Jump to content

Gaughin

Honorary Members
 View Profile  See their activity

  • Posts

    54

  • Joined

  • Last visited

 Content Type 

Everything posted by Gaughin

  1. Gaughin
    It seems marginally better, but it's definitely not right. I really appreciate the people who participate in this site. Even though my case is not successful, it was great of you guys to take this much time with me. I would ask 2 final questions. 1) I have read bits and pieces about Windows "repair". Is this worth trying? 2) If not, can you point me to good instructions about how to re-format the hard drive and re-install Windows from scratch? There are so many options that it's hard for a tech-challenged guy like me to know which one to use as a map. Thanks again for your time gaughin
  2. Gaughin
    OK, I went to normal mode. I was able to get the command mode to load. The computer reported back that the automatic service was successfully stopped. Still in normal mode, I attempted to re-check the folders C:\Windows\System32\Catroot2 and C:\Windows\SoftwareDistribution\Download The flashlight/search icon ran continuously for about 15 minutes without ever displaying any folders. I switched to Safe Mode with Networking. I could access the folders from there. I re-named C:\Windows\System32\Catroot2 to C:\Windows\System32\CR3OLD (since I had previously created CR2OLD). C:\Windows\SoftwareDistribution\Download remained empty. I still have approximately 0-5% available CPU with services.exe consistently taking 90% or more of the CPU. Thanks for your continued help. gaughin
  3. Gaughin
    I completed all 4 steps in safe mode. Should I try to run them in normal mode? There seems to be no significant change. Available CPU is still consistently 0-3%. If I am in normal mode, I can open office documents, for instance, but then can not work in the files; everything freezes up. iTunes will open, but then is non-responsive, and in fact, seems to lock up the entire computer. Should I try the 4 steps in normal mode, or does that matter? It seemed like the CMD gave me some sort of error message. Thanks gaughin
  4. Gaughin
    Sorry, forgot to paste it in! Avira AntiVir Personal Report file date: Sunday, May 23, 2010 16:01 Scanning for 1990003 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Safe mode with network Username : David Vinson Computer name : VINSON1 Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03 VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:29:03 VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:29:03 VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:29:03 VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:29:03 VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:29:03 VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:29:03 VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:29:03 VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:29:03 VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 20:43:21 VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 20:24:21 VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 22:41:40 VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 14:25:53 VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 14:39:58 VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 18:01:24 VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 15:24:56 VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 12:04:23 VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 14:23:02 VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 22:47:50 VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 00:11:22 VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 22:53:48 VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 18:56:47 VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 10:56:20 VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 14:43:55 VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 14:59:22 VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 17:43:17 VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 17:43:17 VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 17:43:17 Engineversion : 8.2.1.210 AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 17:16:21 AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 21:05:26 AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 23:38:41 AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 16:09:47 AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 16:09:47 AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51 AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 16:09:46 AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 23:43:13 AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25 AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 21:05:25 AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 14:04:22 AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 21:05:25 AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 17:15:06 AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51 AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29 Configuration settings for the scan: Jobname.............................: Scan for Rootkits and active malware Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\rootkit.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: high Skipped files.......................: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe, C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe, C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe, Start of the scan: Sunday, May 23, 2010 16:01 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '59' Module(s) have been scanned Scan process 'avcenter.exe' - '93' Module(s) have been scanned Scan process 'firefox.exe' - '74' Module(s) have been scanned Scan process 'Explorer.EXE' - '82' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '106' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'svchost.exe' - '48' Module(s) have been scanned Scan process 'lsass.exe' - '48' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '62' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting to scan executable files (registry). The registry was scanned ( '1175' files ). Starting the file scan: Begin scan in 'C:' C:\Documents and Settings\David Vinson\My Documents\Old computer data files\My Pictures\cabinet maker, jacob lawr [0] Archive type: MacBinary --> cabinet maker, jacob lawr.rsrc [WARNING] The file could not be read! [WARNING] The file could not be read! C:\Documents and Settings\David Vinson\My Documents\Old computer data files\My Pictures\Poppy, O'Keefe [0] Archive type: MacBinary --> Poppy, O'Keefe.rsrc [WARNING] The file could not be read! [WARNING] The file could not be read! C:\Program Files\Musicnotes\uninstsc.exe [DETECTION] Contains HEUR/Malware suspicious code Beginning disinfection: C:\Program Files\Musicnotes\uninstsc.exe [DETECTION] Contains HEUR/Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to the quarantine directory under the name '4ef8609b.qua'. End of the scan: Sunday, May 23, 2010 20:09 Used time: 3:56:32 Hour(s) The scan has been done completely. 25760 Scanned directories 555496 Files were scanned 0 Viruses and/or unwanted programs were found 1 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 555495 Files not concerned 6278 Archives were scanned 4 Warnings 1 Notes I will try your next procedure when Lost is over. gaughin
  5. Gaughin
    I am so sorry! Just saw the note about addreply! gaughin
  6. Gaughin
    Here's the result of the scan. Thanks for your help. gaughin
  7. Gaughin
    Oh, I just figured out how to enact the exclusions (had to hit the "expert" radio button and go to a different submenu.) Now that they are excluded, should I run another full Avira scan? Thanks gaughin
  8. Gaughin
    No, no change.
