Antispyware Soft..

H

Hdk20

New Member
Hello fellow CF members,

I woke up this morning finding my CPU was under control of some "Antispyware Soft" I googled it apprantly it's a rouge.. I tried scanning with Malware, it says it won't open it because the file has been infected and it's asking me to purchase this Antivirus.. I have honestly ran out of ideas.. I tried Safe Mode.. To delete it manually.. But I don't know where the file is exactly located..
 
H

Hdk20

New Member
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/3/2010 4:00:27 PM
mbam-log-2010-05-03 (16-00-27).txt

Scan type: Quick scan
Objects scanned: 111496
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
H

Hdk20

New Member
ComboFix 10-05-03.03 - Administrator 05/03/2010 15:49:31.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2598 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-02 15:46 . 2010-05-02 15:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\gbsoehvmc
2010-04-27 23:57 . 2010-04-27 23:57 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-27 23:57 . 2010-04-27 23:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-27 23:57 . 2010-04-27 23:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-27 23:57 . 2010-04-27 23:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-27 23:57 . 2010-04-27 23:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-27 23:57 . 2010-04-27 23:57 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-27 23:57 . 2010-04-27 23:57 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-27 23:57 . 2010-04-27 23:57 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-27 23:57 . 2010-04-27 23:57 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-27 23:57 . 2010-04-27 23:57 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-11 23:43 . 2010-04-11 23:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Research In Motion
2010-04-11 23:43 . 2006-06-30 21:10 26752 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-04-11 23:43 . 2010-04-11 23:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Blackberry Desktop
2010-04-11 23:42 . 2010-04-11 23:42 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-04-11 23:42 . 2010-04-11 23:42 -------- d-----w- c:\program files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 16:04 . 2009-03-01 23:29 -------- d-----w- c:\program files\LimeWire
2010-05-01 18:48 . 2010-03-24 21:24 41 ----a-w- c:\documents and settings\Administrator\jagex__preferences3.dat
2010-05-01 18:48 . 2008-11-30 22:26 41 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2010-05-01 18:47 . 2009-09-02 17:56 75 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2010-04-27 23:57 . 2009-11-20 20:08 -------- d-----w- c:\program files\Common Files\Real
2010-04-27 23:57 . 2009-11-20 20:08 -------- d-----w- c:\program files\Real
2010-04-19 18:12 . 2010-03-30 18:13 439816 ----a-w- c:\documents and settings\Administrator\Application Data\Real\Update\setup3.10\setup.exe
2010-04-11 23:33 . 2010-03-10 15:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-04-09 20:46 . 2009-09-27 04:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-04-03 20:20 . 2010-03-25 20:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\FrostWire
2010-04-01 00:33 . 2009-01-16 20:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-03-25 20:33 . 2010-03-25 20:33 0 ----a-w- c:\documents and settings\Administrator\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-03-10 15:14 . 2009-03-27 20:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-03-10 15:11 . 2010-03-10 15:11 -------- d-----r- c:\program files\Skype
2010-03-10 15:11 . 2009-03-27 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-10 15:11 . 2010-03-10 15:11 -------- d-----w- c:\program files\Common Files\Skype
2010-03-04 21:54 . 2010-03-04 21:54 50354 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\uninstall.exe
2010-03-04 21:54 . 2010-03-04 21:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Facebook
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
.

------- Sigcheck -------

[-] 2006-12-30 . 504C18ABFB3E6B0B8CACBE0BA3A5C63A . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys

[-] 2006-12-18 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll

[-] 2006-12-18 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll

[-] 2006-12-18 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

[-] 2006-12-18 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2006-12-18 19:03 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\es.dll

[-] 2006-12-18 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\system32\kernel32.dll

[-] 2006-12-18 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll

[-] 2006-12-18 . 3A84E5BB38BFBAD368F23171FC635B12 . 3131392 . . [6.00.2900.3020] . . c:\windows\system32\mshtml.dll
[-] 2006-12-18 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\XPize\Backup\mshtml.dll

[-] 2006-12-18 . 34CABA7B91DD6A9208A5A612F87D05A6 . 2135552 . . [5.1.2600.2622] . . c:\windows\system32\ntoskrnl.exe

[-] 2006-12-18 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

[-] 2006-12-18 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll

[-] 2006-12-18 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\system32\wininet.dll

