Computer Hope
Software => Computer viruses and spyware => Topic started by: drillkid31 on April 18, 2009, 10:01:41 PM
-
Whenever I start up the computer or it tries to run a program, before it runs I always get a pop-up saying:
The application of DLL C:\WINDOWS\system32\vopeside.dll is not a valid Windows image. Please check this against your installation diskette.
I'm running Windows XP. It's a Dell Inspiron laptop (if that helps.)
I'm attaching the logs and copy and pasting them below.
_______________________________________ __________
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/18/2009 at 11:06 PM
Application Version : 4.26.1000
Core Rules Database Version : 3852
Trace Rules Database Version: 1805
Scan type : Complete Scan
Total Scan Time : 01:31:10
Memory items scanned : 727
Memory threats detected : 0
Registry items scanned : 5993
Registry threats detected : 7
File items scanned : 90275
File threats detected : 45
Unclassified.Unknown Origin
HKU\S-1-5-21-4254542993-1360710644-2665431577-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}
Adware.Tracking Cookie
C:\Documents and Settings\Blake\Cookies\[email protected][2].txt
C:\Documents and Settings\Blake\Cookies\[email protected][2].txt
C:\Documents and Settings\Blake\Cookies\[email protected][1].txt
C:\Documents and Settings\Blake\Cookies\[email protected][1].txt
C:\Documents and Settings\Blake\Cookies\blake@adrevolver[1].txt
C:\Documents and Settings\Blake\Cookies\blake@atdmt[2].txt
C:\Documents and Settings\Blake\Cookies\[email protected][1].txt
C:\Documents and Settings\Blake\Cookies\blake@specificclick[2].txt
C:\Documents and Settings\Blake\Cookies\blake@partner2profit[1].txt
C:\Documents and Settings\Blake\Cookies\blake@doubleclick[2].txt
C:\Documents and Settings\Blake\Cookies\blake@advertising[1].txt
C:\Documents and Settings\Blake\Cookies\[email protected][2].txt
C:\Documents and Settings\Blake\Cookies\blake@serving-sys[2].txt
C:\Documents and Settings\Blake\Cookies\blake@questionmarket[2].txt
C:\Documents and Settings\Blake\Cookies\[email protected][1].txt
C:\Documents and Settings\Blake\Cookies\[email protected][1].txt
C:\Documents and Settings\Blake\Cookies\[email protected][1].txt
C:\Documents and Settings\Blake\Cookies\blake@2o7[2].txt
C:\Documents and Settings\Blake\Cookies\blake@zedo[1].txt
C:\Documents and Settings\Blake\Cookies\[email protected][1].txt
C:\Documents and Settings\Blake\Cookies\[email protected][2].txt
C:\Documents and Settings\Blake\Cookies\blake@mediaplex[2].txt
C:\Documents and Settings\Blake\Cookies\[email protected][2].txt
C:\Documents and Settings\Blake\Cookies\[email protected][1].txt
C:\Documents and Settings\Blake\Cookies\blake@adlegend[2].txt
C:\Documents and Settings\Blake\Cookies\blake@adecn[1].txt
C:\Documents and Settings\Blake\Cookies\[email protected][1].txt
C:\Documents and Settings\Blake\Cookies\blake@tacoda[1].txt
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N
Rogue.Component/Trace
HKU\S-1-5-21-4254542993-1360710644-2665431577-1006\Software\Microsoft\FIAS4057
Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE
Adware.Vundo/Variant-EmpiaA
C:\WINDOWS\SYSTEM32\DAGIHAMA.DLL
C:\WINDOWS\SYSTEM32\FIGOVAFA.DLL
C:\WINDOWS\SYSTEM32\HIHATOFO.DLL
C:\WINDOWS\SYSTEM32\RETOSETI.DLL
Trace.Known Threat Sources
C:\Documents and Settings\Blake\Local Settings\Temporary Internet Files\Content.IE5\28XRIA9B\l.s.bg1z[1].gif
C:\Documents and Settings\Blake\Local Settings\Temporary Internet Files\Content.IE5\150GXJRB\favicon[2].ico
C:\Documents and Settings\Blake\Local Settings\Temporary Internet Files\Content.IE5\WYDP5EX1\l.s.bg2z[1].gif
_______________________________________ ________________
Malwarebytes' Anti-Malware 1.36
Database version: 2006
Windows 5.1.2600 Service Pack 3
4/18/2009 11:38:21 PM
mbam-log-2009-04-18 (23-38-21).txt
Scan type: Quick Scan
Objects scanned: 71874
Time elapsed: 6 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\migisibi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\smart.dll (Spyware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\LoveFly.dll (Spyware.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ede0037-cb89-48a7-8689-3b8f8a276e0a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4ede0037-cb89-48a7-8689-3b8f8a276e0a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Fly (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Love (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3cd65faa (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zumorewavi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\bdir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\bdir\ffmiu (Trojan.Downloader) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\migisibi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ibisigim.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kokihove.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hivopigi.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newoyiju.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smart.dll (Spyware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\LoveFly.dll (Spyware.Agent) -> Delete on reboot.
