I'm at work, and i keep getting the following pop up:

"The Application or DLL "C:\Windows\System32\nuvameje.dll" is not a valid windows image

I did a scan

The xenofex crack is not what it looks like. I was about to freak out too, but it's the filter "crack", for photoshop.

Please help me.

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Core™2 Duo CPU E7400 @ 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 16.0.0.125 (Activated)
Firewall : Norton Internet Security 16.0.0.125 (Activated)
C:\ (Local Disk) - NTFS - Total:298 Go (Free:268 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Tue 02/09/2010| 8:50 )

--------------------\\ Listing folders in APPLIC~1

[02/05/2010|10:02] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Adobe
[10/22/2009|09:53] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Alien Skin
[01/26/2010|03:21] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Apple Computer
[09/16/2009|10:50] C:\DOCUME~1\Admin\APPLIC~1\<DIR> com.Spreadtweet2007.AirApp.84144EB30E332DDF53A5B500088B55A66190F3BE.1
[10/19/2009|02:29] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Google
[09/09/2009|03:01] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Help
[11/10/2009|11:06] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Hewlett-Packard
[04/25/2008|11:32] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Identities
[12/15/2009|02:51] C:\DOCUME~1\Admin\APPLIC~1\<DIR> InstallShield
[09/09/2009|03:01] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Macromedia
[09/18/2009|10:54] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Microsoft
[01/08/2010|11:30] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Mozilla
[01/21/2010|08:37] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Roxio
[09/04/2009|02:42] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Roxio Log Files
[11/06/2009|10:24] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Share-to-Web Upload Folder
[09/04/2009|02:32] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Sun
[11/23/2009|08:18] C:\DOCUME~1\Admin\APPLIC~1\<DIR> TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[11/18/2009|08:17] C:\DOCUME~1\Admin\APPLIC~1\<DIR> U3
[09/04/2009|02:32] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Windows Desktop Search
[09/09/2009|02:54] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Windows Search
[11/20/2009|10:16] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Yahoo!

[09/04/2009|02:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[01/05/2010|11:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Hewlett-Packard
[04/25/2008|11:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[12/03/2009|05:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[09/04/2009|02:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Roxio Log Files
[09/04/2009|02:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun
[09/04/2009|02:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Windows Desktop Search

[09/30/2009|02:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {755AC846-7372-4AC8-8550-C52491DAA8BD}
[11/18/2009|02:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/15/2009|09:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ALM
[01/19/2010|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[09/30/2009|02:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[09/04/2009|02:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[11/16/2009|04:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[11/20/2009|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[09/04/2009|02:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[10/02/2009|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LogMeIn
[12/15/2009|03:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/13/2010|04:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[02/05/2010|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Norton
[09/04/2009|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller
[09/04/2009|02:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[01/07/2010|07:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[02/05/2010|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[01/06/2010|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[09/04/2009|02:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Uninstall
[12/04/2009|07:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[11/20/2009|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[09/04/2009|02:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Adobe
[04/25/2008|11:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[09/16/2009|10:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Macromedia
[09/04/2009|02:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[09/04/2009|02:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Roxio Log Files
[09/04/2009|02:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun
[09/04/2009|02:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Windows Desktop Search