[-] 2004-08-04 . 9BE29C2873DF44DD301EC57EEE9A6440 . 949760 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\XPize\Backup\explorer.exe


[-] 2004-08-04 . DE8FA9CF18F95341079C7E6A215C226A . 30208 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\XPize\Backup\ctfmon.exe


[-] 2006-12-19 03:58 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

[-] 2006-12-18 . 2B6DCEB39E160AA37B141E59C81B2427 . 2015232 . . [5.1.2600.2622] . . c:\windows\system32\ntkrnlpa.exe

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-06-05_21.26.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 02:54 . 2009-07-12 02:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 07:07 . 2009-07-12 07:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 07:19 . 2009-07-12 07:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-12 01:41 . 2009-07-12 01:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2010-05-03 20:45 . 2010-05-03 20:45 16384 c:\windows\Temp\Perflib_Perfdata_98.dat
+ 2010-05-03 20:45 . 2010-05-03 20:45 16384 c:\windows\Temp\Perflib_Perfdata_380.dat
- 2009-06-05 21:26 . 2009-06-05 21:26 53248 c:\windows\Temp\catchme.dll
+ 2010-05-03 20:51 . 2010-05-03 20:51 53248 c:\windows\Temp\catchme.dll
+ 2009-06-28 19:52 . 2006-12-19 03:05 87040 c:\windows\system32\wiafbdrv.dll
+ 2009-06-28 19:53 . 2002-05-14 21:50 11264 c:\windows\system32\spool\prtprocs\w32x86\wfxprint2000.dll
+ 2009-06-28 19:52 . 2003-07-29 09:45 78336 c:\windows\system32\spool\prtprocs\w32x86\LXBRPP5C.DLL
+ 2009-06-28 19:52 . 2002-11-13 14:40 40960 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\lxbrvs.dll
+ 2009-06-28 19:52 . 2003-09-04 04:02 49152 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRUNRS.DLL
+ 2009-06-28 19:52 . 2003-09-04 03:53 50176 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRUI5C.DLL
+ 2009-06-28 19:52 . 2003-09-04 01:30 73728 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\lxbrpwr.dll
+ 2009-06-28 19:52 . 2003-07-29 09:45 78336 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRPP5C.DLL
+ 2009-06-28 19:52 . 2003-06-30 14:57 73728 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRJSWX.EXE
+ 2009-06-28 19:52 . 2003-09-04 03:52 87040 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRDR5C.DLL
+ 2009-06-28 19:51 . 2003-09-04 03:56 49152 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\lxbrcoin.dll
+ 2009-06-28 19:51 . 2003-09-04 03:56 57344 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\lxbrcinf.dll
+ 2009-06-28 19:52 . 2002-05-09 14:25 24576 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\lexgo.EXE
+ 2009-06-28 19:52 . 1996-09-01 10:19 73856 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\HLP256.DLL
+ 2009-06-28 19:52 . 2002-11-13 14:40 40960 c:\windows\system32\spool\drivers\w32x86\3\lxbrvs.dll
+ 2009-06-28 19:52 . 2003-09-04 04:02 49152 c:\windows\system32\spool\drivers\w32x86\3\LXBRUNRS.DLL
+ 2009-06-28 19:52 . 2003-09-04 03:53 50176 c:\windows\system32\spool\drivers\w32x86\3\LXBRUI5C.DLL
+ 2009-06-28 19:52 . 2003-09-04 01:30 73728 c:\windows\system32\spool\drivers\w32x86\3\lxbrpwr.dll
+ 2009-06-28 19:52 . 2003-07-29 09:45 78336 c:\windows\system32\spool\drivers\w32x86\3\LXBRPP5C.DLL
+ 2009-06-28 19:52 . 2003-06-30 14:57 73728 c:\windows\system32\spool\drivers\w32x86\3\LXBRJSWX.EXE
+ 2009-06-28 19:52 . 2003-09-04 03:52 87040 c:\windows\system32\spool\drivers\w32x86\3\LXBRDR5C.DLL
+ 2009-06-28 19:51 . 2003-09-04 03:56 49152 c:\windows\system32\spool\drivers\w32x86\3\lxbrcoin.dll
+ 2009-06-28 19:51 . 2003-09-04 03:56 57344 c:\windows\system32\spool\drivers\w32x86\3\lxbrcinf.dll
+ 2009-06-28 19:52 . 2002-05-09 14:25 24576 c:\windows\system32\spool\drivers\w32x86\3\lexgo.EXE