C:\WINDOWS\2473343.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
_______________________________________ ____
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:07 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bungie.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! 、uィ罔C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! 、uィ罔C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\suvopomu.dll C:\WINDOWS\system32\vopeside.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 14432 bytes
_______________________________________ __
[attachment deleted by admin]
-
Hello drillkid31.
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
- O1 - Hosts: 82.98.231.89 url.adtrgt.com
- O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
- O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
- O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\suvopomu.dll C:\WINDOWS\system32\vopeside.dll
.
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
----------
Download ComboFixゥ by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
Here's the log.
_______________________________________
ComboFix 09-04-19.05 - Blake 04/19/2009 15:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.538 [GMT -4:00]
Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\1272046.exe
c:\windows\22868312.exe
c:\windows\system32\disk.dll
c:\windows\system32\hanugupi.dll
c:\windows\system32\robotihu.dll
c:\windows\system32\vopeside.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.
2009-04-19 14:14 . 2009-04-19 14:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 03:30 . 2009-04-19 03:30 -------- d-----w c:\documents and settings\Blake\Application Data\Malwarebytes
2009-04-19 03:30 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-19 03:30 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 03:30 . 2009-04-19 03:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-19 03:30 . 2009-04-19 03:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 01:30 . 2009-04-19 01:30 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-19 01:30 . 2009-04-19 01:30 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-19 01:30 . 2009-04-19 01:30 -------- d-----w c:\documents and settings\Blake\Application Data\SUPERAntiSpyware.com
2009-04-19 01:30 . 2009-04-19 01:30 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-18 03:46 . 2009-04-18 14:33 1409589 --sh--w c:\windows\system32\ofotahih.ini
2009-04-15 21:24 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 21:24 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 21:24 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 21:24 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 21:24 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 21:24 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 21:24 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 21:24 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 21:24 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 21:24 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 21:23 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 21:23 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 21:23 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-03-25 23:15 . 2009-03-25 23:15 -------- d-----w c:\program files\7-Zip
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 19:09 . 2008-04-26 00:53 -------- d-----w c:\program files\Steam
2009-04-19 14:14 . 2006-08-09 12:32 -------- d-----w c:\program files\Java
2009-04-19 03:48 . 2006-08-09 12:51 -------- d-----w c:\program files\Trend Micro
2009-04-19 01:22 . 2008-05-17 02:57 -------- d-----w c:\program files\CCleaner
2009-04-19 01:03 . 2008-08-08 20:05 -------- d-----w c:\program files\テイルズ オブ ヴェスペリア
2009-04-19 00:59 . 2007-07-16 20:06 -------- d-----w c:\program files\LimeWire
2009-04-19 00:57 . 2006-08-09 12:47 -------- d-----w c:\program files\WildTangent
2009-04-19 00:56 . 2006-08-09 12:43 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-18 03:49 . 2006-08-09 12:53 -------- d-----w c:\program files\Google
2009-04-17 19:31 . 2009-03-18 00:08 -------- d-----w c:\program files\Lx_cats
2009-04-15 19:31 . 2009-03-22 20:17 600 ----a-w C:\lxcc.log
2009-04-13 00:09 . 2009-02-16 22:33 -------- d-----w c:\documents and settings\Blake\Application Data\U3
2009-04-12 22:28 . 2009-03-19 21:34 2100 ----a-w C:\lxccscan.log
2009-03-23 00:44 . 2006-08-27 23:30 3766 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-19 23:12 . 2006-08-17 20:04 54944 ----a-w c:\documents and settings\Blake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 23:10 . 2008-05-31 20:37 -------- d-----w c:\program files\Windows Live
2009-03-19 23:09 . 2009-03-19 23:09 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-19 23:07 . 2009-03-19 23:07 -------- d-----w c:\program files\Microsoft
2009-03-19 23:07 . 2009-03-19 23:07 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-19 23:03 . 2009-03-19 23:03 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-18 22:58 . 2009-03-18 22:58 -------- d-----w c:\documents and settings\Blake\Application Data\FaxCtr