[09/21/2009|11:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/04/2009|02:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[02/05/2010 12:58 PM][--a------] C:\WINDOWS\tasks\Norton Security Scan for Admin.job
[02/09/2010 08:37 AM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[02/09/2010 07:37 AM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[02/08/2010 02:12 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[02/09/2010 08:03 AM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-891818065-3373304450-414451667-1008UA.job
[02/09/2010 08:03 AM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-891818065-3373304450-414451667-1008Core.job
[02/09/2010 07:24 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/14/2008 02:00 AM][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[09/15/2009|09:03] C:\Program Files\<DIR> Adobe
[10/22/2009|09:32] C:\Program Files\<DIR> Alien Skin
[09/04/2009|10:22] C:\Program Files\<DIR> Analog Devices
[09/30/2009|02:19] C:\Program Files\<DIR> Apple Software Update
[09/30/2009|02:20] C:\Program Files\<DIR> Bonjour
[09/04/2009|02:34] C:\Program Files\<DIR> Broadcom
[01/07/2010|07:28] C:\Program Files\<DIR> Common Files
[09/09/2009|02:52] C:\Program Files\<DIR> Compact Wireless-G USB Adapter Wireless Network Monitor
[04/25/2008|11:27] C:\Program Files\<DIR> ComPlus Applications
[09/04/2009|02:51] C:\Program Files\<DIR> CyberLink
[09/04/2009|02:34] C:\Program Files\<DIR> Dell
[09/16/2009|10:50] C:\Program Files\<DIR> Elliott Kember
[10/22/2009|10:29] C:\Program Files\<DIR> Flash Particle Studio 1.0
[02/09/2010|07:41] C:\Program Files\<DIR> Google
[11/06/2009|10:24] C:\Program Files\<DIR> Hewlett-Packard
[12/15/2009|02:51] C:\Program Files\<DIR> InstallShield Installation Information
[01/22/2010|04:46] C:\Program Files\<DIR> Internet Explorer
[12/21/2009|02:52] C:\Program Files\<DIR> iPod
[12/21/2009|02:53] C:\Program Files\<DIR> iTunes
[09/04/2009|02:34] C:\Program Files\<DIR> Java
[11/20/2009|10:16] C:\Program Files\<DIR> jZip
[12/15/2009|02:53] C:\Program Files\<DIR> Kidz Cam Photo Editing Software
[02/09/2010|07:24] C:\Program Files\<DIR> LogMeIn
[09/04/2009|02:31] C:\Program Files\<DIR> Messenger
[09/04/2009|02:49] C:\Program Files\<DIR> Microsoft
[04/25/2008|11:29] C:\Program Files\<DIR> microsoft frontpage
[09/04/2009|02:55] C:\Program Files\<DIR> Microsoft Office
[01/21/2010|07:28] C:\Program Files\<DIR> Microsoft Silverlight
[09/04/2009|02:55] C:\Program Files\<DIR> Microsoft Small Business
[12/04/2009|09:08] C:\Program Files\<DIR> Microsoft SQL Server
[09/04/2009|02:50] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[09/04/2009|02:50] C:\Program Files\<DIR> Microsoft Sync Framework
[09/04/2009|02:40] C:\Program Files\<DIR> Microsoft Visual Studio
[12/04/2009|09:12] C:\Program Files\<DIR> Microsoft Works
[09/04/2009|02:54] C:\Program Files\<DIR> Microsoft.NET
[04/25/2008|11:27] C:\Program Files\<DIR> Movie Maker
[02/08/2010|10:09] C:\Program Files\<DIR> Mozilla Firefox
[04/25/2008|11:42] C:\Program Files\<DIR> MSBuild
[04/25/2008|11:26] C:\Program Files\<DIR> MSN
[04/25/2008|11:26] C:\Program Files\<DIR> MSN Gaming Zone
[09/04/2009|02:54] C:\Program Files\<DIR> MSXML 6.0
[12/15/2009|03:01] C:\Program Files\<DIR> MyDSC2
[04/25/2008|11:27] C:\Program Files\<DIR> NetMeeting
[09/04/2009|02:41] C:\Program Files\<DIR> Norton Internet Security
[02/05/2010|12:58] C:\Program Files\<DIR> Norton Security Scan
[02/05/2010|12:58] C:\Program Files\<DIR> NortonInstaller
[04/25/2008|11:26] C:\Program Files\<DIR> Online Services
[12/03/2009|04:52] C:\Program Files\<DIR> Outlook Express
[09/10/2009|02:22] C:\Program Files\<DIR> Paint.NET
[12/21/2009|02:49] C:\Program Files\<DIR> QuickTime
[04/25/2008|11:39] C:\Program Files\<DIR> Reference Assemblies
[09/04/2009|02:42] C:\Program Files\<DIR> Roxio
[01/06/2010|11:47] C:\Program Files\<DIR> Spybot - Search & Destroy
[09/11/2009|01:02] C:\Program Files\<DIR> Symantec
[12/23/2009|08:24] C:\Program Files\<DIR> TweetDeck
[10/22/2009|10:45] C:\Program Files\<DIR> Ulead Particle.Plugin
[04/25/2008|11:32] C:\Program Files\<DIR> Uninstall Information
[09/15/2009|11:41] C:\Program Files\<DIR> Western Digital
[12/04/2009|07:26] C:\Program Files\<DIR> Windows Desktop Search
[09/04/2009|02:51] C:\Program Files\<DIR> Windows Live
[09/04/2009|02:49] C:\Program Files\<DIR> Windows Live SkyDrive
[04/25/2008|11:29] C:\Program Files\<DIR> Windows Media Player
[04/25/2008|11:26] C:\Program Files\<DIR> Windows NT
[09/04/2009|02:41] C:\Program Files\<DIR> Windows Sidebar
[04/25/2008|11:28] C:\Program Files\<DIR> WindowsUpdate
[04/25/2008|11:29] C:\Program Files\<DIR> xerox
[11/20/2009|10:16] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/30/2009|07:29] C:\Program Files\Common Files\<DIR> Adobe
[12/23/2009|07:52] C:\Program Files\Common Files\<DIR> Adobe AIR
[12/21/2009|02:52] C:\Program Files\Common Files\<DIR> Apple
[09/15/2009|09:03] C:\Program Files\Common Files\<DIR> Control Panels
[09/04/2009|02:40] C:\Program Files\Common Files\<DIR> DESIGNER
[11/06/2009|10:24] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[09/09/2009|02:52] C:\Program Files\Common Files\<DIR> InstallShield
[09/04/2009|02:45] C:\Program Files\Common Files\<DIR> Macrovision Shared
[12/04/2009|09:12] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/25/2008|11:27] C:\Program Files\Common Files\<DIR> MSSoap
[04/24/2008|11:22] C:\Program Files\Common Files\<DIR> ODBC
[09/04/2009|02:42] C:\Program Files\Common Files\<DIR> Roxio Shared
[04/25/2008|11:27] C:\Program Files\Common Files\<DIR> Services
[09/04/2009|02:42] C:\Program Files\Common Files\<DIR> Sonic Shared
[04/24/2008|11:22] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/04/2009|02:42] C:\Program Files\Common Files\<DIR> SureThing Shared
[09/10/2009|03:11] C:\Program Files\Common Files\<DIR> Symantec Shared
[09/04/2009|02:39] C:\Program Files\Common Files\<DIR> System
[09/04/2009|02:48] C:\Program Files\Common Files\<DIR> Windows Live

--------------------\\ Process

( 68 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Admin\LOCALS~1\Temp\NSSstub.txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 09:06:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Admin\Application Data\Alien Skin\Xenofex 2\Cracks
C:\DOCUME~1\Admin\Application Data\Alien Skin\Xenofex 2\Cracks\Last Used


[F:35][D:69]-> C:\DOCUME~1\Admin\LOCALS~1\Temp
[F:104][D:0]-> C:\DOCUME~1\Admin\Cookies
[F:30][D:16]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 02/09/2010| 9:09 - Option : [1]

--------------------\\ Scan completed at 9:09:12

Hello.

Yes, that's correct regarding your statement on that "cracks" section of the scan. Let's get a few more scans here. Followed the instructions outlined here and post the logs upon completion: http://forums.whatthetech.com/you_Infected_t106388.html

Thanks.

With Regards,
Extremeboy

Due to inactivity this topic will be closed.
If you need help please start a new thread.