:\Program Files\TOSHIBA\E-KEY\CeEKey.exeC:\Program Files\TOSHIBA\TouchPad\TPTray.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\TOSHIBA\Power Management\CePMTray.exeC:\toshiba\ivp\ism\pinger.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Java\jre1.5.0_07\bin\jusched.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Washer\washer.exeC:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Java\jre1.5.0_07\bin\jucheck.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXEO4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exeO4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exeO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exeO4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Death Rider"O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exeO4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe (file missing)O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe--End of file - 7255 bytes Link to post Share on other sites
Andro1d Posted August 31, 2008 Report Share Posted August 31, 2008 Hello and Welcome to the forums. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.Sorry for the delay.Please Click here!, and follow the recommendations in the guide.Please let me know if you have any more issues after following the guide. Link to post Share on other sites
stain Posted September 2, 2008 Author Report Share Posted September 2, 2008 Hello and Welcome to the forums. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.Sorry for the delay.Please Click here!, and follow the recommendations in the guide.Please let me know if you have any more issues after following the guide.Followed the steps and I was able to install Comodo and Avast! afterwards without a hitch. the guidelines said to submit a Highjackthis log so here it is just in case. Avast! found some things as well, think two of them are kodak easyshare crap and the other I think might be restore info. can't remember what to do though. attached a screenshot of the chest in case I'm wrong.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:59:00 PM, on 9/1/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\ACS.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Toshiba\Power Management\CeEPwrSvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\COMODO\Firewall\cmdagent.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exec:\TOSHIBA\Ivp\Swupdate\swupdtmr.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\EzButton\EzButton.EXEC:\Program Files\TOSHIBA\E-KEY\CeEKey.exeC:\Program Files\TOSHIBA\TouchPad\TPTray.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\TOSHIBA\Power Management\CePMTray.exeC:\toshiba\ivp\ism\pinger.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Java\jre1.5.0_07\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\COMODO\SafeSurf\cssurf.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\COMODO\Firewall\cfp.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Washer\washer.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\WINDOWS\System32\msiexec.exeC:\Program Files\Java\jre1.5.0_07\bin\jucheck.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\3.bin\ASKSBAR.DLLO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\3.bin\ASKSBAR.DLLO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXEO4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exeO4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exeO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -sO4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -hO4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Death Rider"O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cabO20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe--End of file - 9069 bytes Link to post Share on other sites
Andro1d Posted September 3, 2008 Report Share Posted September 3, 2008 Hello,Can you please post the log from F-Secure if you have it saved.If you do not, then please post the MBAM and SUPER AS logs. Link to post Share on other sites
stain Posted September 3, 2008 Author Report Share Posted September 3, 2008 Hello,Can you please post the log from F-Secure if you have it saved.If you do not, then please post the MBAM and SUPER AS logs.Sure thing.StatisticsScanned: * Files: 50341 * System: 4168 * Not scanned: 67 Actions: * Disinfected: 0 * Renamed: 0 * Deleted: 0 * None: 0 * Submitted: 0 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\WINDOWS\$NTUNINSTALLKB835732$\CALLCONT.DLL * C:\WINDOWS\$NTUNINSTALLKB835732$\GDI32.DLL * C:\WINDOWS\$NTUNINSTALLKB835732$\H323.TSP * C:\WINDOWS\$NTUNINSTALLKB835732$\H323MSP.DLL * C:\WINDOWS\$NTUNINSTALLKB835732$\HELPCTR.EXE * C:\WINDOWS\$NTUNINSTALLKB835732$\IPNATHLP.DLL * C:\WINDOWS\$NTUNINSTALLKB835732$\LSASRV.DLL * C:\WINDOWS\$NTUNINSTALLKB835732$\MF3216.DLL * C:\WINDOWS\$NTUNINSTALLKB835732$\MSASN1.DLL * C:\WINDOWS\$NTUNINSTALLKB835732$\MSGINA.DLL * C:\WINDOWS\$NTUNINSTALLKB835732$\MST120.DLL * C:\WINDOWS\$NTUNINSTALLKB835732$\NETAPI32.DLL * C:\WINDOWS\$NTUNINSTALLKB835732$\NMCOM.DLL * C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL * C:\WINDOWS\$NTUNINSTALLKB835732$\SCHANNEL.DLL * C:\WINDOWS\$NTUNINSTALLKB830680$\KEYMGR.DLL * C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL * C:\WINDOWS\$NTUNINSTALLKB828035$\WKSSVC.DLL * C:\WINDOWS\$NTUNINSTALLKB828028$\MSASN1.DLL * C:\WINDOWS\$NTUNINSTALLKB828012$\NTKRNLMP.EXE * C:\WINDOWS\$NTUNINSTALLKB828012$\NTKRNLPA.EXE * C:\WINDOWS\$NTUNINSTALLKB828012$\NTKRPAMP.EXE * C:\WINDOWS\$NTUNINSTALLKB828012$\NTOSKRNL.EXE * C:\WINDOWS\$NTUNINSTALLKB826939$\ACCWIZ.EXE * C:\WINDOWS\$NTUNINSTALLKB826939$\CRYPT32.