2009-03-18 00:17 . 2009-03-18 00:12 -------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-03-18 00:11 . 2009-03-18 00:09 -------- d-----w c:\program files\Lexmark Fax Solutions
2009-03-18 00:10 . 2009-03-18 00:10 -------- d-----w c:\documents and settings\All Users\Application Data\FaxCtr
2009-03-18 00:09 . 2009-03-18 00:09 -------- d-----w c:\program files\Lexmark_3300 Series
2009-03-18 00:09 . 2009-03-18 00:06 -------- d-----w c:\program files\Lexmark 3300 Series
2009-03-18 00:08 . 2009-03-18 00:06 517 ----a-w C:\LXCCINST.csv
2009-03-18 00:06 . 2009-03-18 00:06 242 ----a-w C:\CDFE.log
2009-03-18 00:06 . 2009-03-18 00:06 0 ----a-w C:\lxccfire.csv
2009-03-08 21:47 . 2009-03-08 21:47 -------- d-----w c:\program files\Enterbrain
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-08-09 12:33 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2006-10-17 17:04 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 01:43 . 2008-11-13 18:13 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-20 10:20 . 2007-05-09 20:20 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 08:26 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 08:25 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 . 2004-08-10 17:51 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 17:51 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-10 17:51 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 17:50 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-10-15 19:44 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 17:51 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-10-15 19:44 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 23:02 . 2004-08-04 03:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-10 17:51 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-15 19:44 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2004-08-10 17:51 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 19:44 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2004-08-10 17:51 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-10-15 19:44 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 17:51 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-13 18:25 . 2008-11-13 18:25 123408 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-04-08 21:41 . 2008-04-08 21:41 128 ----a-w c:\documents and settings\Blake\Local Settings\Application Data\fusioncache.dat
2009-01-18 03:40 . 2009-01-18 03:40 69120 --sha-w c:\windows\system32\bayopuge.dll.tmp
2009-01-18 03:40 . 2009-01-18 03:40 69120 --sha-w c:\windows\system32\napigowu.dll.tmp
2009-01-18 03:40 . 2009-01-18 03:40 69120 --sha-w c:\windows\system32\suvopomu.dll.tmp
2008-10-06 00:21 . 2008-10-06 00:21 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100520081006\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-12-18 3321856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-09 169984]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SAClient"="c:\program files\Insight\BBClient\Programs\RegCon.exe" [2004-11-17 299008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
c:\documents and settings\Blake\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-6-1 947544]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-9 24576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\WINDOWS\\system32\\lxcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccPSWX.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2008-11-26 36368]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bungie.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\j8ej9k22.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bungie.net/
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 15:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4254542993-1360710644-2665431577-1006\Software\SecuROM\License information*]
"datasecu"=hex:58,53,1e,b2,99,18,a0,24,08,d1,48,05,90,2f,a5,8a,20,e4,e7,01,a8,
02,09,96,c5,19,b7,e1,7a,1b,66,9e,0a,fc,b9,ce,c3,12,49,fe,3d,b4,89,a4,4b,f8,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(964)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(5508)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\gearsec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\windows\system32\lxcccoms.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-19 15:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 19:14
Pre-Run: 10,861,535,232 bytes free
Post-Run: 10,777,190,400 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
299 --- E O F --- 2009-04-19 03:46
-
Looks good now.
This will just remove the Norton antivirus leftovers. It won't touch the Norton Ghost.
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
File::
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
Folder::
c:\program files\Common Files\Symantec Shared
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-
"ccApp"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
---
How is the computer running now?
