Solve : 'Bad Image' problems.?

1.	Solve : 'Bad Image' problems.?
Answer» Whenever I start up the computer or it tries to run a program, before it runs I ALWAYS get a pop-up saying: The application of DLL C:\WINDOWS\system32\vopeside.dll is not a valid Windows image. Please check this against your installation diskette. I'm running Windows XP. It's a Dell Inspiron laptop (if that helps.) I'm attaching the logs and copy and pasting them below. _______________________________________ __________ SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/18/2009 at 11:06 PM Application Version : 4.26.1000 Core RULES Database Version : 3852 Trace Rules Database Version: 1805 Scan type : Complete Scan Total Scan Time : 01:31:10 MEMORY items scanned : 727 Memory threats detected : 0 Registry items scanned : 5993 Registry threats detected : 7 File items scanned : 90275 File threats detected : 45 Unclassified.Unknown Origin HKU\S-1-5-21-4254542993-1360710644-2665431577-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74CD40EA-EF77-4BAD-808A-B5982DA73F20} Adware.Tracking Cookie C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\contim HKLM\SOFTWARE\Microsoft\contim#SysShell HKLM\SOFTWARE\Microsoft\rdfa HKLM\SOFTWARE\Microsoft\rdfa#F HKLM\SOFTWARE\Microsoft\rdfa#N Rogue.Component/Trace HKU\S-1-5-21-4254542993-1360710644-2665431577-1006\Software\Microsoft\FIAS4057 Malware.Installer-Pkg/Gen C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE Adware.Vundo/Variant-EmpiaA C:\WINDOWS\SYSTEM32\DAGIHAMA.DLL C:\WINDOWS\SYSTEM32\FIGOVAFA.DLL C:\WINDOWS\SYSTEM32\HIHATOFO.DLL C:\WINDOWS\SYSTEM32\RETOSETI.DLL Trace.Known Threat Sources C:\Documents and Settings\Blake\Local Settings\Temporary Internet Files\Content.IE5\28XRIA9B\l.s.bg1z[1].gif C:\Documents and Settings\Blake\Local Settings\Temporary Internet Files\Content.IE5\150GXJRB\favicon[2].ico C:\Documents and Settings\Blake\Local Settings\Temporary Internet Files\Content.IE5\WYDP5EX1\l.s.bg2z[1].gif _______________________________________ ________________ Malwarebytes' Anti-Malware 1.36 Database version: 2006 Windows 5.1.2600 Service Pack 3 4/18/2009 11:38:21 PM mbam-log-2009-04-18 (23-38-21).txt Scan type: Quick Scan Objects scanned: 71874 Time elapsed: 6 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 8 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 2 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\migisibi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\smart.dll (Spyware.Agent) -> Delete on reboot. C:\WINDOWS\system32\LoveFly.dll (Spyware.Agent) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ede0037-cb89-48a7-8689-3b8f8a276e0a} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4ede0037-cb89-48a7-8689-3b8f8a276e0a} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Fly (Spyware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Love (Spyware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3cd65faa (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zumorewavi (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\bdir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\bdir\ffmiu (Trojan.Downloader) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\migisibi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ibisigim.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kokihove.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hivopigi.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully. C:\WINDOWS\system32\newoyiju.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smart.dll (Spyware.Agent) -> Delete on reboot. C:\WINDOWS\system32\LoveFly.dll (Spyware.Agent) -> Delete on reboot. C:\WINDOWS\2473343.exe (Rootkit.Agent) -> Quarantined and deleted successfully. _______________________________________ ____ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:55:07 PM, on 4/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\GEARSec.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\Program Files\Lexmark 3300 Series\lxccmon.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\lxcccoms.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bungie.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: 82.98.231.89 url.adtrgt.com O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[emailprotected] O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: RESEARCH - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\suvopomu.dll C:\WINDOWS\system32\vopeside.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 14432 bytes _______________________________________ __ [attachment deleted by ADMIN]Hello drillkid31. Open HijackThis and select Do a system scan only Place a check mark next to the following entries: (if there) O1 - Hosts: 82.98.231.89 url.adtrgt.com O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\suvopomu.dll C:\WINDOWS\system32\vopeside.dll . Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important:** Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixHere's the log. _______________________________________ ComboFix 09-04-19.05 - Blake 04/19/2009 15:03.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.538 [GMT -4:00] Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe AV: Trend Micro PC-cillin Internet Security On-access scanning disabled (Updated) FW: Trend Micro PC-cillin Internet Security (Firewall) disabled * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\1272046.exe c:\windows\22868312.exe c:\windows\system32\disk.dll c:\windows\system32\hanugupi.dll c:\windows\system32\robotihu.dll c:\windows\system32\vopeside.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 ))))))))))))))))))))))))))))))) . 2009-04-19 14:14 . 2009-04-19 14:14410984----a-wc:\windows\system32\deploytk.dll 2009-04-19 03:30 . 2009-04-19 03:30--------d-----wc:\documents and settings\Blake\Application Data\Malwarebytes 2009-04-19 03:30 . 2009-04-06 19:3215504----a-wc:\windows\system32\drivers\mbam.sys 2009-04-19 03:30 . 2009-04-06 19:3238496----a-wc:\windows\system32\drivers\mbamswissarmy.sys 2009-04-19 03:30 . 2009-04-19 03:30--------d-----wc:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-19 03:30 . 2009-04-19 03:30--------d-----wc:\program files\Malwarebytes' Anti-Malware 2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\program files\SUPERAntiSpyware 2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\documents and settings\Blake\Application Data\SUPERAntiSpyware.com 2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\program files\Common Files\Wise Installation Wizard 2009-04-18 03:46 . 2009-04-18 14:331409589--sh--wc:\windows\system32\ofotahih.ini 2009-04-15 21:24 . 2009-03-06 14:22284160------wc:\windows\system32\dllcache\pdh.dll 2009-04-15 21:24 . 2009-02-06 10:3935328------wc:\windows\system32\dllcache\sc.exe 2009-04-15 21:24 . 2009-02-09 12:10473600------wc:\windows\system32\dllcache\fastprox.dll 2009-04-15 21:24 . 2009-02-09 12:10453120------wc:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 21:24 . 2009-02-09 12:10401408------wc:\windows\system32\dllcache\rpcss.dll 2009-04-15 21:24 . 2009-02-06 11:11110592------wc:\windows\system32\dllcache\services.exe 2009-04-15 21:24 . 2009-02-06 10:10227840------wc:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 21:24 . 2009-02-09 12:10729088------wc:\windows\system32\dllcache\lsasrv.dll 2009-04-15 21:24 . 2009-02-09 12:10714752------wc:\windows\system32\dllcache\ntdll.dll 2009-04-15 21:24 . 2009-02-09 12:10617472------wc:\windows\system32\dllcache\advapi32.dll 2009-04-15 21:23 . 2008-05-03 11:552560------wc:\windows\system32\xpsp4res.dll 2009-04-15 21:23 . 2009-03-27 06:581203922------wc:\windows\system32\dllcache\sysmain.sdb 2009-04-15 21:23 . 2008-04-21 12:08215552------wc:\windows\system32\dllcache\wordpad.exe 2009-03-25 23:15 . 2009-03-25 23:15--------d-----wc:\program files\7-Zip 2009-03-21 14:06 . 2009-03-21 14:06989696------wc:\windows\system32\dllcache\kernel32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-19 19:09 . 2008-04-26 00:53--------d-----wc:\program files\Steam 2009-04-19 14:14 . 2006-08-09 12:32--------d-----wc:\program files\Java 2009-04-19 03:48 . 2006-08-09 12:51--------d-----wc:\program files\Trend Micro 2009-04-19 01:22 . 2008-05-17 02:57--------d-----wc:\program files\CCleaner 2009-04-19 01:03 . 2008-08-08 20:05--------d-----wc:\program files\ƒeƒCƒ‹ƒY ƒIƒu ƒ”ƒFƒXƒyƒŠƒA 2009-04-19 00:59 . 2007-07-16 20:06--------d-----wc:\program files\LimeWire 2009-04-19 00:57 . 2006-08-09 12:47--------d-----wc:\program files\WildTangent 2009-04-19 00:56 . 