  9. Gaughin
    Here is the portion of the help that deals with these exclusions Configuration :: Scanner :: Scan Exceptions File objects to be omitted for the scanner The list in this window contains files and paths that should not be included by the Scanner in the scan for viruses or unwanted programs. Please enter as few exceptions as possible here and really only files that, for whatever reason, should not be included in a normal scan. We recommend that you always scan these files for viruses or unwanted programs before they are included in this list! Note The entries on the list must not result in more than 6000 characters in total. Warning These files are not included in a scan! Note The files included in this list are entered in the report file. Please check the report file from time to time for unscanned files, as perhaps the reason you excluded a file here no longer exists. In this case you should remove the name of this file from this list again. Input box In this input box you can enter the name of the file object that is not included in the on-demand scan. No file object is entered as the default setting. The button opens a window in which you can select the required file or the required path. When you have entered a file name with its complete path, only this file is not scanned for infection. If you have entered a file name without a path, all files with this name (irrespective of the path or drive) are not scanned. Add With this button, you can add the file object entered in the input box to the display window. But when I open Avira in safe mode, I can't find an input or an add button. When I open Avira in normal mode, everything freezes up as soon as I try to open any window. Is there some aspect of adding exclusions that I am overlooking? I can not figure it out. Thanks, I will keep looking, gaughin
  10. Gaughin
    Once again, I am grateful for your help. Here are the requested logs. DDS (Ver_09-09-29.01) - NTFSx86 NETWORK Run by David Vinson at 23:25:25.67 on Sat 05/22/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_01 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.639 [GMT -4:00] AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\David Vinson\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\davidv~1\applic~1\mozilla\firefox\profiles\vic99eqj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - plugin: c:\documents and settings\david vinson\application data\move networks\plugins\npqmp071504000001.dll FF - plugin: c:\documents and settings\david vinson\application data\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\program files\microsoft research\hdview for firefox\nphdview.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 4095 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 1000000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 1000000 FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 1000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-17 11608] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-17 135336] S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-17 267432] S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-17 60936] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-11-11 30192] S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2008-6-13 68954] S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?] =============== Created Last 30 ================ 2010-05-20 09:45 <DIR> --d----- c:\windows\system32\drivers\N360 2010-05-19 00:18 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll 2010-05-19 00:18 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll 2010-05-19 00:18 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll 2010-05-19 00:18 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe 2010-05-19 00:18 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe 2010-05-19 00:17 99,865 a------- c:\windows\system32\dllcache\xlog.exe 2010-05-19 00:17 28,288 a------- c:\windows\system32\dllcache\xjis.nls 2010-05-19 00:17 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys 2010-05-19 00:17 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys 2010-05-19 00:17 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys 2010-05-19 00:17 8,192 a------- c:\windows\system32\dllcache\wshirda.dll 2010-05-19 00:15 11,775 a------- c:\windows\system32\dllcache\wadv05nt.sys 2010-05-19 00:14 26,112 a------- c:\windows\system32\dllcache\usbser.sys 2010-05-19 00:13 241,664 a------- c:\windows\system32\dllcache\tosdvd02.sys 2010-05-19 00:12 285,760 a------- c:\windows\system32\dllcache\stlnata.sys 2010-05-19 00:11 24,576 a------- c:\windows\system32\dllcache\smc8000n.sys 2010-05-19 00:10 386,560 a------- c:\windows\system32\dllcache\sgiul50.dll 2010-05-19 00:09 79,872 a------- c:\windows\system32\dllcache\rwia430.dll 2010-05-19 00:08 6,016 a------- c:\windows\system32\dllcache\qic157.sys 2010-05-19 00:07 105,984 a------- c:\windows\system32\dllcache\phdsext.ax 2010-05-19 00:06 54,528 a------- c:\windows\system32\dllcache\opl3sax.sys 2010-05-19 00:05 39,264 a------- c:\windows\system32\dllcache\neo20xx.sys 2010-05-19 00:04 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys 2010-05-19 00:04 22,016 a------- c:\windows\system32\dllcache\msircomm.sys 2010-05-19 00:04 1,875,968 a------- c:\windows\system32\dllcache\msir3jp.lex 2010-05-19 00:04 98,304 a------- c:\windows\system32\dllcache\msir3jp.dll 2010-05-19 00:04 35,200 a------- c:\windows\system32\dllcache\msgame.sys 2010-05-19 00:04 6,016 a------- c:\windows\system32\dllcache\msfsio.sys 