-
The computer is running fine now. I appreciate the help very much. I have a small question though...
When I was using the Trial Version of Norton Ghost, it tried to back everything up but was unable to due to 'Low Disk Space'. Whenever I turn on the computer, a little bubble on the toolbar reminds me saying there's low disc space on Drive D. Should I get rid of the program and the 'backup' or just leave it?
Either way, here's the requested log.
_______________________________________ ____
ComboFix 09-04-19.05 - Blake 04/19/2009 15:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.522 [GMT -4:00]
Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Blake\Desktop\CFScript.txt
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled*
* Created a new restore point
FILE ::
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\ccAlert.dll
c:\program files\Common Files\Symantec Shared\ccApp.exe
c:\program files\Common Files\Symantec Shared\ccDec.dll
c:\program files\Common Files\Symantec Shared\ccEmlPxy.dll
c:\program files\Common Files\Symantec Shared\ccErrDsp.dll
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccGSE.dll
c:\program files\Common Files\Symantec Shared\ccInst.dll
c:\program files\Common Files\Symantec Shared\ccL30.dll
c:\program files\Common Files\Symantec Shared\ccL35.dll
c:\program files\Common Files\Symantec Shared\ccLgView.exe
c:\program files\Common Files\Symantec Shared\ccLogin.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
c:\program files\Common Files\Symantec Shared\ccProd.dll
c:\program files\Common Files\Symantec Shared\ccProSub.dll
c:\program files\Common Files\Symantec Shared\ccPwd.dll
c:\program files\Common Files\Symantec Shared\ccPwdSvc.exe
c:\program files\Common Files\Symantec Shared\ccScan.dll
c:\program files\Common Files\Symantec Shared\ccSet.dll
c:\program files\Common Files\Symantec Shared\ccSetEvt.dll
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccVrTrst.dll
c:\program files\Common Files\Symantec Shared\ccWebWnd.dll
c:\program files\Common Files\Symantec Shared\CfgWiz.tlb
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll
c:\program files\Common Files\Symantec Shared\Decomposers\DecSDK.dll
c:\program files\Common Files\Symantec Shared\DefUtDCD.dll
c:\program files\Common Files\Symantec Shared\ecmldr32.DLL
c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.CHM
c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.chw
c:\program files\Common Files\Symantec Shared\Help\CPDDRM00.chm
c:\program files\Common Files\Symantec Shared\Help\CPDDRM01.chm
c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
c:\program files\Common Files\Symantec Shared\IraLsClt.dll
c:\program files\Common Files\Symantec Shared\LiveReg\Catalog.LiveSubscribe
c:\program files\Common Files\Symantec Shared\LiveReg\Defaults.lvr
c:\program files\Common Files\Symantec Shared\LiveReg\iraDefA2.dll
c:\program files\Common Files\Symantec Shared\LiveReg\IraLrShl.exe
c:\program files\Common Files\Symantec Shared\LiveReg\IraLsCl2.dll
c:\program files\Common Files\Symantec Shared\LiveReg\iraLSUI.dll
c:\program files\Common Files\Symantec Shared\LiveReg\IraVcLc3.dll
c:\program files\Common Files\Symantec Shared\LiveReg\IraVcObj.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LRCtrl.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LRRes.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LSCtrl.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LSPlugin.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LSSupCtl.dll
c:\program files\Common Files\Symantec Shared\LiveReg\symcsub.exe
c:\program files\Common Files\Symantec Shared\LiveReg\VcClnUp.exe
c:\program files\Common Files\Symantec Shared\LiveReg\VcSetup.exe
c:\program files\Common Files\Symantec Shared\NMain.exe
c:\program files\Common Files\Symantec Shared\SLTCHK01.dll
c:\program files\Common Files\Symantec Shared\Symdlbrg.dll
c:\program files\Common Files\Symantec Shared\SymLTCOM.dll
c:\program files\Common Files\Symantec Shared\SymUIAx2.ocx
c:\windows\system32\ofotahih.ini
.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.