2006-08-09 12:43--------d-----wc:\documents and settings\All Users\Application Data\Viewpoint 2009-04-18 03:49 . 2006-08-09 12:53--------d-----wc:\program files\Google 2009-04-17 19:31 . 2009-03-18 00:08--------d-----wc:\program files\Lx_cats 2009-04-15 19:31 . 2009-03-22 20:17600----a-wC:\lxcc.log 2009-04-13 00:09 . 2009-02-16 22:33--------d-----wc:\documents and settings\Blake\Application Data\U3 2009-04-12 22:28 . 2009-03-19 21:342100----a-wC:\lxccscan.log 2009-03-23 00:44 . 2006-08-27 23:303766--sha-wc:\windows\system32\KGyGaAvL.sys 2009-03-19 23:12 . 2006-08-17 20:0454944----a-wc:\documents and settings\Blake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-19 23:10 . 2008-05-31 20:37--------d-----wc:\program files\Windows Live 2009-03-19 23:09 . 2009-03-19 23:09--------d-----wc:\program files\Microsoft Sync Framework 2009-03-19 23:07 . 2009-03-19 23:07--------d-----wc:\program files\Microsoft 2009-03-19 23:07 . 2009-03-19 23:07--------d-----wc:\program files\Windows Live SkyDrive 2009-03-19 23:03 . 2009-03-19 23:03--------d-----wc:\program files\Common Files\Windows Live 2009-03-18 22:58 . 2009-03-18 22:58--------d-----wc:\documents and settings\Blake\Application Data\FaxCtr 2009-03-18 00:17 . 2009-03-18 00:12--------d-----wc:\program files\Abbyy FineReader 6.0 Sprint 2009-03-18 00:11 . 2009-03-18 00:09--------d-----wc:\program files\Lexmark Fax Solutions 2009-03-18 00:10 . 2009-03-18 00:10--------d-----wc:\documents and settings\All Users\Application Data\FaxCtr 2009-03-18 00:09 . 2009-03-18 00:09--------d-----wc:\program files\Lexmark_3300 Series 2009-03-18 00:09 . 2009-03-18 00:06--------d-----wc:\program files\Lexmark 3300 Series 2009-03-18 00:08 . 2009-03-18 00:06517----a-wC:\LXCCINST.csv 2009-03-18 00:06 . 2009-03-18 00:06242----a-wC:\CDFE.log 2009-03-18 00:06 . 2009-03-18 00:060----a-wC:\lxccfire.csv 2009-03-08 21:47 . 2009-03-08 21:47--------d-----wc:\program files\Enterbrain 2009-03-06 14:22 . 2004-08-10 17:51284160----a-wc:\windows\system32\pdh.dll 2009-03-03 00:18 . 2006-08-09 12:33826368----a-wc:\windows\system32\dllcache\wininet.dll 2009-03-03 00:18 . 2004-08-10 17:51826368----a-wc:\windows\system32\wininet.dll 2009-02-28 04:54 . 2006-10-17 17:04636072------wc:\windows\system32\dllcache\iexplore.exe 2009-02-27 01:43 . 2008-11-13 18:13--------d-----wc:\program files\Microsoft Silverlight 2009-02-20 10:20 . 2007-05-09 20:2013824------wc:\windows\system32\dllcache\ieudinit.exe 2009-02-20 10:20 . 2006-11-07 08:2670656------wc:\windows\system32\dllcache\ie4uinit.exe 2009-02-20 05:14 . 2006-11-07 08:25161792------wc:\windows\system32\dllcache\ieakui.dll 2009-02-09 12:10 . 2004-08-10 17:51729088----a-wc:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-10 17:51401408----a-wc:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2004-08-10 17:51714752----a-wc:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-10 17:50617472----a-wc:\windows\system32\advapi32.dll 2009-02-09 11:13 . 2008-10-15 19:441846784------wc:\windows\system32\dllcache\win32k.sys 2009-02-09 11:13 . 2004-08-10 17:511846784----a-wc:\windows\system32\win32k.sys 2009-02-07 23:02 . 2008-10-15 19:442066048------wc:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-07 23:02 . 2004-08-04 03:592066048----a-wc:\windows\system32\ntkrnlpa.exe 2009-02-06 22:52 . 2009-02-06 22:5249504----a-wc:\windows\system32\sirenacm.dll 2009-02-06 11:11 . 2004-08-10 17:51110592----a-wc:\windows\system32\services.exe 2009-02-06 11:08 . 2008-10-15 19:442189056------wc:\windows\system32\dllcache\ntoskrnl.exe 2009-02-06 11:08 . 2004-08-10 17:512189056----a-wc:\windows\system32\ntoskrnl.exe 2009-02-06 11:06 . 2008-10-15 19:442145280------wc:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-06 10:39 . 2004-08-10 17:5135328----a-wc:\windows\system32\sc.exe 2009-02-06 10:32 . 2008-10-15 19:442023936------wc:\windows\system32\dllcache\ntkrpamp.exe 2009-02-03 19:59 . 2009-02-03 19:5956832------wc:\windows\system32\dllcache\secur32.dll 2009-02-03 19:59 . 2004-08-10 17:5156832----a-wc:\windows\system32\secur32.dll 2008-11-13 18:25 . 2008-11-13 18:25123408----a-wc:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2008-04-08 21:41 . 2008-04-08 21:41128----a-wc:\documents and settings\Blake\Local Settings\Application Data\fusioncache.dat 2009-01-18 03:40 . 2009-01-18 03:4069120--sha-wc:\windows\system32\bayopuge.dll.tmp 2009-01-18 03:40 . 2009-01-18 03:4069120--sha-wc:\windows\system32\napigowu.dll.tmp 2009-01-18 03:40 . 2009-01-18 03:4069120--sha-wc:\windows\system32\suvopomu.dll.tmp 2008-10-06 00:21 . 2008-10-06 00:2132768--sha-wc:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100520081006\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-12-18 3321856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992] "Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696] "pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-09 169984] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 110592] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "SAClient"="c:\program files\Insight\BBClient\Programs\RegCon.exe" [2004-11-17 299008] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] "LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632] "lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\Blake\Start Menu\Programs\Startup\ MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-6-1 947544] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-9 24576] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05356352----a-wc:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"= "c:\\WINDOWS\\system32\\lxcccoms.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccPSWX.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Digital Line Detect\\DLG.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889] R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792] R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944] S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2008-11-26 205328] S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2008-11-26 36368] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bungie.net/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\j8ej9k22.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bungie.net/ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-19 15:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[emailprotected]?? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4254542993-1360710644-2665431577-1006\Software\SecuROM\License information] "datasecu"=hex:58,53,1e,b2,99,18,a0,24,08,d1,48,05,90,2f,a5,8a,20,e4,e7,01,a8, 02,09,96,c5,19,b7,e1,7a,1b,66,9e,0a,fc,b9,ce,c3,12,49,fe,3d,b4,89,a4,4b,f8,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(964) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(5508) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\gearsec.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\program files\Norton Ghost\Agent\VProSvc.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\igfxsrvc.exe c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe c:\windows\system32\lxcccoms.exe c:\windows\system32\wscntfy.exe . *********************************************************************** . Completion time: 2009-04-19 15:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-19 19:14 Pre-Run: 10,861,535,232 bytes free Post-Run: 10,777,190,400 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 299--- E O F ---2009-04-19 03:46 Looks good now. This will just remove the Norton antivirus leftovers. It won't touch the Norton Ghost. Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: File:: c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe Folder:: c:\program files\Common Files\Symantec Shared Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"=- "ccApp"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=- 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze** --- How is the computer running now?The computer is running fine now. I appreciate the help very much. I have a small question though... When I was using the Trial Version of Norton Ghost, it tried to back everything up but was unable to due to 'Low Disk Space'. Whenever I turn on the computer, a little bubble on the toolbar reminds me saying there's low disc space on Drive D. Should I get rid of the program and the 'backup' or just leave it? Either way, here's the requested log. _______________________________________ ____ ComboFix 09-04-19.05 - Blake 04/19/2009 15:49.