Internet Browsers acting up (want to shoot them)

PaulPool

PaulPool

New Member
All of my internet browsers have been acting up as of late. I keep reinstalling them to be able to work.

Firefox would sometimes only give me the crash error and I can't open it at all.

At one point I was not able to log in anywhere on any website with either firefox or IE. For some reason everytime I clicked "sign in" or pressed enter, it would freeze up.

Also Firefox has been insanely slow. I mean really slow. At first it was hogging up 99% cpu (again). I fixed that. I undid all the changes I made it before that sped it up, reinstalled it, retweaked it from the About:Config, and it was still sloooooow. And it's not even using much CPU now. Also it seems to run slow and then at random points load a lot in a couple seconds then go back to slow again. I tried setting it to above normal priority in the CAD processes list and no change.

I've tried uninstalling programs running malwarebytes, ccleaner, Auslogics Registry cleaner and the Registry and Disk defragger, I have Boostspeed as well. I turned off all the start up processes I could see that weren't needed. I ran windows update.

Both browsers in general have been going slow, but esspecally firefox. At one point I had to download Chrome becuase Firefox wasn't working and IE is ungainly.

Possibly related:

When I click "Windows Update" from my control pannel, I get an error "Windows Canno find '(null)'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start Button, and then click Search" Also a blank IE page opens. I have automatic updates turned on.

I have the suspicion that something is wrong with my computer, a broken file or something. Help please?
 
I have been having problems with firefox of late (see my thread) I am going to start using Chrome for a while and see how I get on with that.
If I get the same sort of problems I guess I can rule out the browser itself.

I suspect it may be plugings or scripts which is the cause but I will see how it goes using Chrome.
 
I tried disabling almost every extension and plug-in, that seemed to very slightly increase speed, but there is still something wrong. The CPU is low when I'm using it. Like I said I think the issue is somewhere in my computer.

I've unchecked Services and Startup services that aren't needed as well. I see a page with only the word "Null" when firefox restores my tabs.
 
Last edited:
Can you post a hijackthis log so we can see if its malware related?

Hello, please download and post a log with HiJackThis.

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
No problem, I already have HighjackThis installed. ;) Also now that I think about it, Some kind of Antivirus 2010, or windows Security 2010, you know what kind I'm talking about, shows you fake scans and blocks you from running malware or CTRL+ALT+DELETE or right clicking, that kinda thing, had gotten onto my computer a while back. It was a new one, 2010 not 2009, and a pain to get off. I was finally able to restore to earlier that week, and that's when the problems started, but I thought I had gotten rid of it all.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:10 PM, on 3/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Auslogics BoostSpeed] C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe
O4 - HKUS\S-1-5-20\..\Run: [velomaruvi] Rundll32.exe "C:\WINDOWS\system32\najebofi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192989359741
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 4640 bytes
 
Since you say you were infected with antivirus 2010 go ahead and run combofix.



Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
I have combofix already on here as well, haha. (from a while back when I had a problem.)

Alright I will do that, in the meantime I just wanted to comment that I noticed every time when Firefox was running slow, I put my mouse over the boostspeed in the system tray, and it shows my Internet traffic really low, like 0.1 kb, or nothing, and then jumps to like 50kb or .1mb when firefox speeds up.
 
You must download the new version of combofix as it is updated daily. The old version you have will want to be updated anyway.
 
Alrighty downloaded the new one.

ComboFix 10-03-26.02 - Owner 03/26/2010 21:59:07.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.227 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\dmhuuh
c:\documents and settings\Owner\Local Settings\Application Data\dmhuuh\pvvksftav.exe
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\hack
c:\windows\system32\hack\OEMLINK\OEM1.reg
c:\windows\system32\hack\OEMLINK\OEM2.reg
c:\windows\system32\hack\OEMLINK\OEM3.reg
c:\windows\system32\kernel1.exe
c:\windows\system32\sstray.exe