2009-04-19 14:14 . 2009-04-19 14:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 03:30 . 2009-04-19 03:30 -------- d-----w c:\documents and settings\Blake\Application Data\Malwarebytes
2009-04-19 03:30 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-19 03:30 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 03:30 . 2009-04-19 03:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-19 03:30 . 2009-04-19 03:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 01:30 . 2009-04-19 01:30 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-19 01:30 . 2009-04-19 01:30 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-19 01:30 . 2009-04-19 01:30 -------- d-----w c:\documents and settings\Blake\Application Data\SUPERAntiSpyware.com
2009-04-19 01:30 . 2009-04-19 01:30 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-15 21:24 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 21:24 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 21:24 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 21:24 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 21:24 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 21:24 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 21:24 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 21:24 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 21:24 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 21:24 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 21:23 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 21:23 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 21:23 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-03-25 23:15 . 2009-03-25 23:15 -------- d-----w c:\program files\7-Zip
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 19:55 . 2008-04-26 00:53 -------- d-----w c:\program files\Steam
2009-04-19 14:14 . 2006-08-09 12:32 -------- d-----w c:\program files\Java
2009-04-19 03:48 . 2006-08-09 12:51 -------- d-----w c:\program files\Trend Micro
2009-04-19 01:22 . 2008-05-17 02:57 -------- d-----w c:\program files\CCleaner
2009-04-19 01:03 . 2008-08-08 20:05 -------- d-----w c:\program files\テイルズ オブ ヴェスペリア
2009-04-19 00:59 . 2007-07-16 20:06 -------- d-----w c:\program files\LimeWire
2009-04-19 00:57 . 2006-08-09 12:47 -------- d-----w c:\program files\WildTangent
2009-04-19 00:56 . 2006-08-09 12:43 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-18 03:49 . 2006-08-09 12:53 -------- d-----w c:\program files\Google
2009-04-17 19:31 . 2009-03-18 00:08 -------- d-----w c:\program files\Lx_cats
2009-04-15 19:31 . 2009-03-22 20:17 600 ----a-w C:\lxcc.log
2009-04-13 00:09 . 2009-02-16 22:33 -------- d-----w c:\documents and settings\Blake\Application Data\U3
2009-04-12 22:28 . 2009-03-19 21:34 2100 ----a-w C:\lxccscan.log
2009-03-23 00:44 . 2006-08-27 23:30 3766 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-19 23:12 . 2006-08-17 20:04 54944 ----a-w c:\documents and settings\Blake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 23:10 . 2008-05-31 20:37 -------- d-----w c:\program files\Windows Live
2009-03-19 23:09 . 2009-03-19 23:09 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-19 23:07 . 2009-03-19 23:07 -------- d-----w c:\program files\Microsoft
2009-03-19 23:07 . 2009-03-19 23:07 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-19 23:03 . 2009-03-19 23:03 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-18 22:58 . 2009-03-18 22:58 -------- d-----w c:\documents and settings\Blake\Application Data\FaxCtr
2009-03-18 00:17 . 2009-03-18 00:12 -------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-03-18 00:11 . 2009-03-18 00:09 -------- d-----w c:\program files\Lexmark Fax Solutions
2009-03-18 00:10 . 2009-03-18 00:10 -------- d-----w c:\documents and settings\All Users\Application Data\FaxCtr
2009-03-18 00:09 . 2009-03-18 00:09 -------- d-----w c:\program files\Lexmark_3300 Series
2009-03-18 00:09 . 2009-03-18 00:06 -------- d-----w c:\program files\Lexmark 3300 Series
2009-03-18 00:08 . 2009-03-18 00:06 517 ----a-w C:\LXCCINST.csv
2009-03-18 00:06 . 2009-03-18 00:06 242 ----a-w C:\CDFE.log
2009-03-18 00:06 . 2009-03-18 00:06 0 ----a-w C:\lxccfire.csv
2009-03-08 21:47 . 2009-03-08 21:47 -------- d-----w c:\program files\Enterbrain
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-08-09 12:33 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2006-10-17 17:04 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 01:43 . 2008-11-13 18:13 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-20 10:20 . 2007-05-09 20:20 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 08:26 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 08:25 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 . 2004-08-10 17:51 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 17:51 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-10 17:51 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 17:50 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-10-15 19:44 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 17:51 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-10-15 19:44 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 23:02 . 2004-08-04 03:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-10 17:51 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-15 19:44 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2004-08-10 17:51 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 19:44 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2004-08-10 17:51 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-10-15 19:44 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 17:51 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-13 18:25 . 2008-11-13 18:25 123408 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-04-08 21:41 . 2008-04-08 21:41 128 ----a-w c:\documents and settings\Blake\Local Settings\Application Data\fusioncache.dat
