Need some help

[Chunknutzq3]

Hey guys I am pretty sure I have more then just one problem here. I was wondering if someone could please give me a hand and diagnose my problem(s). Thanks

***When I was done running gmer it crashed and said something about rdbss.sys if thats any help***

For some reason it won't let me attach the gmer file. It says its too big.

 

[Chunknutzq3]

attach

it is really giving me problems attaching the other files

 

[Bobbye]

While I'm checking your logs, please tell me what problems you're having.

I note that ClamWin Free Antivirus 0.96.1 is on the system, but so is Norton and both are running. Please decide which you want to keep and remove the other. This tool will help remove Norton if you choose to remove it:
Norton Removal Tool

I see multiple old versions of Java on the systems. These are vulnerabilities and need to be uninstalled. The only version that you should have is v6u20. Please uninstall the earlier versions, then download and install Java Runtime Environment (JRE) 6 Update 20:
Check this site Java Updates Stay current as most updates are for security.

When you let me know the problems you're having, I will know how to guide you.

 

[Chunknutzq3]

Problems

Thanks for replying. I am having a few problems. For starters My google searches get re-directed constantly. Another issue i've been having is if my computer is idle for a little while i can't open any programs. I can move my mouse around and double click programs. The hourglass will come up but nothing ever happens. I can't even restart it or shut it off without holding in the power button.

The other issue that has been happening is I get the virtual memory low. When I know it shouldn't be. I'll just have restarted it and am running one program and I am getting the message.

Let me know what you think. Thanks.

P.S. in the meantime i'll delete norton and update the java.

 

[Chunknutzq3]

Updated

Okay, I updated java and got rid of the old versions as well as deleted Norton from my computer. Whats the next step?

 

[Chunknutzq3]

Programs Freeze

The issue with me having my programs not load is really the biggest issue. If my computer sits idle for more then 15 minutes I can't open up any new programs. Also if I try to restart it will let me click it but nothing happens. I double click on any program and it acts like it will load but nothing. I can't even bring up windows task manager either when this happens.

Any thoughts?

 

[Bobbye]

Assessing the system:

1. You're running Windows XP Home with the SP3 update.
2. Firefox is the default browser
3. You have 2 hard drives with little 'space on either:
   C: is FIXED (NTFS) - 112 GiB total, 24.45 GiB free.= 27.3% free
   E: is FIXED (NTFS) - 74 GiB total, 6.204 GiB free.= 4.6% free

=================================
And the 'extra'

1. You are loading both a Lexmark printer and an AIO from HP.
2. You are heavily invested in multiple imaging/photo editing programs including Adobe Photoshop, Adobe Kuler, Kodak EasyShare, ArcSoft, Pixel Bender Toolkit
3. You have the TweakNow RegCleaner running
4. You're running the Xilisoft DVD Ripper Ultimate program
5. You use LimeWire for file sharing
6. There are several media players installed> Win Amp, Windows Media Player, VLC media player, Graboid Video, QuickTime, Real Player

Minimum installed RAM to run Windows XP is 512MB.
How much RAM do you have installed?

My guess is that you are short of hard drive to hold the programs and do not have enough RAM to run them. IF you have over 512MB of RAM and you know the chips are good, do the following:

Please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
Re-enable your Antivirus software.
==============================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Please paste these 2 logs in.

 

[Chunknutzq3]

Here are the newest logs

I had to attach the ESET log

ComboFix 10-07-10.01 - Jeff 07/10/2010 15:37:10.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.476 [GMT -4:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((( Files Created from 2010-06-10 to 2010-07-10 )))

2010-07-10 03:00 . 2010-07-10 03:00 388096 ----a-r- c:\documents and settings\Jeff\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-08 20:58 . 2010-07-08 20:58 503808 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6bd1016d-n\msvcp71.dll
2010-07-08 20:58 . 2010-07-08 20:58 61440 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-26956466-n\decora-sse.dll
2010-07-08 20:58 . 2010-07-08 20:58 499712 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6bd1016d-n\jmc.dll
2010-07-08 20:58 . 2010-07-08 20:58 348160 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6bd1016d-n\msvcr71.dll
2010-07-08 20:58 . 2010-07-08 20:58 12800 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-26956466-n\decora-d3d.dll
2010-07-08 20:57 . 2010-07-08 20:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 15:02 . 2010-07-08 15:02 -------- d-----w- c:\program files\7-Zip
2010-07-08 15:02 . 2010-07-08 15:02 -------- d-----w- c:\documents and settings\Jeff\AutoKrypt7-Backup
2010-07-08 14:59 . 2010-07-08 14:59 -------- d-----w- c:\documents and settings\Jeff\Application Data\gnupg
2010-07-08 14:56 . 2010-07-08 14:59 -------- d-----w- c:\program files\AutoKrypt9
2010-07-08 14:56 . 2010-07-08 14:56 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\Downloaded Installations
2010-07-08 05:56 . 2010-07-08 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-07-07 15:17 . 2010-07-07 15:17 -------- d-----w- c:\program files\RTF Viewer
2010-07-07 14:57 . 2010-07-07 14:57 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2010-07-05 02:24 . 2010-07-05 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ThumbnailCache4R
2010-07-05 01:47 . 2010-07-04 18:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-04 18:22 . 2010-07-04 18:22 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-04 15:55 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-07-04 15:54 . 2010-07-04 15:55 -------- d-----w- c:\program files\Lavasoft
2010-07-04 15:33 . 2010-07-04 15:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-30 03:31 . 2010-06-30 03:31 -------- d-----w- c:\program files\iPod
2010-06-30 02:51 . 2010-06-30 02:51 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-29 06:00 . 2010-06-29 06:00 -------- d-----w- c:\documents and settings\Jeff\Application Data\Malwarebytes
2010-06-29 06:00 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-29 06:00 . 2010-06-29 06:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-29 06:00 . 2010-06-29 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-29 06:00 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-28 22:53 . 2010-06-29 12:14 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\eqrumfcqk
2010-06-26 13:37 . 2010-06-26 13:37 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-26 03:16 . 2010-06-30 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-26 03:16 . 2010-06-26 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-26 00:35 . 2010-06-26 00:12 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-26 00:35 . 2010-06-26 00:12 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-26 00:35 . 2010-01-11 01:55 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-06-26 00:35 . 2010-01-11 01:54 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-06-26 00:35 . 2010-06-26 00:35 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-26 00:35 . 2010-06-26 00:35 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-26 00:34 . 2010-06-26 00:34 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-26 00:34 . 2010-06-26 00:34 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-26 00:32 . 2010-06-26 00:32 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-26 00:32 . 2010-06-26 00:32 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-26 00:32 . 2010-06-26 00:32 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-26 00:32 . 2010-06-26 00:32 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-26 00:32 . 2010-06-26 00:32 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-26 00:32 . 2010-06-26 00:32 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-26 00:32 . 2010-06-26 00:32 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-26 00:31 . 2010-06-26 00:31 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-26 00:31 . 2010-06-26 00:31 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-26 00:31 . 2010-06-26 00:31 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-26 00:31 . 2010-06-26 00:31 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-26 00:31 . 2010-06-26 00:31 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-26 00:16 . 2010-06-26 00:16 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-26 00:16 . 2010-06-26 00:16 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-26 00:12 . 2010-06-26 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

(((((( Find3M Report ))))))))
.
2010-07-10 19:34 . 2009-01-24 21:33 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-07-09 21:31 . 2008-08-22 23:07 28784 ----a-w- c:\documents and settings\Jeff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-09 20:33 . 2008-08-23 14:55 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-08 20:46 . 2008-08-29 15:23 -------- d-----w- c:\program files\Java
2010-07-07 14:20 . 2008-08-30 14:53 -------- d-----w- c:\documents and settings\Jeff\Application Data\LimeWire
2010-07-06 13:08 . 2009-07-12 22:19 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-07-06 13:08 . 2009-11-09 00:23 -------- d-----w- c:\program files\Super_DVD_Creator_9.8
2010-07-04 15:59 . 2008-08-23 14:55 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-04 15:54 . 2008-11-23 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-30 23:36 . 2009-06-07 20:18 -------- d-----w- c:\program files\Intuit
2010-06-30 23:33 . 2010-03-26 00:12 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-06-30 23:32 . 2010-02-13 16:30 -------- d-----w- c:\documents and settings\Jeff\Application Data\SUPERAntiSpyware.com
2010-06-30 23:31 . 2010-02-13 16:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-30 03:33 . 2010-04-24 19:02 -------- d-----w- c:\program files\iTunes
2010-06-30 03:31 . 2008-10-01 14:21 -------- d-----w- c:\program files\Common Files\Apple
2010-06-30 03:01 . 2008-10-01 14:23 -------- d-----w- c:\program files\Bonjour
2010-06-30 02:48 . 2008-10-01 14:24 -------- d-----w- c:\documents and settings\Jeff\Application Data\Apple Computer
2010-06-30 02:47 . 2008-10-01 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-29 03:17 . 2010-05-04 03:03 439816 ----a-w- c:\documents and settings\Jeff\Application Data\Real\Update\setup3.10\setup.exe
2010-06-26 14:57 . 2008-09-12 14:54 -------- d-----w- c:\documents and settings\Jeff\Application Data\DivX
2010-06-26 00:35 . 2008-09-07 03:01 -------- d-----w- c:\program files\DivX
2010-06-26 00:35 . 2009-07-10 15:52 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-15 07:38 . 2009-06-11 02:25 -------- d-----w- c:\program files\Google
2010-05-12 23:47 . 2010-04-05 14:56 -------- d-----w- c:\documents and settings\Jeff\Application Data\vlc
2010-05-04 17:20 . 2003-07-16 20:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2003-07-16 20:51 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40 . 2008-09-07 03:01 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-27 18:40 . 2008-09-07 03:01 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2008-09-07 03:01 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2008-09-07 03:01 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-20 05:30 . 2003-07-16 20:24 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 00:47 . 2009-06-18 02:17 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2009-06-18 02:17 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

((((( Reg Loading Points )))))
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"AIM"="c:\program files\AIM95\aim.exe" [2001-07-20 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTWinModem1"="ltmsg.exe 9" [X]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2010-05-24 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2009-05-11 684712]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2009-05-11 16040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoKrypt9.lnk - c:\program files\AutoKrypt9\jre\bin\javaw.exe [2010-5-6 145184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\AOE\\EMPIRESX.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AutoKrypt9\\jre\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [6/7/2009 4:18 PM 34916]
S2 gupdate1c9ea3bff02f044;Google Update Service (gupdate1c9ea3bff02f044);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2009 10:26 PM 133104]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [1/27/2010 10:35 PM 98984]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [3/6/2009 8:10 PM 16896]
.
Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 18:21]

2010-07-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 02:25]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 02:26]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 02:26]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.xfinity.com/?cid=xfactiv_eg_self_main
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>;*.local
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\0xxua0wq.default\
FF - prefs.js: browser.startup.homepage - www.netscape.com
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
.
------- File Associations -------
.
.txt=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 15:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\McAfeeFirewall]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\PandaAntiVirus]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\PandaFirewall]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\SophosAntiVirus]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\SymantecFirewall]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\TinyFirewall]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\TrendAntiVirus]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\TrendFirewall]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-07-10 15:50:05
ComboFix-quarantined-files.txt 2010-07-10 19:49

Pre-Run: 26,295,554,048 bytes free
Post-Run: 27,273,244,672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 55FDAF716854365DD38B0844D227BB99

 

[Bobbye]

Norton has not been removed. Clam AV is still running. How much RAM do you have?

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes	
  
  :Services
  
  :Reg
  
  :Files  
  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn.zip		
  C:\Documents and Settings\Jeff\Desktop\Jeff's Stuff\Downloads\klitekpp210e.exe	
  C:\Documents and Settings\Jeff\Desktop\Jeff's Stuff\MP3's\Downloads\Seths Cd\Incomplete\T-3263249-ak 47 mack maine.mp3	
  E:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\game.class-61c915b-58b69d8b.class
  E:\Documents and Settings\Owner\Desktop\Jeff's Stuff\Downloads\klitekpp210e.exe	
  E:\Program Files\Common Files\Companion Wizard\WapCHK.dll	
  E:\WINDOWS\system32\utvwa.bak1	
  E:\WINDOWS\system32\utvwa.bak2	
  E:\WINDOWS\system32\utvwa.ini	
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===========================================
Click on the Control Panel> Java> Temporary internet files> Settings> Delete all

Open Spybot S&D and delete the files it has quarantined.

There are several sources of infections. Please handle the antivirus programs and address my question about the RAM.

 

[Chunknutzq3]

OTL report

To answer your questions: I thought I did remove Norton I followed the norton removal tool but it must not have gotten rid of it. I did a search and am trying to delete all the norton associated files. Is there an easier way?

I have 768 mb or RAM.

I will do my best to get Norton removed. Here is the OTL Log

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn.zip moved successfully.
C:\Documents and Settings\Jeff\Desktop\Jeff's Stuff\Downloads\klitekpp210e.exe moved successfully.
C:\Documents and Settings\Jeff\Desktop\Jeff's Stuff\MP3's\Downloads\Seths Cd\Incomplete\T-3263249-ak 47 mack maine.mp3 moved successfully.
E:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\game.class-61c915b-58b69d8b.class moved successfully.
E:\Documents and Settings\Owner\Desktop\Jeff's Stuff\Downloads\klitekpp210e.exe moved successfully.
E:\Program Files\Common Files\Companion Wizard\WapCHK.dll moved successfully.
E:\WINDOWS\system32\utvwa.bak1 moved successfully.
E:\WINDOWS\system32\utvwa.bak2 moved successfully.
E:\WINDOWS\system32\utvwa.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jeff
->Temp folder emptied: 1027243058 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 1120673 bytes
->FireFox cache emptied: 43568773 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5886 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 462 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 28 bytes
->Flash cache emptied: 13142 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,022.00 mb


OTM by OldTimer - Version 3.1.14.0 log created on 07112010_120638

Files moved on Reboot...

Registry entries deleted on Reboot...

 

[Bobbye]

From OTMoveIT: Total Files Cleaned = 1,022.00 mb> This is a significant number of files.
I'd like to bring your attention back to this section in my Reply #7:

And the 'extra'

1. You are loading both a Lexmark printer and an AIO from HP.
2. You are heavily invested in multiple imaging/photo editing programs including Adobe Photoshop, Adobe Kuler, Kodak EasyShare, ArcSoft, Pixel Bender Toolkit
3. You have the TweakNow RegCleaner running
4. You're running the Xilisoft DVD Ripper Ultimate program
5. You use LimeWire for file sharing
6. There are several media players installed> Win Amp, Windows Media Player, VLC media player, Graboid Video, QuickTime, Real Player

None of these programs need to start on boot and run in the background. Each can be taken off Startup using the msconfig utility . If you no longer use any of the above, uninstall them. It is doubtful that if these are all starting on boot that you will be able to startup additional programs.

Are you still having any malware related problems? If so, what?