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.522 [GMT -4:00] Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Blake\Desktop\CFScript.txt AV: Trend Micro PC-cillin Internet Security On-access scanning disabled (Updated) FW: Trend Micro PC-cillin Internet Security (Firewall) disabled * Created a new restore point FILE :: c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\Symantec Shared c:\program files\Common Files\Symantec Shared\ccAlert.dll c:\program files\Common Files\Symantec Shared\ccApp.exe c:\program files\Common Files\Symantec Shared\ccDec.dll c:\program files\Common Files\Symantec Shared\ccEmlPxy.dll c:\program files\Common Files\Symantec Shared\ccErrDsp.dll c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\ccGSE.dll c:\program files\Common Files\Symantec Shared\ccInst.dll c:\program files\Common Files\Symantec Shared\ccL30.dll c:\program files\Common Files\Symantec Shared\ccL35.dll c:\program files\Common Files\Symantec Shared\ccLgView.exe c:\program files\Common Files\Symantec Shared\ccLogin.dll c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.html c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll c:\program files\Common Files\Symantec Shared\ccProd.dll c:\program files\Common Files\Symantec Shared\ccProSub.dll c:\program files\Common Files\Symantec Shared\ccPwd.dll c:\program files\Common Files\Symantec Shared\ccPwdSvc.exe c:\program files\Common Files\Symantec Shared\ccScan.dll c:\program files\Common Files\Symantec Shared\ccSet.dll c:\program files\Common Files\Symantec Shared\ccSetEvt.dll c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccVrTrst.dll c:\program files\Common Files\Symantec Shared\ccWebWnd.dll c:\program files\Common Files\Symantec Shared\CfgWiz.tlb c:\program files\Common Files\Symantec Shared\Decomposers\Dec2.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll c:\program files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll c:\program files\Common Files\Symantec Shared\Decomposers\DecSDK.dll c:\program files\Common Files\Symantec Shared\DefUtDCD.dll c:\program files\Common Files\Symantec Shared\ecmldr32.DLL c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.CHM c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.chw c:\program files\Common Files\Symantec Shared\Help\CPDDRM00.chm c:\program files\Common Files\Symantec Shared\Help\CPDDRM01.chm c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM c:\program files\Common Files\Symantec Shared\IraLsClt.dll c:\program files\Common Files\Symantec Shared\LiveReg\Catalog.LiveSubscribe c:\program files\Common Files\Symantec Shared\LiveReg\Defaults.lvr c:\program files\Common Files\Symantec Shared\LiveReg\iraDefA2.dll c:\program files\Common Files\Symantec Shared\LiveReg\IraLrShl.exe c:\program files\Common Files\Symantec Shared\LiveReg\IraLsCl2.dll c:\program files\Common Files\Symantec Shared\LiveReg\iraLSUI.dll c:\program files\Common Files\Symantec Shared\LiveReg\IraVcLc3.dll c:\program files\Common Files\Symantec Shared\LiveReg\IraVcObj.dll c:\program files\Common Files\Symantec Shared\LiveReg\LRCtrl.dll c:\program files\Common Files\Symantec Shared\LiveReg\LRRes.dll c:\program files\Common Files\Symantec Shared\LiveReg\LSCtrl.dll c:\program files\Common Files\Symantec Shared\LiveReg\LSPlugin.dll c:\program files\Common Files\Symantec Shared\LiveReg\LSSupCtl.dll c:\program files\Common Files\Symantec Shared\LiveReg\symcsub.exe c:\program files\Common Files\Symantec Shared\LiveReg\VcClnUp.exe c:\program files\Common Files\Symantec Shared\LiveReg\VcSetup.exe c:\program files\Common Files\Symantec Shared\NMain.exe c:\program files\Common Files\Symantec Shared\SLTCHK01.dll c:\program files\Common Files\Symantec Shared\Symdlbrg.dll c:\program files\Common Files\Symantec Shared\SymLTCOM.dll c:\program files\Common Files\Symantec Shared\SymUIAx2.ocx c:\windows\system32\ofotahih.ini . ((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 ))))))))))))))))))))))))))))))) . 2009-04-19 14:14 . 2009-04-19 14:14410984----a-wc:\windows\system32\deploytk.dll 2009-04-19 03:30 . 2009-04-19 03:30--------d-----wc:\documents and settings\Blake\Application Data\Malwarebytes 2009-04-19 03:30 . 2009-04-06 19:3215504----a-wc:\windows\system32\drivers\mbam.sys 2009-04-19 03:30 . 2009-04-06 19:3238496----a-wc:\windows\system32\drivers\mbamswissarmy.sys 2009-04-19 03:30 . 2009-04-19 03:30--------d-----wc:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-19 03:30 . 2009-04-19 03:30--------d-----wc:\program files\Malwarebytes' Anti-Malware 2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\program files\SUPERAntiSpyware 2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\documents and settings\Blake\Application Data\SUPERAntiSpyware.com 2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\program files\Common Files\Wise Installation Wizard 2009-04-15 21:24 . 2009-03-06 14:22284160------wc:\windows\system32\dllcache\pdh.dll 2009-04-15 21:24 . 2009-02-06 10:3935328------wc:\windows\system32\dllcache\sc.exe 2009-04-15 21:24 . 2009-02-09 12:10473600------wc:\windows\system32\dllcache\fastprox.dll 2009-04-15 21:24 . 2009-02-09 12:10453120------wc:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 21:24 . 2009-02-09 12:10401408------wc:\windows\system32\dllcache\rpcss.dll 2009-04-15 21:24 . 2009-02-06 11:11110592------wc:\windows\system32\dllcache\services.exe 2009-04-15 21:24 . 2009-02-06 10:10227840------wc:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 21:24 . 2009-02-09 12:10729088------wc:\windows\system32\dllcache\lsasrv.dll 2009-04-15 21:24 . 2009-02-09 12:10714752------wc:\windows\system32\dllcache\ntdll.dll 2009-04-15 21:24 . 2009-02-09 12:10617472------wc:\windows\system32\dllcache\advapi32.dll 2009-04-15 21:23 . 2008-05-03 11:552560------wc:\windows\system32\xpsp4res.dll 2009-04-15 21:23 . 2009-03-27 06:581203922------wc:\windows\system32\dllcache\sysmain.sdb 2009-04-15 21:23 . 2008-04-21 12:08215552------wc:\windows\system32\dllcache\wordpad.exe 2009-03-25 23:15 . 2009-03-25 23:15--------d-----wc:\program files\7-Zip 2009-03-21 14:06 . 2009-03-21 14:06989696------wc:\windows\system32\dllcache\kernel32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-19 19:55 . 2008-04-26 00:53--------d-----wc:\program files\Steam 2009-04-19 14:14 . 2006-08-09 12:32--------d-----wc:\program files\Java 2009-04-19 03:48 . 2006-08-09 12:51--------d-----wc:\program files\Trend Micro 2009-04-19 01:22 . 2008-05-17 02:57--------d-----wc:\program files\CCleaner 2009-04-19 01:03 . 2008-08-08 20:05--------d-----wc:\program files\ƒeƒCƒ‹ƒY ƒIƒu ƒ”ƒFƒXƒyƒŠƒA 2009-04-19 00:59 . 2007-07-16 20:06--------d-----wc:\program files\LimeWire 2009-04-19 00:57 . 2006-08-09 12:47--------d-----wc:\program files\WildTangent 2009-04-19 00:56 . 2006-08-09 12:43--------d-----wc:\documents and settings\All Users\Application Data\Viewpoint 2009-04-18 03:49 . 2006-08-09 12:53--------d-----wc:\program files\Google 2009-04-17 19:31 . 2009-03-18 00:08--------d-----wc:\program files\Lx_cats 2009-04-15 19:31 . 2009-03-22 20:17600----a-wC:\lxcc.log 2009-04-13 00:09 . 2009-02-16 22:33--------d-----wc:\documents and settings\Blake\Application Data\U3 2009-04-12 22:28 . 2009-03-19 21:342100----a-wC:\lxccscan.log 2009-03-23 00:44 . 2006-08-27 23:303766--sha-wc:\windows\system32\KGyGaAvL.sys 2009-03-19 23:12 . 2006-08-17 20:0454944----a-wc:\documents and settings\Blake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-19 23:10 . 2008-05-31 20:37--------d-----wc:\program files\Windows Live 2009-03-19 23:09 . 2009-03-19 23:09--------d-----wc:\program files\Microsoft Sync Framework 2009-03-19 23:07 . 2009-03-19 23:07--------d-----wc:\program files\Microsoft 2009-03-19 23:07 . 2009-03-19 23:07--------d-----wc:\program files\Windows Live SkyDrive 2009-03-19 23:03 . 2009-03-19 23:03--------d-----wc:\program files\Common Files\Windows Live 2009-03-18 22:58 . 2009-03-18 22:58--------d-----wc:\documents and settings\Blake\Application Data\FaxCtr 2009-03-18 00:17 . 2009-03-18 00:12--------d-----wc:\program files\Abbyy FineReader 6.0 Sprint 2009-03-18 00:11 . 2009-03-18 00:09--------d-----wc:\program files\Lexmark Fax Solutions 2009-03-18 00:10 . 2009-03-18 00:10--------d-----wc:\documents and settings\All Users\Application Data\FaxCtr 2009-03-18 00:09 . 2009-03-18 00:09--------d-----wc:\program files\Lexmark_3300 Series 2009-03-18 00:09 . 2009-03-18 00:06--------d-----wc:\program files\Lexmark 3300 Series 2009-03-18 00:08 . 2009-03-18 00:06517----a-wC:\LXCCINST.csv 2009-03-18 00:06 . 