2010-05-19 00:04 6,528 a------- c:\windows\system32\dllcache\miniqic.sys 2010-05-19 00:04 34,304 a------- c:\windows\system32\dllcache\migisol.exe 2010-05-19 00:04 320,384 a------- c:\windows\system32\dllcache\mgaum.sys 2010-05-19 00:04 235,648 a------- c:\windows\system32\dllcache\mgaud.dll 2010-05-19 00:04 92,416 a------- c:\windows\system32\dllcache\mga.sys 2010-05-19 00:02 19,016 a------- c:\windows\system32\dllcache\ktc111.sys 2010-05-19 00:02 47,066 a------- c:\windows\system32\dllcache\ksc.nls 2010-05-19 00:02 37,376 a------- c:\windows\system32\dllcache\kousd.dll 2010-05-19 00:02 1,158,818 a------- c:\windows\system32\dllcache\korwbrkr.lex 2010-05-19 00:02 70,656 a------- c:\windows\system32\dllcache\korwbrkr.dll 2010-05-19 00:02 253,952 a------- c:\windows\system32\dllcache\kdsusd.dll 2010-05-19 00:02 48,640 a------- c:\windows\system32\dllcache\kdsui.dll 2010-05-19 00:02 5,632 a------- c:\windows\system32\dllcache\kbdusa.dll 2010-05-19 00:02 7,680 a------- c:\windows\system32\dllcache\kbdnecnt.dll 2010-05-19 00:02 9,216 a------- c:\windows\system32\dllcache\kbdnecat.dll 2010-05-19 00:02 7,168 a------- c:\windows\system32\dllcache\kbdnec95.dll 2010-05-19 00:02 8,192 a------- c:\windows\system32\dllcache\kbdkor.dll 2010-05-19 00:02 8,704 a------- c:\windows\system32\dllcache\kbdjpn.dll 2010-05-19 00:00 311,359 a------- c:\windows\system32\dllcache\imepadsv.exe 2010-05-18 23:59 488,383 a------- c:\windows\system32\dllcache\hsf_v124.sys 2010-05-18 23:58 8,576 a------- c:\windows\system32\dllcache\hidgame.sys 2010-05-18 23:57 71,680 a------- c:\windows\system32\dllcache\fnfilter.dll 2010-05-18 23:56 37,120 a------- c:\windows\system32\dllcache\es1370mp.sys 2010-05-18 23:55 334,208 a------- c:\windows\system32\dllcache\ds1wdm.sys 2010-05-18 23:54 21,606 a------- c:\windows\system32\dllcache\digiisdn.sys 2010-05-18 23:53 27,136 a------- c:\windows\system32\dllcache\cyzcoins.dll 2010-05-18 23:52 20,736 a------- c:\windows\system32\dllcache\cmbp0wdm.sys 2010-05-18 23:52 248,064 a------- c:\windows\system32\dllcache\cl546xm.sys 2010-05-18 23:52 170,880 a------- c:\windows\system32\dllcache\cl546x.dll 2010-05-18 23:52 111,232 a------- c:\windows\system32\dllcache\cl5465.dll 2010-05-18 23:52 45,696 a------- c:\windows\system32\dllcache\cirrus.sys 2010-05-18 23:52 91,264 a------- c:\windows\system32\dllcache\cirrus.dll 2010-05-18 23:52 272,640 a------- c:\windows\system32\dllcache\cinemclc.sys 2010-05-18 23:52 980,034 a------- c:\windows\system32\dllcache\cicap.sys 2010-05-18 23:50 13,824 a------- c:\windows\system32\dllcache\bulltlp3.sys 2010-05-18 23:16 66,082 a------- c:\windows\system32\dllcache\c_20297.nls 2010-05-18 23:15 12,160 a------- c:\windows\system32\dllcache\brfiltlo.sys 2010-05-18 23:14 37,376 a------- c:\windows\system32\dllcache\atievxx.exe 2010-05-18 23:13 553,984 a------- c:\windows\system32\dllcache\adm8820.sys 2010-05-18 23:12 7,168 a------- c:\windows\system32\dllcache\wamregps.dll 2010-05-18 23:12 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll 2010-05-17 19:55 <DIR> --d----- c:\docume~1\davidv~1\applic~1\Avira 2010-05-17 18:58 60,936 a------- c:\windows\system32\drivers\avgntflt.sys 2010-05-17 18:58 <DIR> --d----- c:\program files\Avira 2010-05-17 18:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira 2010-05-17 18:49 69,632 a------- c:\windows\system32\javacpl.cpl 2010-05-13 16:01 <DIR> --d----- c:\documents and settings\david vinson\DoctorWeb 2010-05-09 20:01 <DIR> a-dshr-- C:\cmdcons 2010-05-09 19:30 256,512 a------- c:\windows\PEV.exe 2010-05-09 19:30 161,792 a------- c:\windows\SWREG.exe 2010-05-09 19:30 98,816 a------- c:\windows\sed.exe 2010-05-09 19:30 77,312 a------- c:\windows\MBR.exe 2010-05-09 19:26 <DIR> --d----- C:\Combo-Fix 2010-05-06 22:22 <DIR> --d----- c:\program files\Trend Micro 2010-05-05 21:40 <DIR> --d----- c:\docume~1\davidv~1\applic~1\Malwarebytes 2010-05-05 21:40 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-05 21:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-05-05 21:40 20,952 a------- c:\windows\system32\drivers\mbam.sys 2010-05-05 21:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2010-05-02 23:03 <DIR> --d----- c:\docume~1\davidv~1\applic~1\Tific 2010-05-02 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller 2010-05-02 22:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton 2010-04-29 10:37 <DIR> --d----- c:\program files\iPod 2010-04-29 10:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-29 10:21 <DIR> --d----- c:\program files\Bonjour ==================== Find3M ==================== 2010-04-16 08:33 3,003,680 a------- c:\windows\system32\usbaaplrc.dll 2010-04-16 08:33 41,472 a------- c:\windows\system32\drivers\usbaapl.sys 2010-04-08 13:20 107,808 a------- c:\windows\system32\dns-sd.exe 2010-04-08 13:20 91,424 a------- c:\windows\system32\dnssd.dll 2010-04-03 01:03 96,272 a---h--- c:\windows\system32\mlfcache.dat 2010-03-10 02:15 420,352 a------- c:\windows\system32\vbscript.dll 2010-03-10 02:15 420,352 a------- c:\windows\system32\dllcache\vbscript.dll 2010-02-25 11:54 11,070,976 -------- c:\windows\system32\dllcache\ieframe.dll 2010-02-24 09:11 455,680 a------- c:\windows\system32\dllcache\mrxsmb.sys 2010-02-24 05:54 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe 2008-03-14 16:07 32 -c---r-- c:\documents and settings\all users\hash.dat 2006-01-04 18:30 774,144 -c------ c:\program files\RngInterstitial.dll 2008-09-27 20:20 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat ============= FINISH: 23:26:41.43 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-09-29.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/30/2004 7:34:54 PM System Uptime: 5/22/2010 11:51:58 AM (12 hours ago) Motherboard: Dell Computer Corp. | | 0W2562 Processor: Intel