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-27 00:26 . 2010-03-27 00:28 -------- dc-h--w- c:\windows\ie8
2010-03-24 19:26 . 2010-03-24 19:26 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-03-24 04:37 . 2010-03-24 04:37 -------- d-----w- C:\found.000
2010-03-19 21:14 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-18 01:47 . 2010-03-18 01:47 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-18 01:47 . 2010-03-18 01:47 -------- d-----w- c:\program files\Bonjour
2010-03-18 01:46 . 2010-03-18 01:46 -------- d-----w- c:\program files\Super Smash Flash EXE
2010-03-18 01:46 . 2010-03-18 01:46 -------- d-----w- c:\program files\Artoonix
2010-03-18 01:44 . 2010-03-18 01:44 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-03-17 13:16 . 2010-03-18 01:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\rasole64
2010-03-16 20:39 . 2010-03-17 10:55 0 ----a-w- c:\windows\Ezovageqewipez.bin
2010-03-16 20:39 . 2010-03-18 01:06 120 ----a-w- c:\windows\Xbocinixigotan.dat
2010-03-16 20:39 . 2010-03-18 01:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{6DD9279C-E19C-4848-8EA6-CE44AEF9E731}
2010-03-16 05:48 . 2010-03-16 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-03-16 05:47 . 2010-03-18 01:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2010-03-16 05:46 . 2010-03-16 05:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit
2010-03-16 05:46 . 2010-03-18 01:42 -------- d-----w- c:\program files\Vuze_Remote
2010-03-09 03:02 . 2010-03-18 01:44 -------- d-----w- c:\program files\Common Files\DVDVideoSoft(2)
2010-03-04 17:41 . 2010-03-04 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-02-28 22:17 . 2010-02-28 22:17 -------- d-----w- C:\4b4a7f8f092bf7b8934af643
2010-02-28 18:55 . 2010-02-28 23:05 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2010-02-28 18:55 . 2010-02-28 18:55 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-02-28 18:55 . 2010-02-28 18:55 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-02-28 18:55 . 2010-02-28 18:55 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-02-28 18:52 . 2010-02-28 18:52 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2010-02-28 18:52 . 2010-02-28 18:52 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-02-28 18:52 . 2010-02-28 18:52 -------- d-----w- c:\documents and settings\HelpAssistant\dwhelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 02:06 . 2009-09-23 20:20 -------- d-----w- c:\program files\Common Files\Akamai
2010-03-24 19:26 . 2009-10-20 21:59 -------- d-----w- c:\program files\AIM
2010-03-23 20:27 . 2007-10-21 20:37 33390 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-03-19 21:40 . 2007-10-21 20:37 82088 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-19 21:28 . 2007-10-25 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-03-18 02:46 . 2003-01-03 13:40 -------- d-----w- c:\program files\Microsoft Works
2010-03-18 02:44 . 2009-02-01 01:03 -------- d-----w- c:\program files\MSBuild
2010-03-18 02:42 . 2010-02-16 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-18 02:27 . 2009-06-16 04:47 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-03-18 01:59 . 2009-05-25 18:54 -------- d-----w- c:\program files\CCleaner
2010-03-18 01:56 . 2009-10-12 03:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 01:52 . 2010-03-18 01:52 4530 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-18 01:44 . 2009-10-07 19:25 -------- d-----w- c:\program files\DVDVideoSoft
2010-03-18 01:30 . 2007-11-17 03:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-04 19:01 . 2009-12-10 16:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics
2010-03-04 18:35 . 2009-12-10 16:32 -------- d-----w- c:\program files\Auslogics
2010-03-02 21:33 . 2007-10-21 18:45 -------- d-----w- c:\program files\Lx_cats
2010-02-16 08:23 . 2010-02-16 08:23 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-06 00:20 . 2009-12-09 18:13 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 20:07 . 2009-11-12 20:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 20:07 . 2009-11-12 20:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2003-01-03 11:41 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"Auslogics BoostSpeed"="c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe" [2009-03-16 362096]
"Auslogics BoostSpeed 4"="c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe" [2009-03-16 362096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-08-20 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-06 21:21 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2004-05-18 02:30 543232 ----a-w- c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2004-08-24 17:16 61440 ----a-w- c:\program files\Lexmark 6200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2004-08-24 18:26 299008 -c--a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 17:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe]
2004-08-20 11:30 188416 ----a-w- c:\program files\Lexmark 6200 Series\lxbumon.exE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-03-03 17:29 2904064 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-05 00:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2004-03-03 17:29 46080 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2004-03-03 17:29 782336 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
2003-09-19 17:09 36864 ----a-w- c:\windows\ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-03-11 23:18 135168 -c--a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Schedule"=2 (0x2)
"ATTRcAppSvc"=3 (0x3)
"aawservice"=2 (0x2)
"xmlprov"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"VSS"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"usprserv"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"TermService"=2 (0x2)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"NVSvc"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"lxbu_device"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=2 (0x2)
"EventSystem"=3 (0x3)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"bmwebcfg"=2 (0x2)
"BITS"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"nTuneService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\lxbucoms.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"6243:TCP"= 6243:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"5723:TCP"= 5723:TCP:Services
"5037:TCP"= 5037:TCP:Services
"8574:TCP"= 8574:TCP:Services
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1/3/2003 7:41 AM 14336]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [6/27/2007 11:41 AM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [6/27/2007 11:42 AM 73856]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/15/2009 12:56 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ujeraeka.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-Desktop Software - c:\program files\ComcastUI\Universal Installer\uinstaller.exe
MSConfigStartUp-Google Update - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MSConfigStartUp-nForce Tray Options - sstray.exe
MSConfigStartUp-Universal Installer - c:\program files\ComcastUI\Universal Installer\uinstaller.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-26 22:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: KERNEL1.EXE catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8481A808]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> 0x8481a808
\Driver\atapi -> atapi.sys @ 0xf73f6852
IoDeviceObjectType -> DeleteProcedure -> KERNEL1.EXE @ 0x805e6686
ParseProcedure -> KERNEL1.EXE @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> KERNEL1.EXE @ 0x805e6686
ParseProcedure -> KERNEL1.EXE @ 0x8057b6b1
NDIS: NVIDIA nForce MCP Networking Controller -> SendCompleteHandler -> 0x844e7330
PacketIndicateHandler -> NDIS.sys @ 0xf730fa21
SendHandler -> NDIS.sys @ 0xf72ed87b
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
Completion time: 2010-03-26 22:09:56
ComboFix-quarantined-files.txt 2010-03-27 02:09
ComboFix2.txt 2009-02-03 16:56
ComboFix3.txt 2009-02-02 02:05

Pre-Run: 123,733,524,480 bytes free
Post-Run: 131,716,562,944 bytes free

- - End Of File - - 993F15EAA2AAA5D5633D3F72E92FB398


=====================================================================================

When I ran HijackThis again almost immediately I got the message

Please help us improve HijackThis by reporting this error

Click 'Yes' to submit

Error details:

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=shell)
Error #5 - Invalid procedure call or argument

Windows version: Windows NT 5.01.2600
MSIE version 9.06001.18702
HijackThis version 2.0.2

Anyway, Firefox seems to be running blazing fast again the way it was before! Windows error update is gone again. And internet traffic seems to be up.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:48 PM, on 3/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Auslogics BoostSpeed] C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192989359741
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 4393 bytes
 
Last edited:
Move the combofix file to the desktop.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
FILE::
c:\windows\Ezovageqewipez.bin
c:\windows\Xbocinixigotan.dat



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
Still working fast. On a side note, related to me restore; I've had this problem before. I would uninstall a program, and then restore to a point before I had the program installed. It's no longer available on my computer, but in the All Programs and Add/Remove list it still shows up, and I can't uninstall it becuase it says it doesn't exist, which it doesn't, but is still listed. I do not for the life of me remember how that was fixed before, it was a long time ago. Just wondering if you knew what to do.

ComboFix 10-03-26.02 - Owner 03/26/2010 22:36:03.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.154 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\My Documents\Downloads\CFScript.txt

FILE ::
"c:\windows\Ezovageqewipez.bin"
"c:\windows\Xbocinixigotan.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Ezovageqewipez.bin
c:\windows\Xbocinixigotan.dat