2009-03-18 00:06242----a-wC:\CDFE.log 2009-03-18 00:06 . 2009-03-18 00:060----a-wC:\lxccfire.csv 2009-03-08 21:47 . 2009-03-08 21:47--------d-----wc:\program files\Enterbrain 2009-03-06 14:22 . 2004-08-10 17:51284160----a-wc:\windows\system32\pdh.dll 2009-03-03 00:18 . 2006-08-09 12:33826368----a-wc:\windows\system32\dllcache\wininet.dll 2009-03-03 00:18 . 2004-08-10 17:51826368----a-wc:\windows\system32\wininet.dll 2009-02-28 04:54 . 2006-10-17 17:04636072------wc:\windows\system32\dllcache\iexplore.exe 2009-02-27 01:43 . 2008-11-13 18:13--------d-----wc:\program files\Microsoft Silverlight 2009-02-20 10:20 . 2007-05-09 20:2013824------wc:\windows\system32\dllcache\ieudinit.exe 2009-02-20 10:20 . 2006-11-07 08:2670656------wc:\windows\system32\dllcache\ie4uinit.exe 2009-02-20 05:14 . 2006-11-07 08:25161792------wc:\windows\system32\dllcache\ieakui.dll 2009-02-09 12:10 . 2004-08-10 17:51729088----a-wc:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-10 17:51401408----a-wc:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2004-08-10 17:51714752----a-wc:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-10 17:50617472----a-wc:\windows\system32\advapi32.dll 2009-02-09 11:13 . 2008-10-15 19:441846784------wc:\windows\system32\dllcache\win32k.sys 2009-02-09 11:13 . 2004-08-10 17:511846784----a-wc:\windows\system32\win32k.sys 2009-02-07 23:02 . 2008-10-15 19:442066048------wc:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-07 23:02 . 2004-08-04 03:592066048----a-wc:\windows\system32\ntkrnlpa.exe 2009-02-06 22:52 . 2009-02-06 22:5249504----a-wc:\windows\system32\sirenacm.dll 2009-02-06 11:11 . 2004-08-10 17:51110592----a-wc:\windows\system32\services.exe 2009-02-06 11:08 . 2008-10-15 19:442189056------wc:\windows\system32\dllcache\ntoskrnl.exe 2009-02-06 11:08 . 2004-08-10 17:512189056----a-wc:\windows\system32\ntoskrnl.exe 2009-02-06 11:06 . 2008-10-15 19:442145280------wc:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-06 10:39 . 2004-08-10 17:5135328----a-wc:\windows\system32\sc.exe 2009-02-06 10:32 . 2008-10-15 19:442023936------wc:\windows\system32\dllcache\ntkrpamp.exe 2009-02-03 19:59 . 2009-02-03 19:5956832------wc:\windows\system32\dllcache\secur32.dll 2009-02-03 19:59 . 2004-08-10 17:5156832----a-wc:\windows\system32\secur32.dll 2008-11-13 18:25 . 2008-11-13 18:25123408----a-wc:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2008-04-08 21:41 . 2008-04-08 21:41128----a-wc:\documents and settings\Blake\Local Settings\Application Data\fusioncache.dat 2009-01-18 03:40 . 2009-01-18 03:4069120--sha-wc:\windows\system32\bayopuge.dll.tmp 2009-01-18 03:40 . 2009-01-18 03:4069120--sha-wc:\windows\system32\napigowu.dll.tmp 2009-01-18 03:40 . 2009-01-18 03:4069120--sha-wc:\windows\system32\suvopomu.dll.tmp 2008-10-06 00:21 . 2008-10-06 00:2132768--sha-wc:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100520081006\index.dat . ((((((((((((((((((((((((((((( [emailprotected]_19.11.10 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-19 19:52 . 2009-04-19 19:5216384 c:\windows\temp\Perflib_Perfdata_278.dat + 2004-08-10 17:51 . 2009-04-19 19:5772134 c:\windows\system32\perfc009.dat - 2004-08-10 17:51 . 2009-04-19 19:1172134 c:\windows\system32\perfc009.dat + 2004-08-10 17:51 . 2009-04-19 19:57443034 c:\windows\system32\perfh009.dat - 2004-08-10 17:51 . 2009-04-19 19:11443034 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-12-18 3321856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696] "pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-09 169984] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 110592] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "SAClient"="c:\program files\Insight\BBClient\Programs\RegCon.exe" [2004-11-17 299008] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] "LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632] "lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\Blake\Start Menu\Programs\Startup\ MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-6-1 947544] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-9 24576] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05356352----a-wc:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"= "c:\\WINDOWS\\system32\\lxcccoms.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccPSWX.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Digital Line Detect\\DLG.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889] R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792] R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944] S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2008-11-26 205328] S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2008-11-26 36368] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bungie.net/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\j8ej9k22.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bungie.net/ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-19 15:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[emailprotected]?? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4254542993-1360710644-2665431577-1006\Software\SecuROM\License information] "datasecu"=hex:58,53,1e,b2,99,18,a0,24,08,d1,48,05,90,2f,a5,8a,20,e4,e7,01,a8, 02,09,96,c5,19,b7,e1,7a,1b,66,9e,0a,fc,b9,ce,c3,12,49,fe,3d,b4,89,a4,4b,f8,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(960) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(3092) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\gearsec.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\program files\Norton Ghost\Agent\VProSvc.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\igfxsrvc.exe c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe c:\windows\system32\lxcccoms.exe c:\windows\system32\wscntfy.exe . *********************************************************************** . Completion time: 2009-04-19 16:00 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-19 20:00 ComboFix2.txt 2009-04-19 19:14 Pre-Run: 10,781,216,768 bytes free Post-Run: 10,766,270,464 bytes free 367--- E O F ---2009-04-19 03:46Quote When I was using the Trial Version of Norton Ghost, it tried to back everything up but was unable to due to 'Low Disk Space'. Whenever I turn on the computer, a little bubble on the toolbar reminds me saying there's low disc space on Drive D. Should I get rid of the program and the 'backup' or just leave it? Norton/Symantec is not my favorite software. As you notice their software is very RAM intensive and cause many computers more problems than they are worth. Are you looking for just backup files/folders or image the drive? ----- Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. . . The above procedure will: Delete: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . I've no idea about backup files/folders and imaging the drive. I just want to know if there's something about that I can get rid of to improve my comp, and if so how please. Also, thank you very much for the help with fixing my Bad Image problem.If you don't use the Norton Ghost I would uninstall it. I'm sure that would help. StartupLite Download StartupLite by MalwareBytes to your Desktop. Doubleclick StartupLite.exe to launch the program. Ensure the Disable box is checked. Click Continue. A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer. Re-start your computer. . ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start** Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here I would also recommend that you Defrag the computer. There may be a lot of fragmented sections on the drive after cleaning the malware. You can use the built in Windows Defrag by clicking Start > Run and then type in dfrg.msc then click OK. Or use a faster FREE program. Defraggler is very effective and easy to use. Note: Be sure to clean out temp files and restart the computer just before beginning a defrag. Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Before I do that, I have Trend Micro PC-cillin Internet Security. Do I need to mess with that in anyway? And how would I clear out Temp files?Use CCleaner to clean temp files. As long as Trend Micro is turned on and up to date it should be OK.One more thing. I'm about to use CC cleaner, but it has checks in things like MS Paint. Is that bad? Is it going to delete those programs?No it won't delete the program it will just remove any log sthat the programs create. You might want to uncheck Cookies so it doesn't remove your log in information on online forums.

