We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Spyware infection!!!
Comments
-
Ok - registry fixes can be dangerous which is why I have asked your to back yours up.
I provide this fix to you as is - It is up to to decide if to continue it. All I would say is that Malware bytes did not remove reset the entry.
if you wish to continue
We need to preform operations on your registry.- Please open Notepad by opening a run prompt and typing in "notepad" and pressing enter, or navigating to Start -> Accessories -> Notepad.
- Copy the text in the codebox below by selecting all of it and going to Edit -> Copy, or by pressing <Control> + C.
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll"
- Return to notepad and paste the text in by going to Edit -> Paste or pressing <Control>+V.
- Save the file to your desktop as "fix.reg" (including quotes)
Note: You must include the quotes! - Double click the "fix.reg" file we created earlier on your desktop.
- Accept (Press Yes) to any prompts you receive.
Important - reboot your machine and post another rsit log0 -
Is this program a bit risky to run...just want to know if i could get rid of AVG and install some other anti virus tool.0
-
Evening if you get rid of avg the file - karna.dat will still be there.
I have built in as many safeguards as I can - still it's over to you.0 -
Finished running the "fix.reg", after rebooting and here is the resit.log
Part 1 of 2.....
Logfile of random's system information tool 1.04 (written by random/random)
Run by SAM at 2008-11-01 23:08:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 46 GB (61%) free of 76 GB
Total RAM: 510 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:23, on 01/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\SAM\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\SAM.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - !!3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8946 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Norton Security Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\!!3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-27 455960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-27 2055960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-11-21 399424]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
!!2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar5.dll [2007-01-19 2403392]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-27 2055960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-11-17 1077327]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-10-30 192512]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-10-28 88363]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-01-21 675840]
""= []
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2004-11-29 53248]
"TOSHIBA Accessibility"=C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe [2004-12-07 24576]
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-12-23 28672]
"SVPWUTIL"=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2005-02-25 65536]
"Zooming"=C:\WINDOWS\system32\ZoomingHook.exe [2004-07-14 24576]
"TCtryIOHook"=C:\WINDOWS\system32\TCtrlIOHook.exe [2005-02-16 28672]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-01-21 266240]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2004-11-15 118784]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2004-11-12 73728]
"NDSTray.exe"=NDSTray.exe []
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-01-14 122939]
"TFncKy"=TFncKy.exe []
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-02-22 339968]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"CFSServ.exe"=CFSServ.exe -NoClient []
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-10 185896]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-27 1234712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-03-02 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe [2005-12-08 3096576]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-04 68856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"C:\Program Files\NetMeter\NetMeter.exe"=C:\Program Files\NetMeter\NetMeter.exe [2004-03-04 266240]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Documents and Settings\SAM\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-02-23 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"0 -
Part 2 of 2...resit file
======List of files/folders created in the last 1 months======
2008-11-01 18:09:16 ----D---- C:\WINDOWS\ERDNT
2008-11-01 18:08:36 ----D---- C:\Program Files\ERUNT
2008-10-30 22:12:34 ----D---- C:\rsit
2008-10-29 23:09:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-27 21:59:38 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-27 21:59:01 ----D---- C:\Program Files\AVG
2008-10-27 21:12:37 ----D---- C:\WINDOWS\Prefetch
2008-10-27 21:10:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-27 21:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-27 21:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-27 21:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-27 21:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-27 21:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-27 21:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-27 21:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-27 21:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-27 21:09:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-27 21:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-27 21:09:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-27 21:08:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-27 21:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-27 21:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-27 21:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-27 21:04:36 ----D---- C:\WINDOWS\system32\scripting
2008-10-27 21:04:34 ----D---- C:\WINDOWS\l2schemas
2008-10-27 21:04:33 ----D---- C:\WINDOWS\system32\en
2008-10-27 21:04:33 ----D---- C:\WINDOWS\system32\bits
2008-10-27 21:04:33 ----D---- C:\Program Files\msn
2008-10-27 21:01:52 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-27 20:54:43 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-27 20:54:40 ----D---- C:\WINDOWS\EHome
2008-10-25 10:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-21 22:57:56 ----D---- C:\Program Files\Trend Micro
2008-10-21 22:25:22 ----D---- C:\Documents and Settings\SAM\Application Data\Malwarebytes
