TechSpot

Need some help

By Chunknutzq3
Jul 8, 2010
  1. Hey guys I am pretty sure I have more then just one problem here. I was wondering if someone could please give me a hand and diagnose my problem(s). Thanks

    ***When I was done running gmer it crashed and said something about rdbss.sys if thats any help***

    For some reason it won't let me attach the gmer file. It says its too big.
     

    Attached Files:

  2. Chunknutzq3

    Chunknutzq3 TS Rookie Topic Starter

    attach

    it is really giving me problems attaching the other files
     

    Attached Files:

  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    While I'm checking your logs, please tell me what problems you're having.

    I note that ClamWin Free Antivirus 0.96.1 is on the system, but so is Norton and both are running. Please decide which you want to keep and remove the other. This tool will help remove Norton if you choose to remove it:
    Norton Removal Tool

    I see multiple old versions of Java on the systems. These are vulnerabilities and need to be uninstalled. The only version that you should have is v6u20. Please uninstall the earlier versions, then download and install Java Runtime Environment (JRE) 6 Update 20:
    Check this site Java Updates Stay current as most updates are for security.

    When you let me know the problems you're having, I will know how to guide you.
     
  4. Chunknutzq3

    Chunknutzq3 TS Rookie Topic Starter

    Problems

    Thanks for replying. I am having a few problems. For starters My google searches get re-directed constantly. Another issue i've been having is if my computer is idle for a little while i can't open any programs. I can move my mouse around and double click programs. The hourglass will come up but nothing ever happens. I can't even restart it or shut it off without holding in the power button.

    The other issue that has been happening is I get the virtual memory low. When I know it shouldn't be. I'll just have restarted it and am running one program and I am getting the message.

    Let me know what you think. Thanks.

    P.S. in the meantime i'll delete norton and update the java.
     
  5. Chunknutzq3

    Chunknutzq3 TS Rookie Topic Starter

    Updated

    Okay, I updated java and got rid of the old versions as well as deleted Norton from my computer. Whats the next step?
     
  6. Chunknutzq3

    Chunknutzq3 TS Rookie Topic Starter

    Programs Freeze

    The issue with me having my programs not load is really the biggest issue. If my computer sits idle for more then 15 minutes I can't open up any new programs. Also if I try to restart it will let me click it but nothing happens. I double click on any program and it acts like it will load but nothing. I can't even bring up windows task manager either when this happens.

    Any thoughts?
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Assessing the system:
    1. You're running Windows XP Home with the SP3 update.
    2. Firefox is the default browser
    3. You have 2 hard drives with little 'space on either:
      C: is FIXED (NTFS) - 112 GiB total, 24.45 GiB free.= 27.3% free
      E: is FIXED (NTFS) - 74 GiB total, 6.204 GiB free.= 4.6% free
    =================================
    And the 'extra'
    1. You are loading both a Lexmark printer and an AIO from HP.
    2. You are heavily invested in multiple imaging/photo editing programs including Adobe Photoshop, Adobe Kuler, Kodak EasyShare, ArcSoft, Pixel Bender Toolkit
    3. You have the TweakNow RegCleaner running
    4. You're running the Xilisoft DVD Ripper Ultimate program
    5. You use LimeWire for file sharing
    6. There are several media players installed> Win Amp, Windows Media Player, VLC media player, Graboid Video, QuickTime, Real Player

    Minimum installed RAM to run Windows XP is 512MB.
    How much RAM do you have installed?

    My guess is that you are short of hard drive to hold the programs and do not have enough RAM to run them. IF you have over 512MB of RAM and you know the chips are good, do the following:

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    Re-enable your Antivirus software.
    ==============================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Please paste these 2 logs in.
     
  8. Chunknutzq3

    Chunknutzq3 TS Rookie Topic Starter

    Here are the newest logs

    I had to attach the ESET log

    ComboFix 10-07-10.01 - Jeff 07/10/2010 15:37:10.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.476 [GMT -4:00]
    Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\test.txt
    c:\windows\xpsp1hfm.log

    Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((( Files Created from 2010-06-10 to 2010-07-10 )))

    2010-07-10 03:00 . 2010-07-10 03:00 388096 ----a-r- c:\documents and settings\Jeff\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-07-08 20:58 . 2010-07-08 20:58 503808 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6bd1016d-n\msvcp71.dll
    2010-07-08 20:58 . 2010-07-08 20:58 61440 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-26956466-n\decora-sse.dll
    2010-07-08 20:58 . 2010-07-08 20:58 499712 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6bd1016d-n\jmc.dll
    2010-07-08 20:58 . 2010-07-08 20:58 348160 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6bd1016d-n\msvcr71.dll
    2010-07-08 20:58 . 2010-07-08 20:58 12800 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-26956466-n\decora-d3d.dll
    2010-07-08 20:57 . 2010-07-08 20:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-08 15:02 . 2010-07-08 15:02 -------- d-----w- c:\program files\7-Zip
    2010-07-08 15:02 . 2010-07-08 15:02 -------- d-----w- c:\documents and settings\Jeff\AutoKrypt7-Backup
    2010-07-08 14:59 . 2010-07-08 14:59 -------- d-----w- c:\documents and settings\Jeff\Application Data\gnupg
    2010-07-08 14:56 . 2010-07-08 14:59 -------- d-----w- c:\program files\AutoKrypt9
    2010-07-08 14:56 . 2010-07-08 14:56 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\Downloaded Installations
    2010-07-08 05:56 . 2010-07-08 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
    2010-07-07 15:17 . 2010-07-07 15:17 -------- d-----w- c:\program files\RTF Viewer
    2010-07-07 14:57 . 2010-07-07 14:57 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
    2010-07-05 02:24 . 2010-07-05 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ThumbnailCache4R
    2010-07-05 01:47 . 2010-07-04 18:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-07-04 18:22 . 2010-07-04 18:22 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-07-04 15:55 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
    2010-07-04 15:54 . 2010-07-04 15:55 -------- d-----w- c:\program files\Lavasoft
    2010-07-04 15:33 . 2010-07-04 15:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-06-30 03:31 . 2010-06-30 03:31 -------- d-----w- c:\program files\iPod
    2010-06-30 02:51 . 2010-06-30 02:51 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
    2010-06-29 06:00 . 2010-06-29 06:00 -------- d-----w- c:\documents and settings\Jeff\Application Data\Malwarebytes
    2010-06-29 06:00 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-29 06:00 . 2010-06-29 06:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-29 06:00 . 2010-06-29 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-06-29 06:00 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-28 22:53 . 2010-06-29 12:14 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\eqrumfcqk
    2010-06-26 13:37 . 2010-06-26 13:37 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-06-26 03:16 . 2010-06-30 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-06-26 03:16 . 2010-06-26 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
    2010-06-26 00:35 . 2010-06-26 00:12 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
    2010-06-26 00:35 . 2010-06-26 00:12 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
    2010-06-26 00:35 . 2010-01-11 01:55 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
    2010-06-26 00:35 . 2010-01-11 01:54 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
    2010-06-26 00:35 . 2010-06-26 00:35 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-06-26 00:35 . 2010-06-26 00:35 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
    2010-06-26 00:34 . 2010-06-26 00:34 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
    2010-06-26 00:34 . 2010-06-26 00:34 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
    2010-06-26 00:32 . 2010-06-26 00:32 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
    2010-06-26 00:32 . 2010-06-26 00:32 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
    2010-06-26 00:32 . 2010-06-26 00:32 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
    2010-06-26 00:32 . 2010-06-26 00:32 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
    2010-06-26 00:32 . 2010-06-26 00:32 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
    2010-06-26 00:32 . 2010-06-26 00:32 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
    2010-06-26 00:32 . 2010-06-26 00:32 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
    2010-06-26 00:31 . 2010-06-26 00:31 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
    2010-06-26 00:31 . 2010-06-26 00:31 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
    2010-06-26 00:31 . 2010-06-26 00:31 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
    2010-06-26 00:31 . 2010-06-26 00:31 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
    2010-06-26 00:31 . 2010-06-26 00:31 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-06-26 00:16 . 2010-06-26 00:16 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
    2010-06-26 00:16 . 2010-06-26 00:16 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
    2010-06-26 00:12 . 2010-06-26 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

    (((((( Find3M Report ))))))))
    .
    2010-07-10 19:34 . 2009-01-24 21:33 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
    2010-07-09 21:31 . 2008-08-22 23:07 28784 ----a-w- c:\documents and settings\Jeff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-09 20:33 . 2008-08-23 14:55 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-08 20:46 . 2008-08-29 15:23 -------- d-----w- c:\program files\Java
    2010-07-07 14:20 . 2008-08-30 14:53 -------- d-----w- c:\documents and settings\Jeff\Application Data\LimeWire
    2010-07-06 13:08 . 2009-07-12 22:19 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
    2010-07-06 13:08 . 2009-11-09 00:23 -------- d-----w- c:\program files\Super_DVD_Creator_9.8
    2010-07-04 15:59 . 2008-08-23 14:55 1100 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-07-04 15:54 . 2008-11-23 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-06-30 23:36 . 2009-06-07 20:18 -------- d-----w- c:\program files\Intuit
    2010-06-30 23:33 . 2010-03-26 00:12 -------- d-----w- c:\program files\Common Files\SupportSoft
    2010-06-30 23:32 . 2010-02-13 16:30 -------- d-----w- c:\documents and settings\Jeff\Application Data\SUPERAntiSpyware.com
    2010-06-30 23:31 . 2010-02-13 16:30 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-06-30 03:33 . 2010-04-24 19:02 -------- d-----w- c:\program files\iTunes
    2010-06-30 03:31 . 2008-10-01 14:21 -------- d-----w- c:\program files\Common Files\Apple
    2010-06-30 03:01 . 2008-10-01 14:23 -------- d-----w- c:\program files\Bonjour
    2010-06-30 02:48 . 2008-10-01 14:24 -------- d-----w- c:\documents and settings\Jeff\Application Data\Apple Computer
    2010-06-30 02:47 . 2008-10-01 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-06-29 03:17 . 2010-05-04 03:03 439816 ----a-w- c:\documents and settings\Jeff\Application Data\Real\Update\setup3.10\setup.exe
    2010-06-26 14:57 . 2008-09-12 14:54 -------- d-----w- c:\documents and settings\Jeff\Application Data\DivX
    2010-06-26 00:35 . 2008-09-07 03:01 -------- d-----w- c:\program files\DivX
    2010-06-26 00:35 . 2009-07-10 15:52 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-15 07:38 . 2009-06-11 02:25 -------- d-----w- c:\program files\Google
    2010-05-12 23:47 . 2010-04-05 14:56 -------- d-----w- c:\documents and settings\Jeff\Application Data\vlc
    2010-05-04 17:20 . 2003-07-16 20:51 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 17:20 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
    2010-05-04 17:20 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-05-02 05:22 . 2003-07-16 20:51 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-27 18:40 . 2008-09-07 03:01 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
    2010-04-27 18:40 . 2008-09-07 03:01 126448 ------w- c:\windows\system32\pxinsi64.exe
    2010-04-27 18:40 . 2008-09-07 03:01 123888 ------w- c:\windows\system32\pxcpyi64.exe
    2010-04-27 18:40 . 2008-09-07 03:01 133616 ------w- c:\windows\system32\pxafs.dll
    2010-04-20 05:30 . 2003-07-16 20:24 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-20 00:47 . 2009-06-18 02:17 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-04-20 00:47 . 2009-06-18 02:17 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

    ((((( Reg Loading Points )))))
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
    2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    "AIM"="c:\program files\AIM95\aim.exe" [2001-07-20 53248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LTWinModem1"="ltmsg.exe 9" [X]
    "ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2010-05-24 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "nwiz"="nwiz.exe" [2008-05-16 1630208]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
    "lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2009-05-11 684712]
    "lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2009-05-11 16040]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    AutoKrypt9.lnk - c:\program files\AutoKrypt9\jre\bin\javaw.exe [2010-5-6 145184]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "e:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\Microsoft Games\\AOE\\EMPIRESX.EXE"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\WINDOWS\\system32\\lxducoms.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\AutoKrypt9\\jre\\bin\\javaw.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
    R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
    R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [6/7/2009 4:18 PM 34916]
    S2 gupdate1c9ea3bff02f044;Google Update Service (gupdate1c9ea3bff02f044);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2009 10:26 PM 133104]
    S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [1/27/2010 10:35 PM 98984]
    S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [3/6/2009 8:10 PM 16896]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 18:21]