Answer»

Whenever I start up the computer or it tries to run a program, before it runs I ALWAYS get a pop-up saying:
The application of DLL C:\WINDOWS\system32\vopeside.dll is not a valid Windows image. Please check this against your installation diskette.

I'm running Windows XP. It's a Dell Inspiron laptop (if that helps.)

I'm attaching the logs and copy and pasting them below.
_______________________________________ __________
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/18/2009 at 11:06 PM

Application Version : 4.26.1000

Core RULES Database Version : 3852
Trace Rules Database Version: 1805

Scan type : Complete Scan
Total Scan Time : 01:31:10

MEMORY items scanned : 727
Memory threats detected : 0
Registry items scanned : 5993
Registry threats detected : 7
File items scanned : 90275
File threats detected : 45

Unclassified.Unknown Origin
HKU\S-1-5-21-4254542993-1360710644-2665431577-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}

Adware.Tracking Cookie
C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Blake\Cookies\[emailprotected][1].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N

Rogue.Component/Trace
HKU\S-1-5-21-4254542993-1360710644-2665431577-1006\Software\Microsoft\FIAS4057

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Adware.Vundo/Variant-EmpiaA
C:\WINDOWS\SYSTEM32\DAGIHAMA.DLL
C:\WINDOWS\SYSTEM32\FIGOVAFA.DLL
C:\WINDOWS\SYSTEM32\HIHATOFO.DLL
C:\WINDOWS\SYSTEM32\RETOSETI.DLL

Trace.Known Threat Sources
C:\Documents and Settings\Blake\Local Settings\Temporary Internet Files\Content.IE5\28XRIA9B\l.s.bg1z[1].gif
C:\Documents and Settings\Blake\Local Settings\Temporary Internet Files\Content.IE5\150GXJRB\favicon[2].ico
C:\Documents and Settings\Blake\Local Settings\Temporary Internet Files\Content.IE5\WYDP5EX1\l.s.bg2z[1].gif
_______________________________________ ________________
Malwarebytes' Anti-Malware 1.36
Database version: 2006
Windows 5.1.2600 Service Pack 3

4/18/2009 11:38:21 PM
mbam-log-2009-04-18 (23-38-21).txt

Scan type: Quick Scan
Objects scanned: 71874
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\migisibi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\smart.dll (Spyware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\LoveFly.dll (Spyware.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ede0037-cb89-48a7-8689-3b8f8a276e0a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4ede0037-cb89-48a7-8689-3b8f8a276e0a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Fly (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Love (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3cd65faa (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zumorewavi (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\bdir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\bdir\ffmiu (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\migisibi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ibisigim.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kokihove.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hivopigi.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newoyiju.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smart.dll (Spyware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\LoveFly.dll (Spyware.Agent) -> Delete on reboot.
C:\WINDOWS\2473343.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
_______________________________________ ____
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:07 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bungie.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[emailprotected]
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RESEARCH - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\suvopomu.dll C:\WINDOWS\system32\vopeside.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14432 bytes
_______________________________________ __

[attachment deleted by ADMIN]Hello drillkid31.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\suvopomu.dll C:\WINDOWS\system32\vopeside.dll