2008-10-21 22:25:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-21 22:25:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 21:39:26 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-16 19:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-16 19:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 19:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-16 18:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-16 18:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-16 18:58:01 ----A---- C:\WINDOWS\system32\MRT.INI
2008-10-16 18:30:56 ----D---- C:\Documents and Settings\SAM\Application Data\AVGTOOLBAR
2008-10-16 18:30:34 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
======List of files/folders modified in the last 1 months======
2008-11-01 23:08:22 ----D---- C:\WINDOWS\Temp
2008-11-01 21:07:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 18:09:16 ----D---- C:\WINDOWS
2008-11-01 18:08:36 ----RD---- C:\Program Files
2008-10-29 23:09:36 ----HD---- C:\WINDOWS\inf
2008-10-29 23:09:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-29 23:09:31 ----D---- C:\WINDOWS\system32
2008-10-29 20:26:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-29 20:26:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-27 21:59:37 ----D---- C:\WINDOWS\system32\drivers
2008-10-27 21:58:53 ----SHD---- C:\WINDOWS\Installer
2008-10-27 21:15:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-27 21:13:21 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-27 21:12:41 ----A---- C:\WINDOWS\setuplog.txt
2008-10-27 21:12:05 ----D---- C:\WINDOWS\system32\wbem
2008-10-27 21:12:05 ----D---- C:\WINDOWS\system32\Setup
2008-10-27 21:12:05 ----D---- C:\WINDOWS\AppPatch
2008-10-27 21:12:05 ----D---- C:\Program Files\Messenger
2008-10-27 21:12:03 ----RSD---- C:\WINDOWS\Fonts
2008-10-27 21:10:20 ----A---- C:\WINDOWS\imsins.BAK
2008-10-27 21:10:18 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-27 21:08:19 ----D---- C:\WINDOWS\security
2008-10-27 21:05:03 ----D---- C:\WINDOWS\WinSxS
2008-10-27 21:04:55 ----D---- C:\WINDOWS\network diagnostic
2008-10-27 21:04:55 ----D---- C:\WINDOWS\ime
2008-10-27 21:04:54 ----D---- C:\WINDOWS\Help
2008-10-27 21:04:38 ----D---- C:\WINDOWS\system32\usmt
2008-10-27 21:04:38 ----D---- C:\WINDOWS\system32\en-US
2008-10-27 21:04:33 ----D---- C:\WINDOWS\PeerNet
2008-10-27 21:04:32 ----D---- C:\Program Files\Movie Maker
2008-10-27 21:01:46 ----D---- C:\WINDOWS\system32\Restore
2008-10-27 21:01:46 ----D---- C:\WINDOWS\system32\npp
2008-10-27 21:01:44 ----D---- C:\WINDOWS\msagent
2008-10-27 21:01:43 ----D---- C:\WINDOWS\srchasst
2008-10-27 21:01:42 ----D---- C:\Program Files\NetMeeting
2008-10-27 21:01:41 ----D---- C:\WINDOWS\system32\Com
2008-10-27 21:01:38 ----D---- C:\Program Files\Windows Media Player
2008-10-27 21:01:37 ----D---- C:\Program Files\Windows NT
2008-10-27 21:01:37 ----D---- C:\Program Files\Outlook Express
2008-10-27 21:01:33 ----D---- C:\Program Files\Common Files\System
2008-10-27 21:01:17 ----D---- C:\WINDOWS\system32\oobe
2008-10-27 21:01:14 ----D---- C:\WINDOWS\system
2008-10-16 18:59:50 ----D---- C:\Program Files\Internet Explorer
2008-10-16 18:30:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-15 21:25:25 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-15 21:22:49 ----SD---- C:\WINDOWS\Tasks
2008-10-15 21:15:22 ----D---- C:\Program Files\Norton Security Scan
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 23:09:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-14 22:57:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-14 17:37:42 ----D---- C:\Program Files\Common Files
2008-10-07 19:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 17:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-27 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-27 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr; C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 6400]
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-07-29 6400]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-29 6400]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-12-02 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-12-02 23545]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-02-25 8704]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-27 76040]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-12-23 40544]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-01-14 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-01-14 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-01-14 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-01-14 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-01-14 87706]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-01-14 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-01-14 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-01-14 99098]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-01-14 100603]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-28 1270572]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-27 2284864]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-02-23 986624]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-02-11 157056]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-01-08 29184]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
S1 StickyMesger;StickyMesger; \??\C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-22 393600]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-02-23 352256]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-27 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-11-10 36864]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-05 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
EOF
0 -
That got rid of it - update Malwarebytes and run it again.
Looking good thou.0 -
Reluctant spender.....updating malware bytes is by the same procedure you had mentioned earlier....0
-
Sam, what RS means is that, before you run MBAM, be sure to go to the update tab and check for updates immediately before you run the scan......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
-
Reluctant spender...here is the log after running MBAM and sorry for the delay in posting !!
Malwarebytes' Anti-Malware 1.30
Database version: 1401
Windows 5.1.2600 Service Pack 3
15/11/2008 23:35:36
mbam-log-2008-11-15 (23-35-36).txt
Scan type: Quick Scan
Objects scanned: 53927
Time elapsed: 11 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.9K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 242.9K Work, Benefits & Business
- 619.8K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards