The computer is running fine now. I appreciate the help very much. I have a small question though...
When I was using the Trial Version of Norton Ghost, it tried to back everything up but was unable to due to 'Low Disk Space'. Whenever I turn on the computer, a little bubble on the toolbar reminds me saying there's low disc space on Drive D. Should I get rid of the program and the 'backup' or just leave it?
Either way, here's the requested log.
_______________________________________
____
ComboFix 09-04-19.05 - Blake 04/19/2009 15:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.522 [GMT -4:00]
Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Blake\Desktop\CFScript.txt
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled*
* Created a new restore point
FILE ::
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\ccAlert.dll
c:\program files\Common Files\Symantec Shared\ccApp.exe
c:\program files\Common Files\Symantec Shared\ccDec.dll
c:\program files\Common Files\Symantec Shared\ccEmlPxy.dll
c:\program files\Common Files\Symantec Shared\ccErrDsp.dll
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccGSE.dll
c:\program files\Common Files\Symantec Shared\ccInst.dll
c:\program files\Common Files\Symantec Shared\ccL30.dll
c:\program files\Common Files\Symantec Shared\ccL35.dll
c:\program files\Common Files\Symantec Shared\ccLgView.exe
c:\program files\Common Files\Symantec Shared\ccLogin.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
c:\program files\Common Files\Symantec Shared\ccProd.dll
c:\program files\Common Files\Symantec Shared\ccProSub.dll
c:\program files\Common Files\Symantec Shared\ccPwd.dll
c:\program files\Common Files\Symantec Shared\ccPwdSvc.exe
c:\program files\Common Files\Symantec Shared\ccScan.dll
c:\program files\Common Files\Symantec Shared\ccSet.dll
c:\program files\Common Files\Symantec Shared\ccSetEvt.dll
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccVrTrst.dll
c:\program files\Common Files\Symantec Shared\ccWebWnd.dll
c:\program files\Common Files\Symantec Shared\CfgWiz.tlb
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll
c:\program files\Common Files\Symantec Shared\Decomposers\DecSDK.dll
c:\program files\Common Files\Symantec Shared\DefUtDCD.dll
c:\program files\Common Files\Symantec Shared\ecmldr32.DLL
c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.CHM
c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.chw
c:\program files\Common Files\Symantec Shared\Help\CPDDRM00.chm
c:\program files\Common Files\Symantec Shared\Help\CPDDRM01.chm
c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
c:\program files\Common Files\Symantec Shared\IraLsClt.dll
c:\program files\Common Files\Symantec Shared\LiveReg\Catalog.LiveSubscribe
c:\program files\Common Files\Symantec Shared\LiveReg\Defaults.lvr
c:\program files\Common Files\Symantec Shared\LiveReg\iraDefA2.dll
c:\program files\Common Files\Symantec Shared\LiveReg\IraLrShl.exe
c:\program files\Common Files\Symantec Shared\LiveReg\IraLsCl2.dll
c:\program files\Common Files\Symantec Shared\LiveReg\iraLSUI.dll
c:\program files\Common Files\Symantec Shared\LiveReg\IraVcLc3.dll
c:\program files\Common Files\Symantec Shared\LiveReg\IraVcObj.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LRCtrl.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LRRes.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LSCtrl.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LSPlugin.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LSSupCtl.dll
c:\program files\Common Files\Symantec Shared\LiveReg\symcsub.exe
c:\program files\Common Files\Symantec Shared\LiveReg\VcClnUp.exe
c:\program files\Common Files\Symantec Shared\LiveReg\VcSetup.exe
c:\program files\Common Files\Symantec Shared\NMain.exe
c:\program files\Common Files\Symantec Shared\SLTCHK01.dll
c:\program files\Common Files\Symantec Shared\Symdlbrg.dll
c:\program files\Common Files\Symantec Shared\SymLTCOM.dll
c:\program files\Common Files\Symantec Shared\SymUIAx2.ocx
c:\windows\system32\ofotahih.ini
.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.
2009-04-19 14:14 . 2009-04-19 14:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 03:30 . 2009-04-19 03:30 -------- d-----w c:\documents and settings\Blake\Application Data\Malwarebytes
2009-04-19 03:30 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-19 03:30 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 03:30 . 2009-04-19 03:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-19 03:30 . 2009-04-19 03:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 01:30 . 2009-04-19 01:30 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-19 01:30 . 2009-04-19 01:30 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-19 01:30 . 2009-04-19 01:30 -------- d-----w c:\documents and settings\Blake\Application Data\SUPERAntiSpyware.com
2009-04-19 01:30 . 2009-04-19 01:30 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-15 21:24 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 21:24 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 21:24 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 21:24 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 21:24 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 21:24 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 21:24 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 21:24 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 21:24 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 21:24 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 21:23 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 21:23 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 21:23 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-03-25 23:15 . 2009-03-25 23:15 -------- d-----w c:\program files\7-Zip
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 19:55 . 2008-04-26 00:53 -------- d-----w c:\program files\Steam
2009-04-19 14:14 . 2006-08-09 12:32 -------- d-----w c:\program files\Java
2009-04-19 03:48 . 2006-08-09 12:51 -------- d-----w c:\program files\Trend Micro
2009-04-19 01:22 . 2008-05-17 02:57 -------- d-----w c:\program files\CCleaner
2009-04-19 01:03 . 2008-08-08 20:05 -------- d-----w c:\program files\テイルズ オブ ヴェスペリア
2009-04-19 00:59 . 2007-07-16 20:06 -------- d-----w c:\program files\LimeWire
2009-04-19 00:57 . 2006-08-09 12:47 -------- d-----w c:\program files\WildTangent
2009-04-19 00:56 . 2006-08-09 12:43 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-18 03:49 . 2006-08-09 12:53 -------- d-----w c:\program files\Google
2009-04-17 19:31 . 2009-03-18 00:08 -------- d-----w c:\program files\Lx_cats
2009-04-15 19:31 . 2009-03-22 20:17 600 ----a-w C:\lxcc.log
2009-04-13 00:09 . 2009-02-16 22:33 -------- d-----w c:\documents and settings\Blake\Application Data\U3
2009-04-12 22:28 . 2009-03-19 21:34 2100 ----a-w C:\lxccscan.log
2009-03-23 00:44 . 2006-08-27 23:30 3766 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-19 23:12 . 2006-08-17 20:04 54944 ----a-w c:\documents and settings\Blake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 23:10 . 2008-05-31 20:37 -------- d-----w c:\program files\Windows Live
2009-03-19 23:09 . 2009-03-19 23:09 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-19 23:07 . 2009-03-19 23:07 -------- d-----w c:\program files\Microsoft
2009-03-19 23:07 . 2009-03-19 23:07 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-19 23:03 . 2009-03-19 23:03 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-18 22:58 . 2009-03-18 22:58 -------- d-----w c:\documents and settings\Blake\Application Data\FaxCtr
2009-03-18 00:17 . 2009-03-18 00:12 -------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-03-18 00:11 . 2009-03-18 00:09 -------- d-----w c:\program files\Lexmark Fax Solutions
2009-03-18 00:10 . 2009-03-18 00:10 -------- d-----w c:\documents and settings\All Users\Application Data\FaxCtr
2009-03-18 00:09 . 2009-03-18 00:09 -------- d-----w c:\program files\Lexmark_3300 Series
2009-03-18 00:09 . 2009-03-18 00:06 -------- d-----w c:\program files\Lexmark 3300 Series
2009-03-18 00:08 . 2009-03-18 00:06 517 ----a-w C:\LXCCINST.csv
2009-03-18 00:06 . 2009-03-18 00:06 242 ----a-w C:\CDFE.log
2009-03-18 00:06 . 2009-03-18 00:06 0 ----a-w C:\lxccfire.csv
2009-03-08 21:47 . 2009-03-08 21:47 -------- d-----w c:\program files\Enterbrain
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-08-09 12:33 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2006-10-17 17:04 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 01:43 . 2008-11-13 18:13 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-20 10:20 . 2007-05-09 20:20 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 08:26 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 08:25 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 . 2004-08-10 17:51 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 17:51 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-10 17:51 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 17:50 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-10-15 19:44 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 17:51 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-10-15 19:44 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 23:02 . 2004-08-04 03:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-10 17:51 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-15 19:44 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2004-08-10 17:51 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 19:44 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2004-08-10 17:51 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-10-15 19:44 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 17:51 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-13 18:25 . 2008-11-13 18:25 123408 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-04-08 21:41 . 2008-04-08 21:41 128 ----a-w c:\documents and settings\Blake\Local Settings\Application Data\fusioncache.dat
2009-01-18 03:40 . 2009-01-18 03:40 69120 --sha-w c:\windows\system32\bayopuge.dll.tmp
2009-01-18 03:40 . 2009-01-18 03:40 69120 --sha-w c:\windows\system32\napigowu.dll.tmp
2009-01-18 03:40 . 2009-01-18 03:40 69120 --sha-w c:\windows\system32\suvopomu.dll.tmp
2008-10-06 00:21 . 2008-10-06 00:21 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100520081006\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-19_19.11.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 19:52 . 2009-04-19 19:52 16384 c:\windows\temp\Perflib_Perfdata_278.dat
+ 2004-08-10 17:51 . 2009-04-19 19:57 72134 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2009-04-19 19:11 72134 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2009-04-19 19:57 443034 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2009-04-19 19:11 443034 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-12-18 3321856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-09 169984]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SAClient"="c:\program files\Insight\BBClient\Programs\RegCon.exe" [2004-11-17 299008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
c:\documents and settings\Blake\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-6-1 947544]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-9 24576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\WINDOWS\\system32\\lxcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccPSWX.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2008-11-26 36368]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bungie.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\j8ej9k22.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bungie.net/
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-19 15:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16?
?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4254542993-1360710644-2665431577-1006\Software\SecuROM\License information*]
"datasecu"=hex:58,53,1e,b2,99,18,a0,24,08,d1,48,05,90,2f,a5,8a,20,e4,e7,01,a8,
02,09,96,c5,19,b7,e1,7a,1b,66,9e,0a,fc,b9,ce,c3,12,49,fe,3d,b4,89,a4,4b,f8,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\gearsec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\windows\system32\lxcccoms.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-19 16:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 20:00
ComboFix2.txt 2009-04-19 19:14
Pre-Run: 10,781,216,768 bytes free
Post-Run: 10,766,270,464 bytes free
367 --- E O F --- 2009-04-19 03:46