.
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixHere's the log.
_______________________________________
ComboFix 09-04-19.05 - Blake 04/19/2009 15:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.538 [GMT -4:00]
Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\1272046.exe
c:\windows\22868312.exe
c:\windows\system32\disk.dll
c:\windows\system32\hanugupi.dll
c:\windows\system32\robotihu.dll
c:\windows\system32\vopeside.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-19 14:14 . 2009-04-19 14:14410984----a-wc:\windows\system32\deploytk.dll
2009-04-19 03:30 . 2009-04-19 03:30--------d-----wc:\documents and settings\Blake\Application Data\Malwarebytes
2009-04-19 03:30 . 2009-04-06 19:3215504----a-wc:\windows\system32\drivers\mbam.sys
2009-04-19 03:30 . 2009-04-06 19:3238496----a-wc:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 03:30 . 2009-04-19 03:30--------d-----wc:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-19 03:30 . 2009-04-19 03:30--------d-----wc:\program files\Malwarebytes' Anti-Malware
2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\program files\SUPERAntiSpyware
2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\documents and settings\Blake\Application Data\SUPERAntiSpyware.com
2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\program files\Common Files\Wise Installation Wizard
2009-04-18 03:46 . 2009-04-18 14:331409589--sh--wc:\windows\system32\ofotahih.ini
2009-04-15 21:24 . 2009-03-06 14:22284160------wc:\windows\system32\dllcache\pdh.dll
2009-04-15 21:24 . 2009-02-06 10:3935328------wc:\windows\system32\dllcache\sc.exe
2009-04-15 21:24 . 2009-02-09 12:10473600------wc:\windows\system32\dllcache\fastprox.dll
2009-04-15 21:24 . 2009-02-09 12:10453120------wc:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 21:24 . 2009-02-09 12:10401408------wc:\windows\system32\dllcache\rpcss.dll
2009-04-15 21:24 . 2009-02-06 11:11110592------wc:\windows\system32\dllcache\services.exe
2009-04-15 21:24 . 2009-02-06 10:10227840------wc:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 21:24 . 2009-02-09 12:10729088------wc:\windows\system32\dllcache\lsasrv.dll
2009-04-15 21:24 . 2009-02-09 12:10714752------wc:\windows\system32\dllcache\ntdll.dll
2009-04-15 21:24 . 2009-02-09 12:10617472------wc:\windows\system32\dllcache\advapi32.dll
2009-04-15 21:23 . 2008-05-03 11:552560------wc:\windows\system32\xpsp4res.dll
2009-04-15 21:23 . 2009-03-27 06:581203922------wc:\windows\system32\dllcache\sysmain.sdb
2009-04-15 21:23 . 2008-04-21 12:08215552------wc:\windows\system32\dllcache\wordpad.exe
2009-03-25 23:15 . 2009-03-25 23:15--------d-----wc:\program files\7-Zip
2009-03-21 14:06 . 2009-03-21 14:06989696------wc:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 19:09 . 2008-04-26 00:53--------d-----wc:\program files\Steam
2009-04-19 14:14 . 2006-08-09 12:32--------d-----wc:\program files\Java
2009-04-19 03:48 . 2006-08-09 12:51--------d-----wc:\program files\Trend Micro
2009-04-19 01:22 . 2008-05-17 02:57--------d-----wc:\program files\CCleaner
2009-04-19 01:03 . 2008-08-08 20:05--------d-----wc:\program files\ƒeƒCƒ‹ƒY ƒIƒu ƒ”ƒFƒXƒyƒŠƒA
2009-04-19 00:59 . 2007-07-16 20:06--------d-----wc:\program files\LimeWire
2009-04-19 00:57 . 2006-08-09 12:47--------d-----wc:\program files\WildTangent
2009-04-19 00:56 . 2006-08-09 12:43--------d-----wc:\documents and settings\All Users\Application Data\Viewpoint
2009-04-18 03:49 . 2006-08-09 12:53--------d-----wc:\program files\Google
2009-04-17 19:31 . 2009-03-18 00:08--------d-----wc:\program files\Lx_cats
2009-04-15 19:31 . 2009-03-22 20:17600----a-wC:\lxcc.log
2009-04-13 00:09 . 2009-02-16 22:33--------d-----wc:\documents and settings\Blake\Application Data\U3
2009-04-12 22:28 . 2009-03-19 21:342100----a-wC:\lxccscan.log
2009-03-23 00:44 . 2006-08-27 23:303766--sha-wc:\windows\system32\KGyGaAvL.sys
2009-03-19 23:12 . 2006-08-17 20:0454944----a-wc:\documents and settings\Blake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 23:10 . 2008-05-31 20:37--------d-----wc:\program files\Windows Live
2009-03-19 23:09 . 2009-03-19 23:09--------d-----wc:\program files\Microsoft Sync Framework
2009-03-19 23:07 . 2009-03-19 23:07--------d-----wc:\program files\Microsoft
2009-03-19 23:07 . 2009-03-19 23:07--------d-----wc:\program files\Windows Live SkyDrive
2009-03-19 23:03 . 2009-03-19 23:03--------d-----wc:\program files\Common Files\Windows Live
2009-03-18 22:58 . 2009-03-18 22:58--------d-----wc:\documents and settings\Blake\Application Data\FaxCtr
2009-03-18 00:17 . 2009-03-18 00:12--------d-----wc:\program files\Abbyy FineReader 6.0 Sprint
2009-03-18 00:11 . 2009-03-18 00:09--------d-----wc:\program files\Lexmark Fax Solutions
2009-03-18 00:10 . 2009-03-18 00:10--------d-----wc:\documents and settings\All Users\Application Data\FaxCtr
2009-03-18 00:09 . 2009-03-18 00:09--------d-----wc:\program files\Lexmark_3300 Series
2009-03-18 00:09 . 2009-03-18 00:06--------d-----wc:\program files\Lexmark 3300 Series
2009-03-18 00:08 . 2009-03-18 00:06517----a-wC:\LXCCINST.csv
2009-03-18 00:06 . 2009-03-18 00:06242----a-wC:\CDFE.log
2009-03-18 00:06 . 2009-03-18 00:060----a-wC:\lxccfire.csv
2009-03-08 21:47 . 2009-03-08 21:47--------d-----wc:\program files\Enterbrain
2009-03-06 14:22 . 2004-08-10 17:51284160----a-wc:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-08-09 12:33826368----a-wc:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-10 17:51826368----a-wc:\windows\system32\wininet.dll
2009-02-28 04:54 . 2006-10-17 17:04636072------wc:\windows\system32\dllcache\iexplore.exe
2009-02-27 01:43 . 2008-11-13 18:13--------d-----wc:\program files\Microsoft Silverlight
2009-02-20 10:20 . 2007-05-09 20:2013824------wc:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 08:2670656------wc:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 08:25161792------wc:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 . 2004-08-10 17:51729088----a-wc:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 17:51401408----a-wc:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-10 17:51714752----a-wc:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 17:50617472----a-wc:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-10-15 19:441846784------wc:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 17:511846784----a-wc:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-10-15 19:442066048------wc:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 23:02 . 2004-08-04 03:592066048----a-wc:\windows\system32\ntkrnlpa.exe
2009-02-06 22:52 . 2009-02-06 22:5249504----a-wc:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-10 17:51110592----a-wc:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-15 19:442189056------wc:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2004-08-10 17:512189056----a-wc:\windows\system32\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 19:442145280------wc:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2004-08-10 17:5135328----a-wc:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-10-15 19:442023936------wc:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 19:59 . 2009-02-03 19:5956832------wc:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 17:5156832----a-wc:\windows\system32\secur32.dll
2008-11-13 18:25 . 2008-11-13 18:25123408----a-wc:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-04-08 21:41 . 2008-04-08 21:41128----a-wc:\documents and settings\Blake\Local Settings\Application Data\fusioncache.dat
2009-01-18 03:40 . 2009-01-18 03:4069120--sha-wc:\windows\system32\bayopuge.dll.tmp
2009-01-18 03:40 . 2009-01-18 03:4069120--sha-wc:\windows\system32\napigowu.dll.tmp
2009-01-18 03:40 . 2009-01-18 03:4069120--sha-wc:\windows\system32\suvopomu.dll.tmp
2008-10-06 00:21 . 2008-10-06 00:2132768--sha-wc:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100520081006\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-12-18 3321856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-09 169984]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SAClient"="c:\program files\Insight\BBClient\Programs\RegCon.exe" [2004-11-17 299008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\Blake\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-6-1 947544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-9 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05356352----a-wc:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\WINDOWS\\system32\\lxcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccPSWX.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2008-11-26 36368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bungie.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\j8ej9k22.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bungie.net/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 15:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[emailprotected]??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4254542993-1360710644-2665431577-1006\Software\SecuROM\License information*]
"datasecu"=hex:58,53,1e,b2,99,18,a0,24,08,d1,48,05,90,2f,a5,8a,20,e4,e7,01,a8,
02,09,96,c5,19,b7,e1,7a,1b,66,9e,0a,fc,b9,ce,c3,12,49,fe,3d,b4,89,a4,4b,f8,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(5508)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\gearsec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\windows\system32\lxcccoms.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-19 15:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 19:14

Pre-Run: 10,861,535,232 bytes free
Post-Run: 10,777,190,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

299--- E O F ---2009-04-19 03:46
Looks good now.

This will just remove the Norton antivirus leftovers. It won't touch the Norton Ghost.

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

File::
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

Folder::
c:\program files\Common Files\Symantec Shared

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-
"ccApp"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

---

How is the computer running now?The computer is running fine now. I appreciate the help very much. I have a small question though...

When I was using the Trial Version of Norton Ghost, it tried to back everything up but was unable to due to 'Low Disk Space'. Whenever I turn on the computer, a little bubble on the toolbar reminds me saying there's low disc space on Drive D. Should I get rid of the program and the 'backup' or just leave it?

Either way, here's the requested log.
_______________________________________ ____
ComboFix 09-04-19.05 - Blake 04/19/2009 15:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.522 [GMT -4:00]
Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Blake\Desktop\CFScript.txt
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled*
* Created a new restore point

FILE ::
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\ccAlert.dll
c:\program files\Common Files\Symantec Shared\ccApp.exe
c:\program files\Common Files\Symantec Shared\ccDec.dll
c:\program files\Common Files\Symantec Shared\ccEmlPxy.dll
c:\program files\Common Files\Symantec Shared\ccErrDsp.dll
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccGSE.dll
c:\program files\Common Files\Symantec Shared\ccInst.dll
c:\program files\Common Files\Symantec Shared\ccL30.dll
c:\program files\Common Files\Symantec Shared\ccL35.dll
c:\program files\Common Files\Symantec Shared\ccLgView.exe
c:\program files\Common Files\Symantec Shared\ccLogin.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
c:\program files\Common Files\Symantec Shared\ccProd.dll
c:\program files\Common Files\Symantec Shared\ccProSub.dll
c:\program files\Common Files\Symantec Shared\ccPwd.dll
c:\program files\Common Files\Symantec Shared\ccPwdSvc.exe
c:\program files\Common Files\Symantec Shared\ccScan.dll
c:\program files\Common Files\Symantec Shared\ccSet.dll
c:\program files\Common Files\Symantec Shared\ccSetEvt.dll
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccVrTrst.dll
c:\program files\Common Files\Symantec Shared\ccWebWnd.dll
c:\program files\Common Files\Symantec Shared\CfgWiz.tlb
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll
c:\program files\Common Files\Symantec Shared\Decomposers\DecSDK.dll
c:\program files\Common Files\Symantec Shared\DefUtDCD.dll
c:\program files\Common Files\Symantec Shared\ecmldr32.DLL
c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.CHM
c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.chw
c:\program files\Common Files\Symantec Shared\Help\CPDDRM00.chm
c:\program files\Common Files\Symantec Shared\Help\CPDDRM01.chm
c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
c:\program files\Common Files\Symantec Shared\IraLsClt.dll
c:\program files\Common Files\Symantec Shared\LiveReg\Catalog.LiveSubscribe
c:\program files\Common Files\Symantec Shared\LiveReg\Defaults.lvr
c:\program files\Common Files\Symantec Shared\LiveReg\iraDefA2.dll
c:\program files\Common Files\Symantec Shared\LiveReg\IraLrShl.exe
c:\program files\Common Files\Symantec Shared\LiveReg\IraLsCl2.dll
c:\program files\Common Files\Symantec Shared\LiveReg\iraLSUI.dll
c:\program files\Common Files\Symantec Shared\LiveReg\IraVcLc3.dll
c:\program files\Common Files\Symantec Shared\LiveReg\IraVcObj.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LRCtrl.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LRRes.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LSCtrl.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LSPlugin.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LSSupCtl.dll
c:\program files\Common Files\Symantec Shared\LiveReg\symcsub.exe
c:\program files\Common Files\Symantec Shared\LiveReg\VcClnUp.exe
c:\program files\Common Files\Symantec Shared\LiveReg\VcSetup.exe
c:\program files\Common Files\Symantec Shared\NMain.exe
c:\program files\Common Files\Symantec Shared\SLTCHK01.dll
c:\program files\Common Files\Symantec Shared\Symdlbrg.dll
c:\program files\Common Files\Symantec Shared\SymLTCOM.dll
c:\program files\Common Files\Symantec Shared\SymUIAx2.ocx
c:\windows\system32\ofotahih.ini