  11. Gaughin
    I have completed the Norton removal. CPU usage approximately the same. Thanks gaughin
  12. Gaughin
    No, it's not. CPU usage is still around 90-95% when in normal mode, Office software looks like it is loading, but if I try to open any file, it freezes up the entire computer, forcing a hard shut-down. IE will open in safe mode, but not in normal mode, so I still can't run windows update. Thanks gaughin
  13. Gaughin
    iefix did not seem to respond; i hit the "run" button, and it did not respond in any way for 35 minutes. But I do have Internet Exporer running (I am typing this from within it now.) I simply downloaded a fresh version of IE8 and re-installed it. So now that IE is working, what next? I appreciate the education I am receiving from these exchanges, though I suppose you are tired of me by now. Thanks again, gaughin
  14. Gaughin
    Apparently not. Should I try to run it again? By the way, one strange thing happened with ComboFix; since I couldn't disable Norton, and since I had Avira running, I simply uninstalled Norton. Despite this, when ComboFix ran, it reported that Norton was running. Thanks, gaughin
  15. Gaughin
    Actually, for whatever reason, after I re-started the machine this morning, I could get Firefox to start. And surprisingly, I seem to consistently have 10-15% free CPU. Internet Explorer still won't open, but if you have any other fix options, I am willing to try them. I don't trust the locals. Thanks gaughin
  16. Gaughin
    Is Windows repair an option? Or should I just try to find a reputable local person to work on it? Without any internet access, I assume I am crippled.
  17. Gaughin
    And now there's a more troubling problem; I can no longer connect to the internet with either Firefox or Internet Explorer, whether I am in safe mode or not. gaughin
  18. Gaughin
    It took about 3 hours to run it; automatically re-booted the computer, and took about 90 more minutes to generate the combofix log. CPU usage still stuck generally between 98-100%; outside of safe mode, virtually no software will open. Here's the combofix log ComboFix 10-05-19.08 - David Vinson 05/20/2010 12:30:06.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.640 [GMT -4:00] Running from: c:\documents and settings\David Vinson\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\David Vinson\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IDRMKL -------\Legacy_MCCOMPONENTHOSTSERVICE -------\Service_idrmkl -------\Service_jfuf -------\Service_McComponentHostService ((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 ))))))))))))))))))))))))))))))) . 2010-05-20 13:45 . 2010-05-20 13:45 -------- d-----w- c:\windows\system32\drivers\N360 2010-05-19 04:18 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2010-05-19 04:18 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2010-05-19 04:18 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll 2010-05-19 04:18 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe 2010-05-19 04:18 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe 2010-05-19 04:17 . 2001-08-18 02:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe 2010-05-19 04:17 . 2001-08-17 16:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys 2010-05-19 04:17 . 2004-08-04 05:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys 2010-05-19 04:17 . 2004-08-04 05:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys 2010-05-19 04:17 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2010-05-19 04:15 . 2004-08-04 05:29 11775 ----a-w- c:\windows\system32\dllcache\wadv05nt.sys 2010-05-19 04:14 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys 2010-05-19 04:13 . 2001-08-17 18:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys 2010-05-19 04:12 . 2001-08-17 16:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys 2010-05-19 04:11 . 2001-08-17 16:12 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys 2010-05-19 04:10 . 2001-08-18 02:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll 2010-05-19 04:09 . 2001-08-18 02:36 79872 ----a-w- c:\windows\system32\dllcache\rwia430.dll 2010-05-19 04:08 . 2008-04-13 18:40 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys 2010-05-19 04:07 . 2004-03-19 22:41 20992 ----a-w- c:\windows\system32\dllcache\permchk.dll 2010-05-19 04:06 . 2001-08-17 16:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys 2010-05-19 04:05 . 2001-08-17 16:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys 2010-05-19 04:04 . 2001-08-17 18:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys 2010-05-19 04:04 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys 2010-05-19 04:04 . 2003-03-31 10:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll 2010-05-19 04:04 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys 2010-05-19 04:04 . 2001-08-17 17:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys 2010-05-19 04:04 . 2001-08-17 17:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys 2010-05-19 04:04 . 2004-03-19 22:39 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe 2010-05-19 04:04 . 2001-08-17 16:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys 2010-05-19 04:04 . 2001-08-17 18:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll 2010-05-19 04:04 . 