+ 2009-06-28 19:52 . 1996-09-01 10:19 73856 c:\windows\system32\spool\drivers\w32x86\3\HLP256.DLL
+ 2009-07-26 21:44 . 2009-07-26 21:44 48448 c:\windows\system32\sirenacm.dll
+ 2010-04-11 23:43 . 2006-06-30 21:10 26752 c:\windows\system32\ReinstallBackups\0001\DriverFiles\RimSerial.sys
- 2004-08-04 10:00 . 2009-03-14 20:12 64024 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2010-03-14 17:04 64024 c:\windows\system32\perfc009.dat
+ 2009-12-07 19:32 . 2009-12-07 19:32 42904 c:\windows\system32\mlfcache.dat
+ 2009-06-28 19:52 . 2002-11-13 14:40 40960 c:\windows\system32\lxbrvs.dll
+ 2009-06-28 19:51 . 2003-09-04 03:56 69632 c:\windows\system32\lxbrscin.dll
+ 2009-06-28 19:52 . 2003-09-04 01:30 73728 c:\windows\system32\lxbrpwr.dll
+ 2009-06-28 19:51 . 2003-09-04 03:56 49152 c:\windows\system32\lxbrcoin.dll
+ 2009-06-28 19:51 . 2003-09-04 03:56 57344 c:\windows\system32\lxbrcinf.dll
+ 2009-09-27 04:17 . 2009-08-29 00:42 40448 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaapl.sys
+ 2009-09-27 04:17 . 2009-08-29 00:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2009-09-27 04:19 . 2009-05-18 19:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2009-06-28 19:52 . 2006-12-19 03:05 15104 c:\windows\system32\drivers\usbscan.sys
+ 2009-09-27 04:17 . 2009-08-29 00:42 40448 c:\windows\system32\drivers\usbaapl.sys
+ 2006-07-13 15:17 . 2006-07-13 15:17 22528 c:\windows\system32\drivers\RimUsb.sys
+ 2009-06-05 21:16 . 2009-08-03 18:36 38160 c:\windows\system32\drivers\mbamswissarmy.sys
- 2009-06-05 21:16 . 2009-05-26 18:19 19096 c:\windows\system32\drivers\mbam.sys
+ 2009-06-05 21:16 . 2009-08-03 18:36 19096 c:\windows\system32\drivers\mbam.sys
+ 2009-09-27 04:19 . 2009-05-18 19:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-12-12 16:11 . 2008-12-12 16:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 16:18 . 2008-12-12 16:18 87336 c:\windows\system32\dns-sd.exe
+ 2009-06-28 19:52 . 2006-12-19 03:05 87040 c:\windows\system32\dllcache\wiafbdrv.dll
+ 2009-06-28 19:52 . 2006-12-19 03:05 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2009-11-19 23:02 . 2009-11-19 23:02 31232 c:\windows\system32\cmdow.exe
+ 2009-06-28 19:54 . 2002-10-30 14:20 21504 c:\windows\LXBRSET.EXE
+ 2009-05-09 00:38 . 2009-05-09 00:38 83456 c:\windows\Installer\fdf5445.msi
+ 2009-05-09 00:38 . 2009-05-09 00:38 59904 c:\windows\Installer\fdf543e.msi
+ 2010-04-27 23:57 . 2010-04-27 23:57 20480 c:\windows\Installer\ea2ebf6.msi
+ 2009-09-27 03:53 . 2009-09-27 03:53 22016 c:\windows\Installer\6a61431.msi
+ 2009-09-27 03:52 . 2009-09-27 03:52 27136 c:\windows\Installer\6a613f8.msi
+ 2009-06-06 17:00 . 2009-06-06 17:00 62464 c:\windows\Installer\20774d.msi
+ 2009-06-28 19:54 . 2009-06-28 19:54 45056 c:\windows\Installer\{D1696920-9794-4BBC-8A30-7A88763DE5A2}\_BB86BFE89996_4EB5_B387_B4EF975DFF29.exe
+ 2009-09-27 03:53 . 2009-09-27 03:53 80395 c:\windows\Installer\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}\MsblIco.Exe
+ 2009-09-27 04:18 . 2009-09-27 04:18 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2009-09-27 03:53 . 2009-09-27 03:53 58945 c:\windows\Installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}\wlmail.exe
+ 2010-04-11 23:43 . 2010-04-11 23:43 26694 c:\windows\Installer\{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2010-04-11 23:43 . 2010-04-11 23:43 26694 c:\windows\Installer\{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2010-04-11 23:43 . 2010-04-11 23:43 26694 c:\windows\Installer\{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2010-04-11 23:43 . 2010-04-11 23:43 26694 c:\windows\Installer\{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2010-04-11 23:43 . 2010-04-11 23:43 26694 c:\windows\Installer\{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2010-04-11 23:43 . 2010-04-11 23:43 26694 c:\windows\Installer\{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2010-04-11 23:43 . 2010-04-11 23:43 26694 c:\windows\Installer\{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2010-04-11 23:43 . 2010-04-11 23:43 65536 c:\windows\Installer\{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}\DesktopMgr.exe