    2010-07-10 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 02:25]

    2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 02:26]

    2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 02:26]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://www.xfinity.com/?cid=xfactiv_eg_self_main
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride = <local>;*.local
    FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\0xxua0wq.default\
    FF - prefs.js: browser.startup.homepage - www.netscape.com
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    .
    ------- File Associations -------
    .
    .txt=
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-10 15:47
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\PandaAntiVirus]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\PandaFirewall]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\SophosAntiVirus]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\SymantecFirewall]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\TinyFirewall]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\TrendAntiVirus]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\TrendFirewall]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    @DACL=(02 0000)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(504)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2010-07-10 15:50:05
    ComboFix-quarantined-files.txt 2010-07-10 19:49

    Pre-Run: 26,295,554,048 bytes free
    Post-Run: 27,273,244,672 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - 55FDAF716854365DD38B0844D227BB99
     

    Attached Files:

    • log.txt
      File size:
      2.2 KB
      Views:
      1
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Norton has not been removed. Clam AV is still running. How much RAM do you have?

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes	
      
      :Services
      
      :Reg
      
      :Files  
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn.zip		
      C:\Documents and Settings\Jeff\Desktop\Jeff's Stuff\Downloads\klitekpp210e.exe	
      C:\Documents and Settings\Jeff\Desktop\Jeff's Stuff\MP3's\Downloads\Seths Cd\Incomplete\T-3263249-ak 47 mack maine.mp3	
      E:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\game.class-61c915b-58b69d8b.class
      E:\Documents and Settings\Owner\Desktop\Jeff's Stuff\Downloads\klitekpp210e.exe	
      E:\Program Files\Common Files\Companion Wizard\WapCHK.dll	
      E:\WINDOWS\system32\utvwa.bak1	
      E:\WINDOWS\system32\utvwa.bak2	
      E:\WINDOWS\system32\utvwa.ini	
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ===========================================
    Click on the Control Panel> Java> Temporary internet files> Settings> Delete all

    Open Spybot S&D and delete the files it has quarantined.

    There are several sources of infections. Please handle the antivirus programs and address my question about the RAM.
     
  10. Chunknutzq3

    Chunknutzq3 TS Rookie Topic Starter

    OTL report

    To answer your questions: I thought I did remove Norton I followed the norton removal tool but it must not have gotten rid of it. I did a search and am trying to delete all the norton associated files. Is there an easier way?

    I have 768 mb or RAM.

    I will do my best to get Norton removed. Here is the OTL Log

    All processes killed
    ========== PROCESSES ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn.zip moved successfully.
    C:\Documents and Settings\Jeff\Desktop\Jeff's Stuff\Downloads\klitekpp210e.exe moved successfully.
    C:\Documents and Settings\Jeff\Desktop\Jeff's Stuff\MP3's\Downloads\Seths Cd\Incomplete\T-3263249-ak 47 mack maine.mp3 moved successfully.
    E:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\game.class-61c915b-58b69d8b.class moved successfully.
    E:\Documents and Settings\Owner\Desktop\Jeff's Stuff\Downloads\klitekpp210e.exe moved successfully.
    E:\Program Files\Common Files\Companion Wizard\WapCHK.dll moved successfully.
    E:\WINDOWS\system32\utvwa.bak1 moved successfully.
    E:\WINDOWS\system32\utvwa.bak2 moved successfully.
    E:\WINDOWS\system32\utvwa.ini moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jeff
    ->Temp folder emptied: 1027243058 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 1120673 bytes
    ->FireFox cache emptied: 43568773 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 5886 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 462 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 28 bytes
    ->Flash cache emptied: 13142 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16384 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,022.00 mb


    OTM by OldTimer - Version 3.1.14.0 log created on 07112010_120638

    Files moved on Reboot...

    Registry entries deleted on Reboot...
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    From OTMoveIT: Total Files Cleaned = 1,022.00 mb> This is a significant number of files.
    I'd like to bring your attention back to this section in my Reply #7:
    None of these programs need to start on boot and run in the background. Each can be taken off Startup using the msconfig utility . If you no longer use any of the above, uninstall them. It is doubtful that if these are all starting on boot that you will be able to startup additional programs.

    Are you still having any malware related problems? If so, what?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...