2009-01-18 03:40 . 2009-01-18 03:40 69120 --sha-w c:\windows\system32\bayopuge.dll.tmp
2009-01-18 03:40 . 2009-01-18 03:40 69120 --sha-w c:\windows\system32\napigowu.dll.tmp
2009-01-18 03:40 . 2009-01-18 03:40 69120 --sha-w c:\windows\system32\suvopomu.dll.tmp
2008-10-06 00:21 . 2008-10-06 00:21 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100520081006\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-19_19.11.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 19:52 . 2009-04-19 19:52 16384 c:\windows\temp\Perflib_Perfdata_278.dat
+ 2004-08-10 17:51 . 2009-04-19 19:57 72134 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2009-04-19 19:11 72134 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2009-04-19 19:57 443034 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2009-04-19 19:11 443034 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-12-18 3321856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-09 169984]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SAClient"="c:\program files\Insight\BBClient\Programs\RegCon.exe" [2004-11-17 299008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
c:\documents and settings\Blake\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-6-1 947544]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-9 24576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\WINDOWS\\system32\\lxcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccPSWX.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2008-11-26 36368]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bungie.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\j8ej9k22.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bungie.net/
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 15:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4254542993-1360710644-2665431577-1006\Software\SecuROM\License information*]
"datasecu"=hex:58,53,1e,b2,99,18,a0,24,08,d1,48,05,90,2f,a5,8a,20,e4,e7,01,a8,
02,09,96,c5,19,b7,e1,7a,1b,66,9e,0a,fc,b9,ce,c3,12,49,fe,3d,b4,89,a4,4b,f8,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\gearsec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\windows\system32\lxcccoms.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-19 16:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 20:00
ComboFix2.txt 2009-04-19 19:14
Pre-Run: 10,781,216,768 bytes free
Post-Run: 10,766,270,464 bytes free
367 --- E O F --- 2009-04-19 03:46
-
When I was using the Trial Version of Norton Ghost, it tried to back everything up but was unable to due to 'Low Disk Space'. Whenever I turn on the computer, a little bubble on the toolbar reminds me saying there's low disc space on Drive D. Should I get rid of the program and the 'backup' or just leave it?
Norton/Symantec is not my favorite software. As you notice their software is very RAM intensive and cause many computers more problems than they are worth.
Are you looking for just backup files/folders or image the drive?
-----
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
.
.
The above procedure will:- Delete: ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
-
I've no idea about backup files/folders and imaging the drive. I just want to know if there's something about that I can get rid of to improve my comp, and if so how please.
Also, thank you very much for the help with fixing my Bad Image problem.
-
If you don't use the Norton Ghost I would uninstall it. I'm sure that would help.
StartupLite
- Download StartupLite (http://www.malwarebytes.org/StartUpLite.exe) by MalwareBytes to your Desktop.
- Doubleclick StartupLite.exe to launch the program.
- Ensure the Disable box is checked.
- Click Continue.
- A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
- Re-start your computer.
.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
I would also recommend that you Defrag the computer. There may be a lot of fragmented sections on the drive after cleaning the malware.
You can use the built in Windows Defrag by clicking Start > Run and then type in dfrg.msc then click OK. Or use a faster FREE program. Defraggler (http://www.defraggler.com/) is very effective and easy to use.
Note: Be sure to clean out temp files and restart the computer just before beginning a defrag.
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.
-
Before I do that, I have Trend Micro PC-cillin Internet Security. Do I need to mess with that in anyway?
And how would I clear out Temp files?
-
Use CCleaner to clean temp files.
As long as Trend Micro is turned on and up to date it should be OK.
-
One more thing. I'm about to use CC cleaner, but it has checks in things like MS Paint. Is that bad? Is it going to delete those programs?
-
No it won't delete the program it will just remove any log sthat the programs create. You might want to uncheck Cookies so it doesn't remove your log in information on online forums.