+ 2009-09-27 04:18 . 2009-09-27 04:18 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2008-12-21 20:49 . 2009-08-22 20:21 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
- 2008-12-21 20:49 . 2008-12-21 20:49 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2009-11-22 15:11 . 2009-11-22 15:11 81920 c:\windows\.jagex_cache_32\speccollect\hwinfo.dll
+ 2009-05-24 01:22 . 2010-05-01 18:47 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-05-24 01:22 . 2009-06-05 21:13 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-24 01:22 . 2010-05-01 18:47 94208 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2010-04-12 15:10 . 2010-04-12 15:10 19788 c:\windows\.jagex_cache_32\runescape\game_unpacker.dat
+ 2009-06-06 17:01 . 2009-06-06 17:05 4212 c:\windows\system32\zllictbl.dat
+ 2009-06-28 19:53 . 2002-03-11 22:32 2560 c:\windows\system32\spool\drivers\w32x86\bvrpwf2000.dll
+ 2009-06-28 19:53 . 2002-03-11 22:32 2560 c:\windows\system32\spool\drivers\w32x86\3\BVRPWF2000.DLL
+ 2008-11-29 04:17 . 2010-04-27 23:57 5632 c:\windows\system32\pndx5032.dll
- 2008-11-29 04:17 . 1998-05-13 02:36 5632 c:\windows\system32\pndx5032.dll
- 2008-11-29 04:17 . 1998-03-26 10:57 6656 c:\windows\system32\pndx5016.dll
+ 2008-11-29 04:17 . 2010-04-27 23:57 6656 c:\windows\system32\pndx5016.dll
+ 2010-04-11 23:43 . 2010-04-11 23:43 6502 c:\windows\Installer\{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2010-04-11 23:43 . 2010-04-11 23:43 6502 c:\windows\Installer\{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2010-04-11 23:43 . 2010-04-11 23:43 6502 c:\windows\Installer\{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2009-06-28 19:54 . 2001-03-15 07:06 4608 c:\windows\DelShell.exe
+ 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-12 07:12 . 2009-07-12 07:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 07:09 . 2009-07-12 07:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 07:08 . 2009-07-12 07:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2008-07-29 10:23 . 2008-07-29 10:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll
+ 2008-07-29 10:23 . 2008-07-29 10:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll
+ 2008-07-29 08:51 . 2008-07-29 08:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll
+ 2009-06-28 19:51 . 1997-04-09 01:08 299520 c:\windows\uninst.exe
+ 2009-07-27 21:39 . 2009-07-27 21:39 152904 c:\windows\system32\vghd.scr
+ 2006-12-19 03:05 . 2006-12-19 03:05 619520 c:\windows\system32\spool\drivers\w32x86\unires.dll
+ 2006-12-19 03:05 . 2006-12-19 03:05 197120 c:\windows\system32\spool\drivers\w32x86\unidrvui.dll
+ 2006-12-19 03:05 . 2006-12-19 03:05 264704 c:\windows\system32\spool\drivers\w32x86\unidrv.dll
+ 2009-06-28 19:52 . 2003-03-11 08:40 343086 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\WAVS.EXE
+ 2009-06-28 19:52 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\ptzipw32.dll
+ 2009-06-28 19:51 . 2003-09-04 01:33 352256 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRUTIL.DLL
+ 2009-06-28 19:52 . 2003-09-04 03:55 100864 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRUN5C.EXE
+ 2009-06-28 19:52 . 2003-09-04 03:54 302592 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRSTRN.DLL
+ 2009-06-28 19:52 . 2001-03-28 13:57 245760 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\lxbrsk2.dll
+ 2009-06-28 19:52 . 2001-04-20 14:48 204800 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\lxbrsk1.dll
+ 2009-06-28 19:52 . 2002-04-23 15:29 126976 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\lxbrsk0.dll
+ 2009-06-28 19:52 . 2003-07-29 15:22 122880 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRPSWX.EXE
+ 2009-06-28 19:52 . 2003-09-04 02:32 655360 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRPSWR.DLL
+ 2009-06-28 19:52 . 2003-09-04 01:46 331776 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRPSW.DLL
+ 2009-06-28 19:52 . 2003-09-04 01:51 540672 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRPRP.DLL
+ 2009-06-28 19:52 . 2003-09-04 01:44 897024 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRLPA.DLL
+ 2009-06-28 19:51 . 2003-09-04 02:31 462848 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRJSWR.DLL
+ 2009-06-28 19:52 . 2003-09-04 01:34 122880 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRJSW.DLL
+ 2009-06-28 19:52 . 2003-09-02 09:18 442368 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRICUR.DLL
+ 2009-06-28 19:51 . 2003-01-29 13:11 983121 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRGF.DLL
+ 2009-06-28 19:52 . 2003-09-02 09:10 205312 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRFC5C.DLL
+ 2009-06-28 19:52 . 2003-08-29 13:50 174592 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LEXPPS.EXE
+ 2009-06-28 19:52 . 2003-08-29 13:49 201216 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LEXP2P32.DLL
+ 2009-06-28 19:52 . 2003-08-29 14:20 200192 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\lexlmpm.dll
+ 2009-06-28 19:52 . 2003-09-04 03:45 430080 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\lexedf.dll
+ 2009-06-28 19:52 . 2000-02-09 07:35 170496 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\lexdrvin.exe
+ 2009-06-28 19:52 . 2003-08-29 13:54 307200 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LEXBCES.EXE
+ 2009-06-28 19:52 . 2003-08-29 13:51 147456 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LEXBCE.DLL
+ 2009-06-28 19:52 . 2003-08-29 13:57 197120 c:\windows\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LEX2KUSB.DLL
+ 2009-06-28 19:52 . 2003-03-11 08:40 343086 c:\windows\system32\spool\drivers\w32x86\3\WAVS.EXE
+ 2006-12-19 03:05 . 2006-12-19 03:05 619520 c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2006-12-19 03:05 . 2006-12-19 03:05 197120 c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2006-12-19 03:05 . 2006-12-19 03:05 264704 c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2009-06-28 19:52 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\3\ptzipw32.dll
+ 2009-06-28 19:51 . 2003-09-04 01:33 352256 c:\windows\system32\spool\drivers\w32x86\3\LXBRUTIL.DLL
+ 2009-06-28 19:52 . 2003-09-04 03:55 100864 c:\windows\system32\spool\drivers\w32x86\3\LXBRUN5C.EXE
+ 2009-06-28 19:52 . 2003-09-04 03:54 302592 c:\windows\system32\spool\drivers\w32x86\3\LXBRSTRN.DLL
+ 2009-06-28 19:52 . 2001-03-28 13:57 245760 c:\windows\system32\spool\drivers\w32x86\3\lxbrsk2.dll
+ 2009-06-28 19:52 . 2001-04-20 14:48 204800 c:\windows\system32\spool\drivers\w32x86\3\lxbrsk1.dll
+ 2009-06-28 19:52 . 2002-04-23 15:29 126976 c:\windows\system32\spool\drivers\w32x86\3\lxbrsk0.dll
+ 2009-06-28 19:52 . 2003-07-29 15:22 122880 c:\windows\system32\spool\drivers\w32x86\3\LXBRPSWX.EXE
+ 2009-06-28 19:52 . 2003-09-04 02:32 655360 c:\windows\system32\spool\drivers\w32x86\3\LXBRPSWR.DLL
+ 2009-06-28 19:52 . 2003-09-04 01:46 331776 c:\windows\system32\spool\drivers\w32x86\3\LXBRPSW.DLL
 
H

Hdk20

New Member
+ 2009-06-28 19:52 . 2003-09-04 02:33 2052096 c:\windows\system32\spool\drivers\w32x86\3\LXBRPRPR.DLL
+ 2009-06-28 19:52 . 2003-09-04 02:32 4661248 c:\windows\system32\spool\drivers\w32x86\3\LXBRLPAR.DLL
+ 2009-06-28 19:52 . 2003-09-02 09:35 1175552 c:\windows\system32\spool\drivers\w32x86\3\LXBRCLR4.DLL
+ 2009-06-28 19:52 . 2003-09-02 09:35 3543040 c:\windows\system32\spool\drivers\w32x86\3\LXBRCLR3.DLL
+ 2009-06-28 19:52 . 2003-09-02 09:35 3543040 c:\windows\system32\spool\drivers\w32x86\3\LXBRCLR2.DLL
+ 2009-06-28 19:52 . 2003-09-02 09:35 3543040 c:\windows\system32\spool\drivers\w32x86\3\LXBRCLR1.DLL
+ 2009-09-27 04:17 . 2009-08-29 00:42 2065696 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaaplrc.dll
+ 2009-09-27 04:17 . 2009-08-29 00:42 1417504 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2010-03-10 15:11 . 2010-03-10 15:11 1602048 c:\windows\Installer\e874c09.msi
+ 2008-12-25 18:31 . 2008-12-25 18:31 1295360 c:\windows\Installer\88665.msi
+ 2009-09-27 04:19 . 2009-09-27 04:19 4405248 c:\windows\Installer\6bcb0f0.msi
+ 2009-09-27 04:18 . 2009-09-27 04:18 1659392 c:\windows\Installer\6bcb0ec.msi
+ 2009-09-27 04:18 . 2009-09-27 04:18 9013760 c:\windows\Installer\6bcb0e5.msi
+ 2009-09-27 04:18 . 2009-09-27 04:18 1549312 c:\windows\Installer\6bcaf46.msi
+ 2009-09-27 04:17 . 2009-09-27 04:17 3310592 c:\windows\Installer\6bcaf3f.msi
+ 2008-11-29 04:16 . 2008-11-29 04:16 6068224 c:\windows\Installer\2142898.msi
+ 2008-11-29 04:14 . 2008-11-29 04:14 1067520 c:\windows\Installer\214288c.msi
+ 2008-11-29 04:14 . 2008-11-29 04:14 3504640 c:\windows\Installer\2142877.msi
+ 2008-11-29 04:13 . 2008-11-29 04:13 3317248 c:\windows\Installer\2142870.msi
+ 2008-11-29 04:12 . 2008-11-29 04:12 3815936 c:\windows\Installer\2142862.msi
+ 2008-12-21 23:11 . 2008-12-21 23:11 1880576 c:\windows\Installer\1392e2cc.msi
+ 2009-01-29 19:04 . 2009-01-29 19:04 1479168 c:\windows\Installer\106df676.msi
+ 2002-12-12 01:39 . 2002-12-12 01:39 10995712 c:\windows\Installer\WMEncoder.msi
+ 2010-04-11 23:43 . 2010-04-11 23:43 26143744 c:\windows\Installer\29eb9a23.msi
+ 2008-11-29 05:54 . 2008-11-29 05:54 15044608 c:\windows\Installer\1b5d4d.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-17 24095528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-07 17421824]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"StandardKeyboard"="KBDaemonA.exe" [2004-11-26 57344]
"Lexmark 3100 Series"="c:\program files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 106496]
"LXBRKsk"="c:\progra~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 294912]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-27 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-04 99840]
"_nltide_3"="advpack.dll" [2004-08-04 99840]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-12-18 12451]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.sys

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svqxbwiw]
2010-05-02 15:46 259328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\gbsoehvmc\qvvxteutssd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/22/2009 3:21 PM 24652]
R3 KBNTXP;Standard PS/2 Multi-Keyboard Filter Driver for WinXp;c:\windows\system32\drivers\KBNTXP.sys [3/30/2009 9:01 AM 7296]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
ShellHWDetection
helpsvc
wuauserv
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
Contents of the 'Scheduled Tasks' folder

2010-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-05-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-343818398-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-343818398-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e9n3ee1n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-FrostWire - c:\documents and settings\Administrator\Desktop\FrostWire\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 15:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(312)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-03 15:52:49
ComboFix-quarantined-files.txt 2010-05-03 20:52
ComboFix2.txt 2009-06-05 21:26
ComboFix3.txt 2009-01-16 20:24

Pre-Run: 283,829,268,480 bytes free
Post-Run: 283,815,247,872 bytes free

- - End Of File - - 520DDC2D3F2005826C7BF4D5D94CAFAE
 
johnb35

johnb35

Administrator
Staff member
Can you provide a hijackthis log please.