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-27 00:26 . 2010-03-27 00:28 -------- dc-h--w- c:\windows\ie8
2010-03-24 19:26 . 2010-03-24 19:26 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-03-24 04:37 . 2010-03-24 04:37 -------- d-----w- C:\found.000
2010-03-19 21:14 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-18 01:47 . 2010-03-18 01:47 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-18 01:47 . 2010-03-18 01:47 -------- d-----w- c:\program files\Bonjour
2010-03-18 01:46 . 2010-03-18 01:46 -------- d-----w- c:\program files\Super Smash Flash EXE
2010-03-18 01:46 . 2010-03-18 01:46 -------- d-----w- c:\program files\Artoonix
2010-03-18 01:44 . 2010-03-18 01:44 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-03-17 13:16 . 2010-03-18 01:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\rasole64
2010-03-16 20:39 . 2010-03-18 01:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{6DD9279C-E19C-4848-8EA6-CE44AEF9E731}
2010-03-16 05:48 . 2010-03-16 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-03-16 05:47 . 2010-03-18 01:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2010-03-16 05:46 . 2010-03-16 05:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit
2010-03-16 05:46 . 2010-03-18 01:42 -------- d-----w- c:\program files\Vuze_Remote
2010-03-09 03:02 . 2010-03-18 01:44 -------- d-----w- c:\program files\Common Files\DVDVideoSoft(2)
2010-03-04 17:41 . 2010-03-04 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-02-28 22:17 . 2010-02-28 22:17 -------- d-----w- C:\4b4a7f8f092bf7b8934af643
2010-02-28 18:55 . 2010-02-28 23:05 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2010-02-28 18:55 . 2010-02-28 18:55 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-02-28 18:55 . 2010-02-28 18:55 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-02-28 18:55 . 2010-02-28 18:55 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-02-28 18:52 . 2010-02-28 18:52 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2010-02-28 18:52 . 2010-02-28 18:52 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-02-28 18:52 . 2010-02-28 18:52 -------- d-----w- c:\documents and settings\HelpAssistant\dwhelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 02:30 . 2009-09-23 20:20 -------- d-----w- c:\program files\Common Files\Akamai
2010-03-24 19:26 . 2009-10-20 21:59 -------- d-----w- c:\program files\AIM
2010-03-23 20:27 . 2007-10-21 20:37 33390 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-03-19 21:40 . 2007-10-21 20:37 82088 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-19 21:28 . 2007-10-25 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-03-18 02:46 . 2003-01-03 13:40 -------- d-----w- c:\program files\Microsoft Works
2010-03-18 02:44 . 2009-02-01 01:03 -------- d-----w- c:\program files\MSBuild
2010-03-18 02:42 . 2010-02-16 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-18 02:27 . 2009-06-16 04:47 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-03-18 01:59 . 2009-05-25 18:54 -------- d-----w- c:\program files\CCleaner
2010-03-18 01:56 . 2009-10-12 03:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 01:52 . 2010-03-18 01:52 4530 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-18 01:44 . 2009-10-07 19:25 -------- d-----w- c:\program files\DVDVideoSoft
2010-03-18 01:30 . 2007-11-17 03:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-04 19:01 . 2009-12-10 16:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics
2010-03-04 18:35 . 2009-12-10 16:32 -------- d-----w- c:\program files\Auslogics
2010-03-02 21:33 . 2007-10-21 18:45 -------- d-----w- c:\program files\Lx_cats
2010-02-16 08:23 . 2010-02-16 08:23 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-06 00:20 . 2009-12-09 18:13 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 20:07 . 2009-11-12 20:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 20:07 . 2009-11-12 20:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2003-01-03 11:41 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"Auslogics BoostSpeed"="c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe" [2009-03-16 362096]
"Auslogics BoostSpeed 4"="c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe" [2009-03-16 362096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-08-20 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-06 21:21 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2004-05-18 02:30 543232 ----a-w- c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2004-08-24 17:16 61440 ----a-w- c:\program files\Lexmark 6200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2004-08-24 18:26 299008 -c--a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 17:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe]
2004-08-20 11:30 188416 ----a-w- c:\program files\Lexmark 6200 Series\lxbumon.exE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-03-03 17:29 2904064 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-05 00:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2004-03-03 17:29 46080 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2004-03-03 17:29 782336 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
2003-09-19 17:09 36864 ----a-w- c:\windows\ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-03-11 23:18 135168 -c--a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Schedule"=2 (0x2)
"ATTRcAppSvc"=3 (0x3)
"aawservice"=2 (0x2)
"xmlprov"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"VSS"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"usprserv"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"TermService"=2 (0x2)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"NVSvc"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"lxbu_device"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=2 (0x2)
"EventSystem"=3 (0x3)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"bmwebcfg"=2 (0x2)
"BITS"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"nTuneService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\lxbucoms.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"6243:TCP"= 6243:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"5723:TCP"= 5723:TCP:Services
"5037:TCP"= 5037:TCP:Services
"8574:TCP"= 8574:TCP:Services
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [6/27/2007 11:41 AM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [6/27/2007 11:42 AM 73856]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/15/2009 12:56 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ujeraeka.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-26 22:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: KERNEL1.EXE catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8481A808]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> 0x8481a808
\Driver\atapi -> atapi.sys @ 0xf73f6852
IoDeviceObjectType -> DeleteProcedure -> KERNEL1.EXE @ 0x805e6686
ParseProcedure -> KERNEL1.EXE @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> KERNEL1.EXE @ 0x805e6686
ParseProcedure -> KERNEL1.EXE @ 0x8057b6b1
NDIS: NVIDIA nForce MCP Networking Controller -> SendCompleteHandler -> 0x844e7330
PacketIndicateHandler -> NDIS.sys @ 0xf730fa21
SendHandler -> NDIS.sys @ 0xf72ed87b
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
Completion time: 2010-03-26 22:44:17
ComboFix-quarantined-files.txt 2010-03-27 02:44
ComboFix2.txt 2010-03-27 02:09
ComboFix3.txt 2009-02-03 16:56
ComboFix4.txt 2009-02-02 02:05

Pre-Run: 131,785,420,800 bytes free
Post-Run: 131,744,059,392 bytes free

- - End Of File - - DCF3F16EB658BE766B063665E5765D51
 
You have leftover entries in the registry that make it look like its still installed. If you feel comfortable editing the registry then you can go in there and search for that program and delete all entries that it finds pertaining to that program. Or you can actually use hijackthis to delete the entry in the list, however the bad entries will still be listed in the registry.
 
You must log in or register to reply here.
Back
Top