2004-03-19 22:39 92416 ----a-w- c:\windows\system32\dllcache\mga.sys 2010-05-19 04:02 . 2001-08-17 16:12 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys 2010-05-19 04:02 . 2001-08-18 02:36 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll 2010-05-19 04:02 . 2003-03-31 10:00 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll 2010-05-19 04:02 . 2008-04-14 00:11 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll 2010-05-19 04:02 . 2008-04-14 00:11 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll 2010-05-19 04:02 . 2004-03-19 22:38 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll 2010-05-19 04:02 . 2004-03-19 22:38 7680 ----a-w- c:\windows\system32\dllcache\kbdnecnt.dll 2010-05-19 04:02 . 2004-03-19 22:38 9216 ----a-w- c:\windows\system32\dllcache\kbdnecat.dll 2010-05-19 04:02 . 2004-03-19 22:38 7168 ----a-w- c:\windows\system32\dllcache\kbdnec95.dll 2010-05-19 04:02 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll 2010-05-19 04:02 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll 2010-05-19 04:00 . 2003-03-31 10:00 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe 2010-05-19 03:59 . 2001-08-17 17:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys 2010-05-19 03:58 . 2001-08-17 18:02 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys 2010-05-19 03:57 . 2001-08-18 02:36 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll 2010-05-19 03:56 . 2001-08-17 16:19 37120 ----a-w- c:\windows\system32\dllcache\es1370mp.sys 2010-05-19 03:55 . 2001-08-17 16:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys 2010-05-19 03:54 . 2001-08-17 16:14 21606 ----a-w- c:\windows\system32\dllcache\digiisdn.sys 2010-05-19 03:53 . 2001-08-18 02:36 27136 ----a-w- c:\windows\system32\dllcache\cyzcoins.dll 2010-05-19 03:52 . 2001-08-17 17:51 20736 ----a-w- c:\windows\system32\dllcache\cmbp0wdm.sys 2010-05-19 03:52 . 2001-08-17 17:57 248064 ----a-w- c:\windows\system32\dllcache\cl546xm.sys 2010-05-19 03:52 . 2001-08-17 18:56 170880 ----a-w- c:\windows\system32\dllcache\cl546x.dll 2010-05-19 03:52 . 2001-08-17 18:56 111232 ----a-w- c:\windows\system32\dllcache\cl5465.dll 2010-05-19 03:52 . 2001-08-17 17:57 45696 ----a-w- c:\windows\system32\dllcache\cirrus.sys 2010-05-19 03:52 . 2001-08-17 18:56 91264 ----a-w- c:\windows\system32\dllcache\cirrus.dll 2010-05-19 03:52 . 2001-08-17 18:02 272640 ----a-w- c:\windows\system32\dllcache\cinemclc.sys 2010-05-19 03:52 . 2001-08-17 16:13 980034 ----a-w- c:\windows\system32\dllcache\cicap.sys 2010-05-19 03:50 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys 2010-05-19 03:16 . 2001-08-17 16:11 31529 ----a-w- c:\windows\system32\dllcache\brzwlan.sys 2010-05-19 03:15 . 2001-08-17 17:12 12160 ----a-w- c:\windows\system32\dllcache\brfiltlo.sys 2010-05-19 03:14 . 2001-08-18 02:36 37376 ----a-w- c:\windows\system32\dllcache\atievxx.exe 2010-05-19 03:13 . 2001-08-17 16:19 553984 ----a-w- c:\windows\system32\dllcache\adm8820.sys 2010-05-19 03:12 . 2004-03-19 22:44 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll 2010-05-19 03:12 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll 2010-05-17 23:55 . 2010-05-17 23:55 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Avira 2010-05-17 22:58 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-05-17 22:58 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-17 22:58 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-05-17 22:58 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-05-17 22:58 . 2010-05-17 22:58 -------- d-----w- c:\program files\Avira 2010-05-17 22:58 . 2010-05-17 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-05-17 22:48 . 2010-05-17 22:49 -------- d-----w- c:\program files\Java 2010-05-17 22:48 . 2010-05-17 22:48 -------- d-----w- c:\program files\Common Files\Java 2010-05-17 22:45 . 2010-05-17 22:45 -------- d-----w- c:\documents and settings\David Vinson\Local Settings\Application Data\{6448F0A6-6813-11D6-A77B-00B0D0150160} 2010-05-17 14:20 . 2010-05-17 14:20 -------- d-----w- c:\program files\Windows Live Safety Center 2010-05-13 20:01 . 2010-05-14 04:32 -------- d-----w- c:\documents and settings\David Vinson\DoctorWeb 2010-05-09 23:26 . 2010-05-10 13:59 -------- d-----w- C:\Combo-Fix 2010-05-07 02:22 . 2010-05-07 02:22 -------- d-----w- c:\program files\Trend Micro 2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Malwarebytes 2010-05-06 01:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-06 01:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-03 03:03 . 2010-05-03 03:03 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Tific 2010-05-03 02:55 . 2010-05-03 02:55 -------- d-----w- c:\documents and settings\David Vinson\Local Settings\Application Data\Symantec 2010-05-03 02:22 . 2010-05-03 02:22 -------- d-----w- c:\program files\Windows Sidebar 2010-05-03 02:20 . 2010-05-17 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-05-03 02:05 . 2010-05-20 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-05-01 01:39 . 2010-05-01 01:39 -------- d-----w- c:\documents and settings\Andy Vinson\Local Settings\Application Data\AOL 2010-05-01 01:37 . 2010-05-01 01:37 -------- d-sh--w- c:\documents and settings\Andy Vinson\IETldCache 2010-04-29 14:37 . 2010-04-29 14:37 -------- d-----w- c:\program files\iPod 2010-04-29 14:37 . 2010-04-29 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-29 14:21 . 2010-04-29 14:21 -------- d-----w- c:\program files\Bonjour . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-18 02:45 . 2007-05-11 02:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-16 18:52 . 2008-01-18 12:44 -------- d-----w- c:\program files\OpenSource Flash Video Splitter 2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-07 10:48 . 2009-05-25 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2010-05-07 10:45 . 2009-12-19 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-05-07 04:15 . 2009-12-24 12:57 0 ----a-w- c:\documents and settings\David Vinson\Local Settings\Application Data\prvlcl.dat 2010-05-06 12:32 . 2005-10-22 03:26 -------- d-----w- c:\program files\Lavasoft 2010-05-06 12:32 . 2008-08-11 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-05 02:21 . 2008-05-31 21:07 -------- d-----w- c:\documents and settings\David Vinson\Application Data\MSN6 2010-04-29 14:39 . 2007-04-05 00:50 -------- d-----w- c:\program files\iTunes 2010-04-29 14:37 . 2007-07-09 13:45 -------- d-----w- c:\program files\Common Files\Apple 2010-04-29 14:31 . 2006-12-18 21:07 -------- d-----w- c:\program files\QuickTime 2010-04-16 12:33 . 2009-03-19 11:02 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-04-16 12:33 . 2007-11-12 03:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Office Genuine Advantage 2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-04-03 05:03 . 2009-09-11 04:04 96272 ---ha-w- c:\windows\system32\mlfcache.dat 2010-03-29 18:04 . 2004-06-03 06:10 130000 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-29 17:30 . 2010-03-29 17:30 -------- d-----w- c:\program files\Eusing Free Registry Cleaner 2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Jasc Software Inc 2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Dell Computer 2010-03-29 14:10 . 2008-01-18 12:43 -------- d-----w- c:\program files\RealMedia 2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Real 2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Common Files\Real 2010-03-29 14:05 . 2010-03-19 02:09 -------- d-----w- c:\program files\SecureBackupShare 2010-03-29 14:02 . 2009-12-22 18:47 -------- d-----w- c:\program files\Uniblue 2010-03-29 13:40 . 2010-03-13 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-03-28 14:59 . 2005-03-22 01:38 -------- d-----w- c:\program files\Avery Wizard 2010-03-28 03:53 . 2007-11-04 21:50 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Uniblue 2010-03-27 11:40 . 2007-05-11 02:24 -------- d--h--w- c:\documents and settings\David Vinson\Application Data\Move Networks 2010-03-23 01:45 . 2010-02-14 22:43 -------- d-----w- c:\documents and settings\David Vinson\Application Data\TrueSwitch 2010-03-23 01:42 . 2009-11-28 16:36 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Amazon 2010-03-10 06:15 . 2004-03-19 22:44 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2002-11-18 11:27 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2006-01-04 22:30 . 2006-01-04 22:30 774144 -c----w- c:\program files\RngInterstitial.dll 2009-10-27 22:22 . 2006-11-11 04:54 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-27 30192] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\documents and settings\Andy Vinson\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2005-6-30 225280] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\PowerTerm WebConnect 5.1\\powerterm.pstcc.edu\\ptermX.exe"= "c:\\WINDOWS\\system32"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "c:\\WINDOWS\\SYSTEM32\\msiexec.exe"= "c:\\PowerTerm WebConnect 5.6\\powerterm.pstcc.edu\\ptermX.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aim6.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aolsoftware.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"= "c:\\Program Files\\NBC Direct\\StoreFrontPlayer.exe"= . Contents of the 'Scheduled Tasks' folder 2010-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2010-05-20 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-12 16:16] 2004-07-01 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2004-03-19 00:12] 2010-05-20 c:\windows\Tasks\User_Feed_Synchronization-{96A8F87C-1609-4822-9E2A-BB33302CC2EE}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} FF - ProfilePath - c:\documents and settings\David Vinson\Application Data\Mozilla\Firefox\Profiles\vic99eqj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071504000001.dll FF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071701000002.dll FF - plugin: c:\program files\Microsoft Research\HDView for Firefox\nphdview.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 4095 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 1000000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 1000000 FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 1000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-20 15:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1732) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\sched.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\fxssvc.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2010-05-20 16:40:00 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-20 20:39 ComboFix2.txt 2010-05-17 02:02 ComboFix3.txt 2010-05-10 13:55 Pre-Run: 8,860,114,944 bytes free Post-Run: 8,895,758,336 bytes free Current=3 Default=3 Failed=5 LastKnownGood=6 Sets=1,2,3,5,6 - - End Of File - - 43A358040A254085C5C6648B08FB29EA
  19. Gaughin
    Actually, I have been able to find and delete the 2 folders now; they didn't show up in the normal method, I had to manually type in the paths; they did not show up just trying to browse through the subfolders, and a search couldn't locate them either. So now I am just trying to get Malwarebytes to the exclusion list and then I will continue with the ComboFix procedure.
  20. Gaughin
    1) In normal mode, there is apparently not enough CPU to allow me to access the menu that would let me add the Malwarebytes files to the exclusion list. In safe mode, I don't have access to those options. 2) I can not find the two folders you are asking me to manually delete. 3) I am hesitant to dump the file into ComboFix until you tell me that it's OK, given that I could not do the first two things. Thanks gaughin
  21. Gaughin
    OK, I have completed this. It did ask for my install disc, and it definitely did something; it took Windows longer than usual to boot up. The icon for Internet Explorer now has a tag (no add-ons). It now will not load on either side, normal boot-up or in safe mode. Thanks for your tenacity, gaughin
  22. Gaughin
    I seem to be at another dead end. I tried to run sfc.exe in safe mode; certain processes are not enabled in safe mode that are required to run sfc.exe I switch to normal mode. I run the software, with one irritating problem. It starts up, and displays a window that says this: [Please wait while Windows verifies that all protected Windows files are intact and in their original versions.] After maybe 5 seconds, a second window opens that says the following: [Files that are required for Windows to run properly must be copied to the DLL cache. Insert your Windows XP Professional CD-ROM now.] This window contains 3 buttons: Retry, More Information, and Cancel. I insert the CD (I know it's the right one; Windows came pre-installed on this machine, and I have to break the seal on this disc, that displays the message "Operating System Already Installed On Your Computer") I push the Retry button. Program runs for 1 or 2 seconds, and Retry screen comes back up. So every time the Retry screen comes up, I push the Retry button. I would up pushing it 637 times. Yes, I counted. Finally, the progress bar is all the way to the right, and the program just quits. The instructions at the BleepingComputer site say that I need to immediately run Windows Updates. Problem with that is that Internet Explorer will not load. I let it sit to try to give it time. Two hours later iexplore.exe is still showing up on Task Manager, but the software is still not available. I shut down the computer and return to safe mode. Internet Explorer pops right up, but when I go to Windows Update, my computer will not communicate with the Update site. I assume this is because I am in safe mode. The Update site gives me an error message that reads "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem." There is an accompanying error message #; [Error number: 0x8007043C]. I search the site for this error number, and of course it says that I am trying to access a service that is not available from safe mode. So, in a nutshell, the service is not available in safe mode, and I can't load Internet Explorer in normal mode to even get to the service. I pushed that damn retry button for 50 minutes, and now seem stuck again. Is there any way to load Windows Update without Internet Explorer? Finally, here's something I have found that could be related to my problem (and seems to suggest to me that this is related to a corrupt Windows update rather than any specific virus/malware.) If I am safe mode, I get about 5% idle CPU. According to Process Explorer, a single instance of svchost.exe is associated with all of the following services; C:\\WINDOWS\SYSTEM32\svchost.exe (netsvcs) Services COM + Event System [EventSystem] Computer Browser [browser] CryptSvc [CryptSvc] DHCP Client [Dhep] Error Reporting Service [ERSvc] Fast User Switching Compatibility [FastUserSwitchingCompatibility] Help and Support [helpsvc] Network Connections [Netman] Network Location Awareness (NLA) [Nla] Remote Access Connection Manager [RasMan] Secondary Logon [seclogon] Security Center [wscsvc] Server [lanmanserver] Shell Hardware Detection [shellHWDetection] System Event Notification [sENS] System Restore Service [srservice] Task Scheduler [schedule] Telephony [TapiSrv] Themes [Themes] Windows Audio [AudioSrv] Windows Firewall/Internet COnnection Sharing (ICS) [sharedAccess] Windows Management Instrumentation [winmgmt] Wireless Zero Configuration [WZCSVC] Workstation [lanmanworkstation] Now, I know that most of these processes are essential for the computer to run, but the interesting thing I have found is that when I kill or stall this process, available idle CPU (in safe mode) immediately jumps from 3-5% to 50-60%. Am I on to anything? Is this machine just dead? Thanks, gaughin
  23. Gaughin
    It seems better on the safe mode side, but about the same on the normal side. As soon as I booted in the normal side, 3 Avira scans popped up automatically (Full scan, Hidden objects search, Updater.) It's been 10 hours, and those are about 1/3 finished. Unless ou say otherwise, I will let them run, it looks like for about 20 more hours, then try to put your next suggestion into play first thing tomorrow morning. Thanks for your help and encouragement. gaughin
  24. Gaughin
    Here's the Avira log Avira AntiVir Personal Report file date: Monday, May 17, 2010 19:57 Scanning for 1990003 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Safe mode with network Username : David Vinson Computer name : VINSON1 Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03 VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:29:03 VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:29:03 VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:29:03 VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:29:03 VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:29:03 VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:29:03 VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:29:03 VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:29:03 VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 20:43:21 VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 20:24:21 VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 22:41:40 VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 14:25:53 VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 14:39:58 VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 18:01:24 VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 15:24:56 VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 12:04:23 VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 14:23:02 VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 22:47:50 VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 00:11:22 VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 22:53:48 VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 18:56:47 VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 10:56:20 VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 14:43:55 VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 14:59:22 VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 17:43:17 VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 17:43:17 VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 17:43:17 Engineversion : 8.2.1.210 AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 17:16:21 AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 21:05:26 AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 23:38:41 AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 16:09:47 AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 16:09:47 AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51 AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 16:09:46 AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 23:43:13 AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25 AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 21:05:25 AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 14:04:22 AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 21:05:25 AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 17:15:06 AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51 AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Monday, May 17, 2010 19:57 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '59' Module(s) have been scanned Scan process 'avcenter.exe' - '92' Module(s) have been scanned Scan process 'svchost.exe' - '50' Module(s) have been scanned Scan process 'firefox.exe' - '74' Module(s) have been scanned Scan process 'procexp.exe' - '66' Module(s) have been scanned Scan process 'Explorer.EXE' - '93' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'svchost.exe' - '48' Module(s) have been scanned Scan process 'lsass.exe' - '49' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '62' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1176' files ). Starting the file scan: Begin scan in 'C:\' C:\Documents and Settings\David Vinson\My Documents\Old computer data files\My Pictures\cabinet maker, jacob lawr [0] Archive type: MacBinary --> cabinet maker, jacob lawr.rsrc [WARNING] The file could not be read! [WARNING] The file could not be read! C:\Documents and Settings\David Vinson\My Documents\Old computer data files\My Pictures\Poppy, O'Keefe [0] Archive type: MacBinary --> Poppy, O'Keefe.rsrc [WARNING] The file could not be read! [WARNING] The file could not be read! End of the scan: Monday, May 17, 2010 22:10 Used time: 2:12:22 Hour(s) The scan has been done completely. 25684 Scanned directories 549947 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 549947 Files not concerned 6188 Archives were scanned 4 Warnings 0 Notes
  25. Gaughin
    Here's the current situation. I may have goofed, but I don't think so. The Windows CD is in storage (I know, we should have it at easier access, but it got moved, along with lots of other stuff, to a rented storage unit when we were trying to clear out room to walk.) Anyway, until I can get to that to try your latest suggestion, I found a way to get Avira to finally load. I was reading up on services.exe related problems, and found some notes that said it was related to unnecessary spawning of svchost.exe instances; I found one that was attached to about a dozen different applications. So I started the Avira install, and it hung like usual, so I manually killed that svchost.exe. It almost immediately reappeared, but in the few seconds it was down, the Avira install started moving again. One more kill of that process, and Avira'a installation was completed. I think I may have gotten Java to install in the same way; it said the installation was complete, but I haven't restarted the computer to find out. Anyway, I was very proud of myself. In fact, maybe too proud; I got so excited that I started an Avira scan, and forgot until I opened up this borrowed computer and looked at the forum that you had specifically asked me not to scan anything without your go ahead. The Avira scan is running now; I will post the result when it is finished. I hope I haven't screwed up our progress. Thanks, gaughin
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.