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\CRYPTSVC.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\HH.EXE * C:\WINDOWS\$NTUNINSTALLKB826939$\HHCTRL.OCX * C:\WINDOWS\$NTUNINSTALLKB826939$\HHSETUP.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\HTML32.CNV * C:\WINDOWS\$NTUNINSTALLKB826939$\ITSS.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\LOCATOR.EXE * C:\WINDOWS\$NTUNINSTALLKB826939$\MAGNIFY.EXE * C:\WINDOWS\$NTUNINSTALLKB826939$\MIGWIZ.EXE * C:\WINDOWS\$NTUNINSTALLKB826939$\MRXSMB.SYS * C:\WINDOWS\$NTUNINSTALLKB826939$\NARRATOR.EXE * C:\WINDOWS\$NTUNINSTALLKB826939$\NEWDEV.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\NTDLL.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\NTKRNLPA.EXE * C:\WINDOWS\$NTUNINSTALLKB826939$\NTOSKRNL.EXE * C:\WINDOWS\$NTUNINSTALLKB826939$\OLE32.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\OSK.EXE * C:\WINDOWS\$NTUNINSTALLKB826939$\PCHSHELL.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\RASPPTP.SYS * C:\WINDOWS\$NTUNINSTALLKB826939$\RPCRT4.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\RPCSS.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\SHDOCVW.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\SHELL32.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\SHMEDIA.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\SRRSTR.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\SRV.SYS * C:\WINDOWS\$NTUNINSTALLKB826939$\URLMON.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\WINSRV.DLL * C:\WINDOWS\$NTUNINSTALLKB826939$\ZIPFLDR.DLL * C:\WINDOWS\$NTUNINSTALLKB824141$\USER32.DLL * C:\WINDOWS\$NTUNINSTALLKB824141$\WIN32K.SYS * C:\DOCUMENTS AND SETTINGS\DEATH RIDER.RAZER\LOCAL SETTINGS\TEMP\ME_FCJWLIXMLXH * C:\DOCUMENTS AND SETTINGS\DEATH RIDER.RAZER\LOCAL SETTINGS\TEMP\ME_LVUINJYQ2GU76SX * C:\DOCUMENTS AND SETTINGS\DEATH RIDER.RAZER\LOCAL SETTINGS\TEMP\ME_RSTGPTHTVVNNXB6 * C:\DOCUMENTS AND SETTINGS\DEATH RIDER.RAZER\LOCAL SETTINGS\TEMP\ME_WBFGRL4HRVTR8SC Link to post Share on other sites
Andro1d Posted September 3, 2008 Report Share Posted September 3, 2008 Hey,Well I am not seeing anything malicous, how is everything running? Link to post Share on other sites
stain Posted September 11, 2008 Author Report Share Posted September 11, 2008 LOL, sorry it took so long to reply. been occupied with finding work. yeah everything seem to be in order now. feel better now that i have protection on my laptop. Just glad that I didn't get as badly as infected as my desktop. Link to post Share on other sites
Andro1d Posted September 11, 2008 Report Share Posted September 11, 2008 Nice job your log looks clean!Please use the following suggestions to help prevent reinfection.Also, you may delete any tools I had you download during the cleaning process.System Restore maintains a backup of your programs and may also backup infections, so please reset it to make a clean Restore Point.Please do this:On the Desktop, right-click My Computer > click Properties > click the System Restore tab.Check Turn off System Restore.Click Apply > a window will pop up and ask if you really want to turn it off > click Yes.Please wait a few moments to let it clear.Now please remove the check from Turn off System Restore.Click Apply, and then click OK.System Restore will be working again and will have a new Restore Point.The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. As a note, all of the tools and utilities mentioned are either free or have free versions available.Malwarebytes' Anti-Malware - A very powerful tool which searches and kills malware that infects your system. **Tutorial on installing & using this product can be found HERE**SpywareBlaster - Great prevention tool to keep malware from installing on your system.**Tutorial on installing & using this product can be found HERE**SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.**Tutorial on installing & using this product can be found HERE**ZonedOut - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.It is important to run only one of each type of protection program in resident mode at a time since conflicts can make them less effective. This would mean only one resident antivirus, firewall and scanning type of anti-spyware. Programs like SpywareBlaster and IE-Spyads do not conflict with any of these since they don't have a real time scanning engine that would conflict.Windows Updates - It is highly recommended to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.It is also highly recommended to stay on top of your updates at all times, for Windows and all the above mentioned applications. This will ensure that you stay protected at the maximum level possible.Finally, I strongly recommend How did I get infected in the first place? (by Tony Klein)Good luck and safe surfing Link to post Share on other sites
Andro1d Posted September 14, 2008 Report Share Posted September 14, 2008 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts