[Services.exe]

It seems marginally better, but it's definitely not right.

I really appreciate the people who participate in this site. Even though my case is not successful, it was great of you guys to take this much time with me. I would ask 2 final questions.

1) I have read bits and pieces about Windows "repair". Is this worth trying?

2) If not, can you point me to good instructions about how to re-format the hard drive and re-install Windows from scratch? There are so many options that it's hard for a tech-challenged guy like me to know which one to use as a map.

Thanks again for your time

gaughin

[Services.exe]

OK, I went to normal mode. I was able to get the command mode to load. The computer reported back that the automatic service was successfully stopped.

Still in normal mode, I attempted to re-check the folders C:\Windows\System32\Catroot2 and C:\Windows\SoftwareDistribution\Download

The flashlight/search icon ran continuously for about 15 minutes without ever displaying any folders.

I switched to Safe Mode with Networking. I could access the folders from there. I re-named C:\Windows\System32\Catroot2 to C:\Windows\System32\CR3OLD (since I had previously created CR2OLD). C:\Windows\SoftwareDistribution\Download remained empty. I still have approximately 0-5% available CPU with services.exe consistently taking 90% or more of the CPU.

Thanks for your continued help.

gaughin

[Services.exe]

I completed all 4 steps in safe mode. Should I try to run them in normal mode?

There seems to be no significant change. Available CPU is still consistently 0-3%. If I am in normal mode, I can open office documents, for instance, but then can not work in the files; everything freezes up. iTunes will open, but then is non-responsive, and in fact, seems to lock up the entire computer.

Should I try the 4 steps in normal mode, or does that matter? It seemed like the CMD gave me some sort of error message.

Thanks

gaughin

[Services.exe]

Sorry, forgot to paste it in!

Avira AntiVir Personal

Report file date: Sunday, May 23, 2010 16:01

Scanning for 1990003 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Safe mode with network

Username : David Vinson

Computer name : VINSON1

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03

VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:29:03

VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:29:03

VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:29:03

VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:29:03

VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:29:03

VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:29:03

VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:29:03

VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:29:03

VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 20:43:21

VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 20:24:21

VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 22:41:40

VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 14:25:53

VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 14:39:58

VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 18:01:24

VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 15:24:56

VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 12:04:23

VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 14:23:02

VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 22:47:50

VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 00:11:22

VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 22:53:48

VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 18:56:47

VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 10:56:20

VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 14:43:55

VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 14:59:22

VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 17:43:17

VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 17:43:17

VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 17:43:17

Engineversion : 8.2.1.210

AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 17:16:21

AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 21:05:26

AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 23:38:41

AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 16:09:47

AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 16:09:47

AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51

AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 16:09:46

AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 23:43:13

AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25

AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 21:05:25

AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 14:04:22

AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 21:05:25

AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 17:15:06

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:

Jobname.............................: Scan for Rootkits and active malware

Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\rootkit.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: high

Skipped files.......................: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe, C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe, C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe,

Start of the scan: Sunday, May 23, 2010 16:01

Starting search for hidden objects.

The driver could not be initialized.

The scan of running processes will be started

Scan process 'avscan.exe' - '59' Module(s) have been scanned

Scan process 'avcenter.exe' - '93' Module(s) have been scanned

Scan process 'firefox.exe' - '74' Module(s) have been scanned

Scan process 'Explorer.EXE' - '82' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'svchost.exe' - '106' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '48' Module(s) have been scanned

Scan process 'lsass.exe' - '48' Module(s) have been scanned

Scan process 'services.exe' - '27' Module(s) have been scanned

Scan process 'winlogon.exe' - '62' Module(s) have been scanned

Scan process 'csrss.exe' - '12' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).

The registry was scanned ( '1175' files ).

Starting the file scan:

Begin scan in 'C:'

C:\Documents and Settings\David Vinson\My Documents\Old computer data files\My Pictures\cabinet maker, jacob lawr

[0] Archive type: MacBinary

--> cabinet maker, jacob lawr.rsrc

[WARNING] The file could not be read!

[WARNING] The file could not be read!

C:\Documents and Settings\David Vinson\My Documents\Old computer data files\My Pictures\Poppy, O'Keefe

[0] Archive type: MacBinary

--> Poppy, O'Keefe.rsrc

[WARNING] The file could not be read!

[WARNING] The file could not be read!

C:\Program Files\Musicnotes\uninstsc.exe

[DETECTION] Contains HEUR/Malware suspicious code

Beginning disinfection:

C:\Program Files\Musicnotes\uninstsc.exe

[DETECTION] Contains HEUR/Malware suspicious code

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to the quarantine directory under the name '4ef8609b.qua'.

End of the scan: Sunday, May 23, 2010 20:09

Used time: 3:56:32 Hour(s)

The scan has been done completely.

25760 Scanned directories

555496 Files were scanned

0 Viruses and/or unwanted programs were found

1 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

555495 Files not concerned

6278 Archives were scanned

4 Warnings

1 Notes

I will try your next procedure when Lost is over.

gaughin

[Services.exe]

I am so sorry! Just saw the note about addreply!

gaughin

[Services.exe]

Here's the result of the scan. Thanks for your help.

gaughin

[Services.exe]

No, no change.

Oh, I just figured out how to enact the exclusions (had to hit the "expert" radio button and go to a different submenu.)

Now that they are excluded, should I run another full Avira scan?

Thanks

gaughin

[Services.exe]

What about step 1? Any change?

No, no change.

[Services.exe]

Here is the portion of the help that deals with these exclusions

Configuration :: Scanner :: Scan

Exceptions

File objects to be omitted for the scanner

The list in this window contains files and paths that should not be included by the Scanner in the scan for viruses or unwanted programs.

Please enter as few exceptions as possible here and really only files that, for whatever reason, should not be included in a normal scan. We recommend that you always scan these files for viruses or unwanted programs before they are included in this list!

Note

The entries on the list must not result in more than 6000 characters in total.

Warning

These files are not included in a scan!

Note

The files included in this list are entered in the report file. Please check the report file from time to time for unscanned files, as perhaps the reason you excluded a file here no longer exists. In this case you should remove the name of this file from this list again.

Input box

In this input box you can enter the name of the file object that is not included in the on-demand scan. No file object is entered as the default setting.

The button opens a window in which you can select the required file or the required path.

When you have entered a file name with its complete path, only this file is not scanned for infection. If you have entered a file name without a path, all files with this name (irrespective of the path or drive) are not scanned.

Add

With this button, you can add the file object entered in the input box to the display window.

But when I open Avira in safe mode, I can't find an input or an add button. When I open Avira in normal mode, everything freezes up as soon as I try to open any window. Is there some aspect of adding exclusions that I am overlooking? I can not figure it out.

Thanks, I will keep looking,

gaughin

[Services.exe]

Once again, I am grateful for your help. Here are the requested logs.

DDS (Ver_09-09-29.01) - NTFSx86 NETWORK

Run by David Vinson at 23:25:25.67 on Sat 05/22/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_01

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.639 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\David Vinson\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [DVDSentry] c:\windows\system32\DSentry.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davidv~1\applic~1\mozilla\firefox\profiles\vic99eqj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - plugin: c:\documents and settings\david vinson\application data\move networks\plugins\npqmp071504000001.dll

FF - plugin: c:\documents and settings\david vinson\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\microsoft research\hdview for firefox\nphdview.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-17 11608]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-17 135336]

S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-17 267432]

S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-17 60936]

S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-11-11 30192]

S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2008-6-13 68954]

S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================

2010-05-20 09:45 <DIR> --d----- c:\windows\system32\drivers\N360

2010-05-19 00:18 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll

2010-05-19 00:18 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-05-19 00:18 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll

2010-05-19 00:18 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe

2010-05-19 00:18 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe

2010-05-19 00:17 99,865 a------- c:\windows\system32\dllcache\xlog.exe

2010-05-19 00:17 28,288 a------- c:\windows\system32\dllcache\xjis.nls

2010-05-19 00:17 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys

2010-05-19 00:17 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys

2010-05-19 00:17 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys

2010-05-19 00:17 8,192 a------- c:\windows\system32\dllcache\wshirda.dll

2010-05-19 00:15 11,775 a------- c:\windows\system32\dllcache\wadv05nt.sys

2010-05-19 00:14 26,112 a------- c:\windows\system32\dllcache\usbser.sys

2010-05-19 00:13 241,664 a------- c:\windows\system32\dllcache\tosdvd02.sys

2010-05-19 00:12 285,760 a------- c:\windows\system32\dllcache\stlnata.sys

2010-05-19 00:11 24,576 a------- c:\windows\system32\dllcache\smc8000n.sys

2010-05-19 00:10 386,560 a------- c:\windows\system32\dllcache\sgiul50.dll

2010-05-19 00:09 79,872 a------- c:\windows\system32\dllcache\rwia430.dll

2010-05-19 00:08 6,016 a------- c:\windows\system32\dllcache\qic157.sys

2010-05-19 00:07 105,984 a------- c:\windows\system32\dllcache\phdsext.ax

2010-05-19 00:06 54,528 a------- c:\windows\system32\dllcache\opl3sax.sys

2010-05-19 00:05 39,264 a------- c:\windows\system32\dllcache\neo20xx.sys

2010-05-19 00:04 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys

2010-05-19 00:04 22,016 a------- c:\windows\system32\dllcache\msircomm.sys

2010-05-19 00:04 1,875,968 a------- c:\windows\system32\dllcache\msir3jp.lex

2010-05-19 00:04 98,304 a------- c:\windows\system32\dllcache\msir3jp.dll

2010-05-19 00:04 35,200 a------- c:\windows\system32\dllcache\msgame.sys

2010-05-19 00:04 6,016 a------- c:\windows\system32\dllcache\msfsio.sys

2010-05-19 00:04 6,528 a------- c:\windows\system32\dllcache\miniqic.sys

2010-05-19 00:04 34,304 a------- c:\windows\system32\dllcache\migisol.exe

2010-05-19 00:04 320,384 a------- c:\windows\system32\dllcache\mgaum.sys

2010-05-19 00:04 235,648 a------- c:\windows\system32\dllcache\mgaud.dll

2010-05-19 00:04 92,416 a------- c:\windows\system32\dllcache\mga.sys

2010-05-19 00:02 19,016 a------- c:\windows\system32\dllcache\ktc111.sys

2010-05-19 00:02 47,066 a------- c:\windows\system32\dllcache\ksc.nls

2010-05-19 00:02 37,376 a------- c:\windows\system32\dllcache\kousd.dll

2010-05-19 00:02 1,158,818 a------- c:\windows\system32\dllcache\korwbrkr.lex

2010-05-19 00:02 70,656 a------- c:\windows\system32\dllcache\korwbrkr.dll

2010-05-19 00:02 253,952 a------- c:\windows\system32\dllcache\kdsusd.dll

2010-05-19 00:02 48,640 a------- c:\windows\system32\dllcache\kdsui.dll

2010-05-19 00:02 5,632 a------- c:\windows\system32\dllcache\kbdusa.dll

2010-05-19 00:02 7,680 a------- c:\windows\system32\dllcache\kbdnecnt.dll

2010-05-19 00:02 9,216 a------- c:\windows\system32\dllcache\kbdnecat.dll

2010-05-19 00:02 7,168 a------- c:\windows\system32\dllcache\kbdnec95.dll

2010-05-19 00:02 8,192 a------- c:\windows\system32\dllcache\kbdkor.dll

2010-05-19 00:02 8,704 a------- c:\windows\system32\dllcache\kbdjpn.dll

2010-05-19 00:00 311,359 a------- c:\windows\system32\dllcache\imepadsv.exe

2010-05-18 23:59 488,383 a------- c:\windows\system32\dllcache\hsf_v124.sys

2010-05-18 23:58 8,576 a------- c:\windows\system32\dllcache\hidgame.sys

2010-05-18 23:57 71,680 a------- c:\windows\system32\dllcache\fnfilter.dll

2010-05-18 23:56 37,120 a------- c:\windows\system32\dllcache\es1370mp.sys

2010-05-18 23:55 334,208 a------- c:\windows\system32\dllcache\ds1wdm.sys

2010-05-18 23:54 21,606 a------- c:\windows\system32\dllcache\digiisdn.sys

2010-05-18 23:53 27,136 a------- c:\windows\system32\dllcache\cyzcoins.dll

2010-05-18 23:52 20,736 a------- c:\windows\system32\dllcache\cmbp0wdm.sys

2010-05-18 23:52 248,064 a------- c:\windows\system32\dllcache\cl546xm.sys

2010-05-18 23:52 170,880 a------- c:\windows\system32\dllcache\cl546x.dll

2010-05-18 23:52 111,232 a------- c:\windows\system32\dllcache\cl5465.dll

2010-05-18 23:52 45,696 a------- c:\windows\system32\dllcache\cirrus.sys

2010-05-18 23:52 91,264 a------- c:\windows\system32\dllcache\cirrus.dll

2010-05-18 23:52 272,640 a------- c:\windows\system32\dllcache\cinemclc.sys

2010-05-18 23:52 980,034 a------- c:\windows\system32\dllcache\cicap.sys

2010-05-18 23:50 13,824 a------- c:\windows\system32\dllcache\bulltlp3.sys

2010-05-18 23:16 66,082 a------- c:\windows\system32\dllcache\c_20297.nls

2010-05-18 23:15 12,160 a------- c:\windows\system32\dllcache\brfiltlo.sys

2010-05-18 23:14 37,376 a------- c:\windows\system32\dllcache\atievxx.exe

2010-05-18 23:13 553,984 a------- c:\windows\system32\dllcache\adm8820.sys

2010-05-18 23:12 7,168 a------- c:\windows\system32\dllcache\wamregps.dll

2010-05-18 23:12 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll

2010-05-17 19:55 <DIR> --d----- c:\docume~1\davidv~1\applic~1\Avira

2010-05-17 18:58 60,936 a------- c:\windows\system32\drivers\avgntflt.sys

2010-05-17 18:58 <DIR> --d----- c:\program files\Avira

2010-05-17 18:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira

2010-05-17 18:49 69,632 a------- c:\windows\system32\javacpl.cpl

2010-05-13 16:01 <DIR> --d----- c:\documents and settings\david vinson\DoctorWeb

2010-05-09 20:01 <DIR> a-dshr-- C:\cmdcons

2010-05-09 19:30 256,512 a------- c:\windows\PEV.exe

2010-05-09 19:30 161,792 a------- c:\windows\SWREG.exe

2010-05-09 19:30 98,816 a------- c:\windows\sed.exe

2010-05-09 19:30 77,312 a------- c:\windows\MBR.exe

2010-05-09 19:26 <DIR> --d----- C:\Combo-Fix

2010-05-06 22:22 <DIR> --d----- c:\program files\Trend Micro

2010-05-05 21:40 <DIR> --d----- c:\docume~1\davidv~1\applic~1\Malwarebytes

2010-05-05 21:40 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-05 21:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-05-05 21:40 20,952 a------- c:\windows\system32\drivers\mbam.sys

2010-05-05 21:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2010-05-02 23:03 <DIR> --d----- c:\docume~1\davidv~1\applic~1\Tific

2010-05-02 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller

2010-05-02 22:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton

2010-04-29 10:37 <DIR> --d----- c:\program files\iPod

2010-04-29 10:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-29 10:21 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2010-04-16 08:33 3,003,680 a------- c:\windows\system32\usbaaplrc.dll

2010-04-16 08:33 41,472 a------- c:\windows\system32\drivers\usbaapl.sys

2010-04-08 13:20 107,808 a------- c:\windows\system32\dns-sd.exe

2010-04-08 13:20 91,424 a------- c:\windows\system32\dnssd.dll

2010-04-03 01:03 96,272 a---h--- c:\windows\system32\mlfcache.dat

2010-03-10 02:15 420,352 a------- c:\windows\system32\vbscript.dll

2010-03-10 02:15 420,352 a------- c:\windows\system32\dllcache\vbscript.dll

2010-02-25 11:54 11,070,976 -------- c:\windows\system32\dllcache\ieframe.dll

2010-02-24 09:11 455,680 a------- c:\windows\system32\dllcache\mrxsmb.sys

2010-02-24 05:54 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe

2008-03-14 16:07 32 -c---r-- c:\documents and settings\all users\hash.dat

2006-01-04 18:30 774,144 -c------ c:\program files\RngInterstitial.dll

2008-09-27 20:20 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 23:26:41.43 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 6/30/2004 7:34:54 PM

System Uptime: 5/22/2010 11:51:58 AM (12 hours ago)

Motherboard: Dell Computer Corp. | | 0W2562

Processor: Intel

[Services.exe]

Please follow these instructions:

http://www.symantec.com/norton/support/kb/...0091202133639EN

I have completed the Norton removal. CPU usage approximately the same.

Thanks

gaughin

[Services.exe]

Now, I want to know is everything okay there.

No, it's not. CPU usage is still around 90-95% when in normal mode, Office software looks like it is loading, but if I try to open any file, it freezes up the entire computer, forcing a hard shut-down. IE will open in safe mode, but not in normal mode, so I still can't run windows update.

Thanks

gaughin

[Services.exe]

Yes, please, run it again. Don't worry about Norton.

iefix did not seem to respond; i hit the "run" button, and it did not respond in any way for 35 minutes. But I do have Internet Exporer running (I am typing this from within it now.) I simply downloaded a fresh version of IE8 and re-installed it. So now that IE is working, what next? I appreciate the education I am receiving from these exchanges, though I suppose you are tired of me by now. Thanks again,

gaughin

[Services.exe]

Wow... perfect. IEFix not help?

Apparently not. Should I try to run it again? By the way, one strange thing happened with ComboFix; since I couldn't disable Norton, and since I had Avira running, I simply uninstalled Norton. Despite this, when ComboFix ran, it reported that Norton was running.

Thanks,

gaughin

[Services.exe]

I did not want to happen, but if you are able to do so, I strongly recommend it.

Actually, for whatever reason, after I re-started the machine this morning, I could get Firefox to start. And surprisingly, I seem to consistently have 10-15% free CPU. Internet Explorer still won't open, but if you have any other fix options, I am willing to try them. I don't trust the locals.

Thanks

gaughin

[Services.exe]

Is Windows repair an option? Or should I just try to find a reputable local person to work on it? Without any internet access, I assume I am crippled.

[Services.exe]

And now there's a more troubling problem; I can no longer connect to the internet with either Firefox or Internet Explorer, whether I am in safe mode or not.

gaughin

[Services.exe]

Actually, I have been able to find and delete the 2 folders now; they didn't show up in the normal method, I had to manually type in the paths; they did not show up just trying to browse through the subfolders, and a search couldn't locate them either. So now I am just trying to get Malwarebytes to the exclusion list and then I will continue with the ComboFix procedure.

It took about 3 hours to run it; automatically re-booted the computer, and took about 90 more minutes to generate the combofix log. CPU usage still stuck generally between 98-100%; outside of safe mode, virtually no software will open. Here's the combofix log

ComboFix 10-05-19.08 - David Vinson 05/20/2010 12:30:06.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.640 [GMT -4:00]

Running from: c:\documents and settings\David Vinson\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\David Vinson\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IDRMKL

-------\Legacy_MCCOMPONENTHOSTSERVICE

-------\Service_idrmkl

-------\Service_jfuf

-------\Service_McComponentHostService

((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))

.

2010-05-20 13:45 . 2010-05-20 13:45 -------- d-----w- c:\windows\system32\drivers\N360

2010-05-19 04:18 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-05-19 04:18 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-05-19 04:18 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-05-19 04:18 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-05-19 04:18 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-05-19 04:17 . 2001-08-18 02:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe

2010-05-19 04:17 . 2001-08-17 16:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-05-19 04:17 . 2004-08-04 05:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-05-19 04:17 . 2004-08-04 05:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-05-19 04:17 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-05-19 04:15 . 2004-08-04 05:29 11775 ----a-w- c:\windows\system32\dllcache\wadv05nt.sys

2010-05-19 04:14 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys

2010-05-19 04:13 . 2001-08-17 18:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys

2010-05-19 04:12 . 2001-08-17 16:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys

2010-05-19 04:11 . 2001-08-17 16:12 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys

2010-05-19 04:10 . 2001-08-18 02:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll

2010-05-19 04:09 . 2001-08-18 02:36 79872 ----a-w- c:\windows\system32\dllcache\rwia430.dll

2010-05-19 04:08 . 2008-04-13 18:40 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys

2010-05-19 04:07 . 2004-03-19 22:41 20992 ----a-w- c:\windows\system32\dllcache\permchk.dll

2010-05-19 04:06 . 2001-08-17 16:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys

2010-05-19 04:05 . 2001-08-17 16:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys

2010-05-19 04:04 . 2001-08-17 18:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys

2010-05-19 04:04 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2010-05-19 04:04 . 2003-03-31 10:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll

2010-05-19 04:04 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys

2010-05-19 04:04 . 2001-08-17 17:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys

2010-05-19 04:04 . 2001-08-17 17:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys

2010-05-19 04:04 . 2004-03-19 22:39 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe

2010-05-19 04:04 . 2001-08-17 16:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys

2010-05-19 04:04 . 2001-08-17 18:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll

2010-05-19 04:04 . 2004-03-19 22:39 92416 ----a-w- c:\windows\system32\dllcache\mga.sys

2010-05-19 04:02 . 2001-08-17 16:12 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys

2010-05-19 04:02 . 2001-08-18 02:36 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll

2010-05-19 04:02 . 2003-03-31 10:00 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll

2010-05-19 04:02 . 2008-04-14 00:11 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll

2010-05-19 04:02 . 2008-04-14 00:11 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll

2010-05-19 04:02 . 2004-03-19 22:38 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll

2010-05-19 04:02 . 2004-03-19 22:38 7680 ----a-w- c:\windows\system32\dllcache\kbdnecnt.dll

2010-05-19 04:02 . 2004-03-19 22:38 9216 ----a-w- c:\windows\system32\dllcache\kbdnecat.dll

2010-05-19 04:02 . 2004-03-19 22:38 7168 ----a-w- c:\windows\system32\dllcache\kbdnec95.dll

2010-05-19 04:02 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll

2010-05-19 04:02 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll

2010-05-19 04:00 . 2003-03-31 10:00 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe

2010-05-19 03:59 . 2001-08-17 17:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys

2010-05-19 03:58 . 2001-08-17 18:02 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys

2010-05-19 03:57 . 2001-08-18 02:36 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll

2010-05-19 03:56 . 2001-08-17 16:19 37120 ----a-w- c:\windows\system32\dllcache\es1370mp.sys

2010-05-19 03:55 . 2001-08-17 16:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys

2010-05-19 03:54 . 2001-08-17 16:14 21606 ----a-w- c:\windows\system32\dllcache\digiisdn.sys

2010-05-19 03:53 . 2001-08-18 02:36 27136 ----a-w- c:\windows\system32\dllcache\cyzcoins.dll

2010-05-19 03:52 . 2001-08-17 17:51 20736 ----a-w- c:\windows\system32\dllcache\cmbp0wdm.sys

2010-05-19 03:52 . 2001-08-17 17:57 248064 ----a-w- c:\windows\system32\dllcache\cl546xm.sys

2010-05-19 03:52 . 2001-08-17 18:56 170880 ----a-w- c:\windows\system32\dllcache\cl546x.dll

2010-05-19 03:52 . 2001-08-17 18:56 111232 ----a-w- c:\windows\system32\dllcache\cl5465.dll

2010-05-19 03:52 . 2001-08-17 17:57 45696 ----a-w- c:\windows\system32\dllcache\cirrus.sys

2010-05-19 03:52 . 2001-08-17 18:56 91264 ----a-w- c:\windows\system32\dllcache\cirrus.dll

2010-05-19 03:52 . 2001-08-17 18:02 272640 ----a-w- c:\windows\system32\dllcache\cinemclc.sys

2010-05-19 03:52 . 2001-08-17 16:13 980034 ----a-w- c:\windows\system32\dllcache\cicap.sys

2010-05-19 03:50 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys

2010-05-19 03:16 . 2001-08-17 16:11 31529 ----a-w- c:\windows\system32\dllcache\brzwlan.sys

2010-05-19 03:15 . 2001-08-17 17:12 12160 ----a-w- c:\windows\system32\dllcache\brfiltlo.sys

2010-05-19 03:14 . 2001-08-18 02:36 37376 ----a-w- c:\windows\system32\dllcache\atievxx.exe

2010-05-19 03:13 . 2001-08-17 16:19 553984 ----a-w- c:\windows\system32\dllcache\adm8820.sys

2010-05-19 03:12 . 2004-03-19 22:44 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll

2010-05-19 03:12 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-05-17 23:55 . 2010-05-17 23:55 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Avira

2010-05-17 22:58 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-05-17 22:58 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-05-17 22:58 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-05-17 22:58 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-05-17 22:58 . 2010-05-17 22:58 -------- d-----w- c:\program files\Avira

2010-05-17 22:58 . 2010-05-17 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-05-17 22:48 . 2010-05-17 22:49 -------- d-----w- c:\program files\Java

2010-05-17 22:48 . 2010-05-17 22:48 -------- d-----w- c:\program files\Common Files\Java

2010-05-17 22:45 . 2010-05-17 22:45 -------- d-----w- c:\documents and settings\David Vinson\Local Settings\Application Data\{6448F0A6-6813-11D6-A77B-00B0D0150160}

2010-05-17 14:20 . 2010-05-17 14:20 -------- d-----w- c:\program files\Windows Live Safety Center

2010-05-13 20:01 . 2010-05-14 04:32 -------- d-----w- c:\documents and settings\David Vinson\DoctorWeb

2010-05-09 23:26 . 2010-05-10 13:59 -------- d-----w- C:\Combo-Fix

2010-05-07 02:22 . 2010-05-07 02:22 -------- d-----w- c:\program files\Trend Micro

2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Malwarebytes

2010-05-06 01:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-06 01:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-03 03:03 . 2010-05-03 03:03 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Tific

2010-05-03 02:55 . 2010-05-03 02:55 -------- d-----w- c:\documents and settings\David Vinson\Local Settings\Application Data\Symantec

2010-05-03 02:22 . 2010-05-03 02:22 -------- d-----w- c:\program files\Windows Sidebar

2010-05-03 02:20 . 2010-05-17 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-05-03 02:05 . 2010-05-20 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-05-01 01:39 . 2010-05-01 01:39 -------- d-----w- c:\documents and settings\Andy Vinson\Local Settings\Application Data\AOL

2010-05-01 01:37 . 2010-05-01 01:37 -------- d-sh--w- c:\documents and settings\Andy Vinson\IETldCache

2010-04-29 14:37 . 2010-04-29 14:37 -------- d-----w- c:\program files\iPod

2010-04-29 14:37 . 2010-04-29 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-29 14:21 . 2010-04-29 14:21 -------- d-----w- c:\program files\Bonjour

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-18 02:45 . 2007-05-11 02:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-16 18:52 . 2008-01-18 12:44 -------- d-----w- c:\program files\OpenSource Flash Video Splitter

2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-05-07 10:48 . 2009-05-25 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2010-05-07 10:45 . 2009-12-19 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-05-07 04:15 . 2009-12-24 12:57 0 ----a-w- c:\documents and settings\David Vinson\Local Settings\Application Data\prvlcl.dat

2010-05-06 12:32 . 2005-10-22 03:26 -------- d-----w- c:\program files\Lavasoft

2010-05-06 12:32 . 2008-08-11 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-05-05 02:21 . 2008-05-31 21:07 -------- d-----w- c:\documents and settings\David Vinson\Application Data\MSN6

2010-04-29 14:39 . 2007-04-05 00:50 -------- d-----w- c:\program files\iTunes

2010-04-29 14:37 . 2007-07-09 13:45 -------- d-----w- c:\program files\Common Files\Apple

2010-04-29 14:31 . 2006-12-18 21:07 -------- d-----w- c:\program files\QuickTime

2010-04-16 12:33 . 2009-03-19 11:02 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-04-16 12:33 . 2007-11-12 03:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Office Genuine Advantage

2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-04-03 05:03 . 2009-09-11 04:04 96272 ---ha-w- c:\windows\system32\mlfcache.dat

2010-03-29 18:04 . 2004-06-03 06:10 130000 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-29 17:30 . 2010-03-29 17:30 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Jasc Software Inc

2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Dell Computer

2010-03-29 14:10 . 2008-01-18 12:43 -------- d-----w- c:\program files\RealMedia

2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Real

2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Common Files\Real

2010-03-29 14:05 . 2010-03-19 02:09 -------- d-----w- c:\program files\SecureBackupShare

2010-03-29 14:02 . 2009-12-22 18:47 -------- d-----w- c:\program files\Uniblue

2010-03-29 13:40 . 2010-03-13 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-03-28 14:59 . 2005-03-22 01:38 -------- d-----w- c:\program files\Avery Wizard

2010-03-28 03:53 . 2007-11-04 21:50 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Uniblue

2010-03-27 11:40 . 2007-05-11 02:24 -------- d--h--w- c:\documents and settings\David Vinson\Application Data\Move Networks

2010-03-23 01:45 . 2010-02-14 22:43 -------- d-----w- c:\documents and settings\David Vinson\Application Data\TrueSwitch

2010-03-23 01:42 . 2009-11-28 16:36 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Amazon

2010-03-10 06:15 . 2004-03-19 22:44 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2002-11-18 11:27 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2006-01-04 22:30 . 2006-01-04 22:30 774144 -c----w- c:\program files\RngInterstitial.dll

2009-10-27 22:22 . 2006-11-11 04:54 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-27 30192]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\Andy Vinson\Start Menu\Programs\Startup\

PowerReg Scheduler V3.exe [2005-6-30 225280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\PowerTerm WebConnect 5.1\\powerterm.pstcc.edu\\ptermX.exe"=

"c:\\WINDOWS\\system32"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

"c:\\WINDOWS\\SYSTEM32\\msiexec.exe"=

"c:\\PowerTerm WebConnect 5.6\\powerterm.pstcc.edu\\ptermX.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aim6.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\Last.fm\\LastFM.exe"=

"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=

"c:\\Program Files\\NBC Direct\\StoreFrontPlayer.exe"=

.

Contents of the 'Scheduled Tasks' folder

2010-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-05-20 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-12 16:16]

2004-07-01 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-03-19 00:12]

2010-05-20 c:\windows\Tasks\User_Feed_Synchronization-{96A8F87C-1609-4822-9E2A-BB33302CC2EE}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}

FF - ProfilePath - c:\documents and settings\David Vinson\Application Data\Mozilla\Firefox\Profiles\vic99eqj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071504000001.dll

FF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\Microsoft Research\HDView for Firefox\nphdview.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-20 15:37

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1732)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\sched.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\fxssvc.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2010-05-20 16:40:00 - machine was rebooted

ComboFix-quarantined-files.txt 2010-05-20 20:39

ComboFix2.txt 2010-05-17 02:02

ComboFix3.txt 2010-05-10 13:55

Pre-Run: 8,860,114,944 bytes free

Post-Run: 8,895,758,336 bytes free

Current=3 Default=3 Failed=5 LastKnownGood=6 Sets=1,2,3,5,6

- - End Of File - - 43A358040A254085C5C6648B08FB29EA

[Services.exe]

Actually, I have been able to find and delete the 2 folders now; they didn't show up in the normal method, I had to manually type in the paths; they did not show up just trying to browse through the subfolders, and a search couldn't locate them either. So now I am just trying to get Malwarebytes to the exclusion list and then I will continue with the ComboFix procedure.

[Services.exe]

1) In normal mode, there is apparently not enough CPU to allow me to access the menu that would let me add the Malwarebytes files to the exclusion list. In safe mode, I don't have access to those options.

2) I can not find the two folders you are asking me to manually delete.

3) I am hesitant to dump the file into ComboFix until you tell me that it's OK, given that I could not do the first two things.

Thanks

gaughin

[Services.exe]

OK, I have completed this. It did ask for my install disc, and it definitely did something; it took Windows longer than usual to boot up. The icon for Internet Explorer now has a tag (no add-ons). It now will not load on either side, normal boot-up or in safe mode.

Thanks for your tenacity,

gaughin

[Services.exe]

Good strategy. Go!

I seem to be at another dead end.

I tried to run sfc.exe in safe mode; certain processes are not enabled in safe mode that are required to run sfc.exe

I switch to normal mode. I run the software, with one irritating problem. It starts up, and displays a window that says this:

[Please wait while Windows verifies that all protected Windows files are intact and in their original versions.]

After maybe 5 seconds, a second window opens that says the following:

[Files that are required for Windows to run properly must be copied to the DLL cache.

Insert your Windows XP Professional CD-ROM now.]

This window contains 3 buttons: Retry, More Information, and Cancel.

I insert the CD (I know it's the right one; Windows came pre-installed on this machine, and I have to break the seal on this disc, that displays the message "Operating System Already Installed On Your Computer")

I push the Retry button. Program runs for 1 or 2 seconds, and Retry screen comes back up. So every time the Retry screen comes up, I push the Retry button. I would up pushing it 637 times. Yes, I counted. Finally, the progress bar is all the way to the right, and the program just quits. The instructions at the BleepingComputer site say that I need to immediately run Windows Updates. Problem with that is that Internet Explorer will not load. I let it sit to try to give it time. Two hours later iexplore.exe is still showing up on Task Manager, but the software is still not available.

I shut down the computer and return to safe mode. Internet Explorer pops right up, but when I go to Windows Update, my computer will not communicate with the Update site. I assume this is because I am in safe mode. The Update site gives me an error message that reads "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem." There is an accompanying error message #; [Error number: 0x8007043C]. I search the site for this error number, and of course it says that I am trying to access a service that is not available from safe mode.

So, in a nutshell, the service is not available in safe mode, and I can't load Internet Explorer in normal mode to even get to the service. I pushed that damn retry button for 50 minutes, and now seem stuck again. Is there any way to load Windows Update without Internet Explorer?

Finally, here's something I have found that could be related to my problem (and seems to suggest to me that this is related to a corrupt Windows update rather than any specific virus/malware.)

If I am safe mode, I get about 5% idle CPU. According to Process Explorer, a single instance of svchost.exe is associated with all of the following services;

C:\\WINDOWS\SYSTEM32\svchost.exe (netsvcs)

Services

COM + Event System [EventSystem]

Computer Browser [browser]

CryptSvc [CryptSvc]

DHCP Client [Dhep]

Error Reporting Service [ERSvc]

Fast User Switching Compatibility [FastUserSwitchingCompatibility]

Help and Support [helpsvc]

Network Connections [Netman]

Network Location Awareness (NLA) [Nla]

Remote Access Connection Manager [RasMan]

Secondary Logon [seclogon]

Security Center [wscsvc]

Server [lanmanserver]

Shell Hardware Detection [shellHWDetection]

System Event Notification [sENS]

System Restore Service [srservice]

Task Scheduler [schedule]

Telephony [TapiSrv]

Themes [Themes]

Windows Audio [AudioSrv]

Windows Firewall/Internet COnnection Sharing (ICS) [sharedAccess]

Windows Management Instrumentation [winmgmt]

Wireless Zero Configuration [WZCSVC]

Workstation [lanmanworkstation]

Now, I know that most of these processes are essential for the computer to run, but the interesting thing I have found is that when I kill or stall this process, available idle CPU (in safe mode) immediately jumps from 3-5% to 50-60%.

Am I on to anything? Is this machine just dead?

Thanks,

gaughin

[Services.exe]

Unbelievable! Congratulations!

Any change? What about my instructions?

It seems better on the safe mode side, but about the same on the normal side. As soon as I booted in the normal side, 3 Avira scans popped up automatically (Full scan, Hidden objects search, Updater.) It's been 10 hours, and those are about 1/3 finished. Unless ou say otherwise, I will let them run, it looks like for about 20 more hours, then try to put your next suggestion into play first thing tomorrow morning.

Thanks for your help and encouragement.

gaughin

[Services.exe]

Here's the Avira log

Avira AntiVir Personal

Report file date: Monday, May 17, 2010 19:57

Scanning for 1990003 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Safe mode with network

Username : David Vinson

Computer name : VINSON1

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03

VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:29:03

VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:29:03

VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:29:03

VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:29:03

VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:29:03

VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:29:03

VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:29:03

VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:29:03

VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 20:43:21

VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 20:24:21

VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 22:41:40

VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 14:25:53

VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 14:39:58

VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 18:01:24

VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 15:24:56

VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 12:04:23

VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 14:23:02

VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 22:47:50

VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 00:11:22

VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 22:53:48

VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 18:56:47

VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 10:56:20

VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 14:43:55

VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 14:59:22

VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 17:43:17

VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 17:43:17

VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 17:43:17

Engineversion : 8.2.1.210

AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 17:16:21

AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 21:05:26

AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 23:38:41

AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 16:09:47

AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 16:09:47

AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51

AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 16:09:46

AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 23:43:13

AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25

AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 21:05:25

AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 14:04:22

AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 21:05:25

AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 17:15:06

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Monday, May 17, 2010 19:57

Starting search for hidden objects.

The driver could not be initialized.

The scan of running processes will be started

Scan process 'avscan.exe' - '59' Module(s) have been scanned

Scan process 'avcenter.exe' - '92' Module(s) have been scanned

Scan process 'svchost.exe' - '50' Module(s) have been scanned

Scan process 'firefox.exe' - '74' Module(s) have been scanned

Scan process 'procexp.exe' - '66' Module(s) have been scanned

Scan process 'Explorer.EXE' - '93' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '48' Module(s) have been scanned

Scan process 'lsass.exe' - '49' Module(s) have been scanned

Scan process 'services.exe' - '27' Module(s) have been scanned

Scan process 'winlogon.exe' - '62' Module(s) have been scanned

Scan process 'csrss.exe' - '12' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1176' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\Documents and Settings\David Vinson\My Documents\Old computer data files\My Pictures\cabinet maker, jacob lawr

[0] Archive type: MacBinary

--> cabinet maker, jacob lawr.rsrc

[WARNING] The file could not be read!

[WARNING] The file could not be read!

C:\Documents and Settings\David Vinson\My Documents\Old computer data files\My Pictures\Poppy, O'Keefe

[0] Archive type: MacBinary

--> Poppy, O'Keefe.rsrc

[WARNING] The file could not be read!

[WARNING] The file could not be read!

End of the scan: Monday, May 17, 2010 22:10

Used time: 2:12:22 Hour(s)

The scan has been done completely.

25684 Scanned directories

549947 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

549947 Files not concerned

6188 Archives were scanned

4 Warnings

0 Notes

[Services.exe]

Okay, let's try this:

http://www.bleepingcomputer.com/forums/topic43051.html

Here's the current situation. I may have goofed, but I don't think so.

The Windows CD is in storage (I know, we should have it at easier access, but it got moved, along with lots of other stuff, to a rented storage unit when we were trying to clear out room to walk.)

Anyway, until I can get to that to try your latest suggestion, I found a way to get Avira to finally load. I was reading up on services.exe related problems, and found some notes that said it was related to unnecessary spawning of svchost.exe instances; I found one that was attached to about a dozen different applications. So I started the Avira install, and it hung like usual, so I manually killed that svchost.exe. It almost immediately reappeared, but in the few seconds it was down, the Avira install started moving again. One more kill of that process, and Avira'a installation was completed. I think I may have gotten Java to install in the same way; it said the installation was complete, but I haven't restarted the computer to find out.

Anyway, I was very proud of myself. In fact, maybe too proud; I got so excited that I started an Avira scan, and forgot until I opened up this borrowed computer and looked at the forum that you had specifically asked me not to scan anything without your go ahead.

The Avira scan is running now; I will post the result when it is finished. I hope I haven't screwed up our progress.

Thanks,

gaughin