Hello, please download and post a log with HiJackThis.

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
ganzey

ganzey

banned
duuude...i got this same malware 2 days ago. i just booted in safe mode and then did a system restore. scanned with malarebytes and 0 infections were found
 
K

kerostudos

New Member
use a anti-malware software

dude ,i once met malware, and i googled ,and there are many antimalware to use.AVG, AVAST,but if you want to check others ,there is a pretty new software-IObit security 360:). I used it for a time, I think it can help remove your malware and it is totally free.
here is the download website:
http://majorgeeks.com/IObit_Security_360_d6088.html
 
H

Hdk20

New Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:33 PM, on 5/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\KBDaemonA.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [StandardKeyboard] KBDaemonA.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8862 bytes
 
johnb35

johnb35

Administrator
Staff member
Did you install this program?

O4 - HKLM\..\Run: [StandardKeyboard] KBDaemonA.exe

Some keyboards install it or its actually a keylogger.

I won't post any fixes until i know for sure what that program is.
 
H

Hdk20

New Member
No, I found that very suspicious.. I never saw that in my life to be honest my keyboard is a normal HP keyboard and it never installed that before. Should I remove it?
 
johnb35

johnb35

Administrator
Staff member
Ok, lets do this, please provide an uninstall list using hijackthis. Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save, and save the log, then copy and paste that log back here.
 
H

Hdk20

New Member
ABBYY FineReader 5.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8
Adobe Shockwave Player
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics Disk Defrag
Auslogics Registry Cleaner
AVG Free 9.0
BlackBerry Desktop Software 4.2
BlackBerry Desktop Software 4.2
Bonjour
CCleaner (remove only)
DAMN NFO Viewer Setup
DivX Codec
DivX Converter
DivX Player
DivX Web Player
FaxTools
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
InterActual Player
iTunes
Java(TM) 6 Update 16
Java(TM) SE Runtime Environment 6
Junk Mail filter update
K-Lite Codec Pack 2.81 Full
Lexmark 3100 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix
Microsoft .NET Framework 2.0 with Security Updates
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft LifeCam
Microsoft Office Professional Edition 2003
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.9)
MSVCRT
Nero 7.5.9.0A
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
QuickTime
QuickTime Alternative 1.76
Real Alternative 1.51 Lite
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Segoe UI
Skype™ 4.0
Standard PS/2 Multi-Media Keyboard Driver
TaskSwitchXP
Ulead VideoStudio SE DVD
Unlocker 1.8.5
USB Wireless Keyboard Driver
USB2.0 Capture Device
VC 9.0 Runtime
Viewpoint Media Player
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR archiver
XPize 4.6 Lite BETA 1
 
johnb35

johnb35

Administrator
Staff member
Ok, it seems thats an actual keyboard driver, since it seems you have a multimedia keyboard according to this entry here.

Standard PS/2 Multi-Media Keyboard Driver

However there are some things you need to get rid of. Please uninstall these items from add/remove programs.

Java(TM) 6 Update 16
Java(TM) SE Runtime Environment 6
Viewpoint Media Player

Then go here to download the latest version of Java.

http://www.java.com/en/download/index.jsp

Then rerun hijackthis and place a check next to the following entries.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

Then click on fix checked at the bottom.
 
johnb35

johnb35

Administrator
Staff member
Hdk20 said:
Thanks John, for everything. Now I did what you told me to do, what did it exactly do?
Click to expand...

Sorry, must not have gotten an email that you replied. What I had you do was stop unnecessary programs/entries from starting at bootup which will make your system faster.
 
K

kristain

banned
RE: Antispyware Soft

Download MalwareBytes Anti-malware. Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivirus Soft infection. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected for start Antispyware Soft removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

All the Best
 
You must log in or register to reply here.
Top