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-19 14:14 . 2009-04-19 14:14410984----a-wc:\windows\system32\deploytk.dll
2009-04-19 03:30 . 2009-04-19 03:30--------d-----wc:\documents and settings\Blake\Application Data\Malwarebytes
2009-04-19 03:30 . 2009-04-06 19:3215504----a-wc:\windows\system32\drivers\mbam.sys
2009-04-19 03:30 . 2009-04-06 19:3238496----a-wc:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 03:30 . 2009-04-19 03:30--------d-----wc:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-19 03:30 . 2009-04-19 03:30--------d-----wc:\program files\Malwarebytes' Anti-Malware
2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\program files\SUPERAntiSpyware
2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\documents and settings\Blake\Application Data\SUPERAntiSpyware.com
2009-04-19 01:30 . 2009-04-19 01:30--------d-----wc:\program files\Common Files\Wise Installation Wizard
2009-04-15 21:24 . 2009-03-06 14:22284160------wc:\windows\system32\dllcache\pdh.dll
2009-04-15 21:24 . 2009-02-06 10:3935328------wc:\windows\system32\dllcache\sc.exe
2009-04-15 21:24 . 2009-02-09 12:10473600------wc:\windows\system32\dllcache\fastprox.dll
2009-04-15 21:24 . 2009-02-09 12:10453120------wc:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 21:24 . 2009-02-09 12:10401408------wc:\windows\system32\dllcache\rpcss.dll
2009-04-15 21:24 . 2009-02-06 11:11110592------wc:\windows\system32\dllcache\services.exe
2009-04-15 21:24 . 2009-02-06 10:10227840------wc:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 21:24 . 2009-02-09 12:10729088------wc:\windows\system32\dllcache\lsasrv.dll
2009-04-15 21:24 . 2009-02-09 12:10714752------wc:\windows\system32\dllcache\ntdll.dll
2009-04-15 21:24 . 2009-02-09 12:10617472------wc:\windows\system32\dllcache\advapi32.dll
2009-04-15 21:23 . 2008-05-03 11:552560------wc:\windows\system32\xpsp4res.dll
2009-04-15 21:23 . 2009-03-27 06:581203922------wc:\windows\system32\dllcache\sysmain.sdb
2009-04-15 21:23 . 2008-04-21 12:08215552------wc:\windows\system32\dllcache\wordpad.exe
2009-03-25 23:15 . 2009-03-25 23:15--------d-----wc:\program files\7-Zip
2009-03-21 14:06 . 2009-03-21 14:06989696------wc:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 19:55 . 2008-04-26 00:53--------d-----wc:\program files\Steam
2009-04-19 14:14 . 2006-08-09 12:32--------d-----wc:\program files\Java
2009-04-19 03:48 . 2006-08-09 12:51--------d-----wc:\program files\Trend Micro
2009-04-19 01:22 . 2008-05-17 02:57--------d-----wc:\program files\CCleaner
2009-04-19 01:03 . 2008-08-08 20:05--------d-----wc:\program files\ƒeƒCƒ‹ƒY ƒIƒu ƒ”ƒFƒXƒyƒŠƒA
2009-04-19 00:59 . 2007-07-16 20:06--------d-----wc:\program files\LimeWire
2009-04-19 00:57 . 2006-08-09 12:47--------d-----wc:\program files\WildTangent
2009-04-19 00:56 . 2006-08-09 12:43--------d-----wc:\documents and settings\All Users\Application Data\Viewpoint
2009-04-18 03:49 . 2006-08-09 12:53--------d-----wc:\program files\Google
2009-04-17 19:31 . 2009-03-18 00:08--------d-----wc:\program files\Lx_cats
2009-04-15 19:31 . 2009-03-22 20:17600----a-wC:\lxcc.log
2009-04-13 00:09 . 2009-02-16 22:33--------d-----wc:\documents and settings\Blake\Application Data\U3
2009-04-12 22:28 . 2009-03-19 21:342100----a-wC:\lxccscan.log
2009-03-23 00:44 . 2006-08-27 23:303766--sha-wc:\windows\system32\KGyGaAvL.sys
2009-03-19 23:12 . 2006-08-17 20:0454944----a-wc:\documents and settings\Blake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 23:10 . 2008-05-31 20:37--------d-----wc:\program files\Windows Live
2009-03-19 23:09 . 2009-03-19 23:09--------d-----wc:\program files\Microsoft Sync Framework
2009-03-19 23:07 . 2009-03-19 23:07--------d-----wc:\program files\Microsoft
2009-03-19 23:07 . 2009-03-19 23:07--------d-----wc:\program files\Windows Live SkyDrive
2009-03-19 23:03 . 2009-03-19 23:03--------d-----wc:\program files\Common Files\Windows Live
2009-03-18 22:58 . 2009-03-18 22:58--------d-----wc:\documents and settings\Blake\Application Data\FaxCtr
2009-03-18 00:17 . 2009-03-18 00:12--------d-----wc:\program files\Abbyy FineReader 6.0 Sprint
2009-03-18 00:11 . 2009-03-18 00:09--------d-----wc:\program files\Lexmark Fax Solutions
2009-03-18 00:10 . 2009-03-18 00:10--------d-----wc:\documents and settings\All Users\Application Data\FaxCtr
2009-03-18 00:09 . 2009-03-18 00:09--------d-----wc:\program files\Lexmark_3300 Series
2009-03-18 00:09 . 2009-03-18 00:06--------d-----wc:\program files\Lexmark 3300 Series
2009-03-18 00:08 . 2009-03-18 00:06517----a-wC:\LXCCINST.csv
2009-03-18 00:06 . 2009-03-18 00:06242----a-wC:\CDFE.log
2009-03-18 00:06 . 2009-03-18 00:060----a-wC:\lxccfire.csv
2009-03-08 21:47 . 2009-03-08 21:47--------d-----wc:\program files\Enterbrain
2009-03-06 14:22 . 2004-08-10 17:51284160----a-wc:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-08-09 12:33826368----a-wc:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-10 17:51826368----a-wc:\windows\system32\wininet.dll
2009-02-28 04:54 . 2006-10-17 17:04636072------wc:\windows\system32\dllcache\iexplore.exe
2009-02-27 01:43 . 2008-11-13 18:13--------d-----wc:\program files\Microsoft Silverlight
2009-02-20 10:20 . 2007-05-09 20:2013824------wc:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 08:2670656------wc:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 08:25161792------wc:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 . 2004-08-10 17:51729088----a-wc:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 17:51401408----a-wc:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-10 17:51714752----a-wc:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 17:50617472----a-wc:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-10-15 19:441846784------wc:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 17:511846784----a-wc:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-10-15 19:442066048------wc:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 23:02 . 2004-08-04 03:592066048----a-wc:\windows\system32\ntkrnlpa.exe
2009-02-06 22:52 . 2009-02-06 22:5249504----a-wc:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-10 17:51110592----a-wc:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-15 19:442189056------wc:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2004-08-10 17:512189056----a-wc:\windows\system32\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 19:442145280------wc:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2004-08-10 17:5135328----a-wc:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-10-15 19:442023936------wc:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 19:59 . 2009-02-03 19:5956832------wc:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 17:5156832----a-wc:\windows\system32\secur32.dll
2008-11-13 18:25 . 2008-11-13 18:25123408----a-wc:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-04-08 21:41 . 2008-04-08 21:41128----a-wc:\documents and settings\Blake\Local Settings\Application Data\fusioncache.dat
2009-01-18 03:40 . 2009-01-18 03:4069120--sha-wc:\windows\system32\bayopuge.dll.tmp
2009-01-18 03:40 . 2009-01-18 03:4069120--sha-wc:\windows\system32\napigowu.dll.tmp
2009-01-18 03:40 . 2009-01-18 03:4069120--sha-wc:\windows\system32\suvopomu.dll.tmp
2008-10-06 00:21 . 2008-10-06 00:2132768--sha-wc:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100520081006\index.dat
.

((((((((((((((((((((((((((((( [emailprotected]_19.11.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 19:52 . 2009-04-19 19:5216384 c:\windows\temp\Perflib_Perfdata_278.dat
+ 2004-08-10 17:51 . 2009-04-19 19:5772134 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2009-04-19 19:1172134 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2009-04-19 19:57443034 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2009-04-19 19:11443034 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-12-18 3321856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-09 169984]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SAClient"="c:\program files\Insight\BBClient\Programs\RegCon.exe" [2004-11-17 299008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\Blake\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-6-1 947544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-9 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05356352----a-wc:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\WINDOWS\\system32\\lxcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccPSWX.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2008-11-26 36368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bungie.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\j8ej9k22.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bungie.net/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 15:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[emailprotected]??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4254542993-1360710644-2665431577-1006\Software\SecuROM\License information*]
"datasecu"=hex:58,53,1e,b2,99,18,a0,24,08,d1,48,05,90,2f,a5,8a,20,e4,e7,01,a8,
02,09,96,c5,19,b7,e1,7a,1b,66,9e,0a,fc,b9,ce,c3,12,49,fe,3d,b4,89,a4,4b,f8,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\gearsec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\windows\system32\lxcccoms.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-19 16:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 20:00
ComboFix2.txt 2009-04-19 19:14

Pre-Run: 10,781,216,768 bytes free
Post-Run: 10,766,270,464 bytes free

367--- E O F ---2009-04-19 03:46Quote

When I was using the Trial Version of Norton Ghost, it tried to back everything up but was unable to due to 'Low Disk Space'. Whenever I turn on the computer, a little bubble on the toolbar reminds me saying there's low disc space on Drive D. Should I get rid of the program and the 'backup' or just leave it?

Norton/Symantec is not my favorite software. As you notice their software is very RAM intensive and cause many computers more problems than they are worth.

Are you looking for just backup files/folders or image the drive?

-----

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

.
.
The above procedure will:

Delete: ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
I've no idea about backup files/folders and imaging the drive. I just want to know if there's something about that I can get rid of to improve my comp, and if so how please.

Also, thank you very much for the help with fixing my Bad Image problem.If you don't use the Norton Ghost I would uninstall it. I'm sure that would help.

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.

.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

I would also recommend that you Defrag the computer. There may be a lot of fragmented sections on the drive after cleaning the malware.

You can use the built in Windows Defrag by clicking Start > Run and then type in dfrg.msc then click OK. Or use a faster FREE program. Defraggler is very effective and easy to use.

Note: Be sure to clean out temp files and restart the computer just before beginning a defrag.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Before I do that, I have Trend Micro PC-cillin Internet Security. Do I need to mess with that in anyway?

And how would I clear out Temp files?Use CCleaner to clean temp files.

As long as Trend Micro is turned on and up to date it should be OK.One more thing. I'm about to use CC cleaner, but it has checks in things like MS Paint. Is that bad? Is it going to delete those programs?No it won't delete the program it will just remove any log sthat the programs create. You might want to uncheck Cookies so it doesn't remove your log in information on online forums.

Solve : 'Bad Image' problems.?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment