Gaughin

Yes, I think so. Everything seems OK.

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:21:23 AM, on 5/17/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\IPSBHO.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 5457 bytes THANKS! gaughin

I am having a problem booting this disc. While it is a monitor problem, it does not seem to be the same problem described on the links you have provided. I can get the disk to load tup, and regardless of the resolution I choose, I get an image of two animals (penguins, maybe?) on screen for 3-5 seconds, then there is a flash to a screen with one or two line of text for about 1/4 second, just enough to see it's there without being able to actually read it, then the monitor blanks, and the monitor button starts to blink. Reboot is then required. Thanks dave

The same; CPU usage at 100%, can't install Java, can't get Excel or Word to load.

Took almost 9 hours for this to run, but here it is ComboFix 10-05-16.01 - David Vinson 05/16/2010 16:28:22.2.2 - x86 Running from: c:\documents and settings\David Vinson\Desktop\Combo-Fix.exe AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\T2 c:\windows\system32\T3 c:\windows\system32\T4 c:\windows\system32\T4\d5ll.exe c:\windows\system32\T6 c:\windows\system32\T6\dlwr.exe ----- BITS: Possible infected sites ----- hxxp://liveupdate.symantec.com hxxp://definitions.symantec.com . ((((((((((((((((((((((((( Files Created from 2010-04-16 to 2010-05-16 ))))))))))))))))))))))))))))))) . 2010-05-13 20:01 . 2010-05-14 04:32 -------- d-----w- c:\documents and settings\David Vinson\DoctorWeb 2010-05-09 23:26 . 2010-05-10 13:59 -------- d-----w- C:\Combo-Fix 2010-05-07 02:22 . 2010-05-07 02:22 -------- d-----w- c:\program files\Trend Micro 2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Malwarebytes 2010-05-06 01:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-06 01:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-03 03:03 . 2010-05-03 03:03 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Tific 2010-05-03 02:55 . 2010-05-03 02:55 -------- d-----w- c:\documents and settings\David Vinson\Local Settings\Application Data\Symantec 2010-05-03 02:27 . 2010-05-03 02:27 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-05-03 02:27 . 2010-05-03 02:27 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-05-03 02:27 . 2010-05-03 02:43 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-05-03 02:27 . 2010-05-03 02:27 -------- d-----w- c:\program files\Symantec 2010-05-03 02:23 . 2010-05-03 23:36 -------- d-----w- c:\windows\system32\drivers\N360 2010-05-03 02:22 . 2010-05-03 02:23 -------- d-----w- c:\program files\Norton Security Suite 2010-05-03 02:22 . 2010-05-03 02:22 -------- d-----w- c:\program files\Windows Sidebar 2010-05-03 02:20 . 2010-05-03 02:20 -------- d-----w- c:\program files\NortonInstaller 2010-05-03 02:20 . 2010-05-03 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-05-03 02:05 . 2010-05-03 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-05-01 01:39 . 2010-05-01 01:39 -------- d-----w- c:\documents and settings\Andy Vinson\Local Settings\Application Data\AOL 2010-05-01 01:37 . 2010-05-01 01:37 -------- d-sh--w- c:\documents and settings\Andy Vinson\IETldCache 2010-05-01 01:04 . 2010-05-01 01:04 -------- d-----w- c:\documents and settings\Carol Vinson\Application Data\IObit 2010-05-01 00:35 . 2010-05-01 00:35 -------- d-----w- c:\documents and settings\Carol Vinson\Local Settings\Application Data\AVG Security Toolbar 2010-04-29 14:37 . 2010-04-29 14:37 -------- d-----w- c:\program files\iPod 2010-04-29 14:37 . 2010-04-29 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-29 14:21 . 2010-04-29 14:21 -------- d-----w- c:\program files\Bonjour . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-16 18:52 . 2008-01-18 12:44 -------- d-----w- c:\program files\OpenSource Flash Video Splitter 2010-05-13 08:58 . 2007-05-11 02:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-07 10:48 . 2009-05-25 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2010-05-07 10:45 . 2009-12-19 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-05-07 04:15 . 2009-12-24 12:57 0 ----a-w- c:\documents and settings\David Vinson\Local Settings\Application Data\prvlcl.dat 2010-05-06 12:32 . 2005-10-22 03:26 -------- d-----w- c:\program files\Lavasoft 2010-05-06 12:32 . 2008-08-11 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-05 02:21 . 2008-05-31 21:07 -------- d-----w- c:\documents and settings\David Vinson\Application Data\MSN6 2010-05-03 02:27 . 2010-05-03 02:27 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-05-03 02:27 . 2010-05-03 02:27 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-04-29 14:39 . 2007-04-05 00:50 -------- d-----w- c:\program files\iTunes 2010-04-29 14:37 . 2007-07-09 13:45 -------- d-----w- c:\program files\Common Files\Apple 2010-04-29 14:31 . 2006-12-18 21:07 -------- d-----w- c:\program files\QuickTime 2010-04-16 12:33 . 2009-03-19 11:02 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-04-16 12:33 . 2007-11-12 03:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Office Genuine Advantage 2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-04-03 05:03 . 2009-09-11 04:04 96272 ---ha-w- c:\windows\system32\mlfcache.dat 2010-03-29 18:04 . 2004-06-03 06:10 130000 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-29 17:30 . 2010-03-29 17:30 -------- d-----w- c:\program files\Eusing Free Registry Cleaner 2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Jasc Software Inc 2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Dell Computer 2010-03-29 14:10 . 2008-01-18 12:43 -------- d-----w- c:\program files\RealMedia 2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Real 2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Common Files\Real 2010-03-29 14:05 . 2010-03-19 02:09 -------- d-----w- c:\program files\SecureBackupShare 2010-03-29 14:02 . 2009-12-22 18:47 -------- d-----w- c:\program files\Uniblue 2010-03-29 13:40 . 2010-03-13 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-03-28 14:59 . 2005-03-22 01:38 -------- d-----w- c:\program files\Avery Wizard 2010-03-28 03:53 . 2007-11-04 21:50 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Uniblue 2010-03-27 11:40 . 2007-05-11 02:24 -------- d--h--w- c:\documents and settings\David Vinson\Application Data\Move Networks 2010-03-23 01:45 . 2010-02-14 22:43 -------- d-----w- c:\documents and settings\David Vinson\Application Data\TrueSwitch 2010-03-23 01:42 . 2009-11-28 16:36 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Amazon 2010-03-21 13:49 . 2004-07-30 15:52 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-20 07:05 . 2010-03-20 07:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-03-20 02:59 . 2008-08-18 01:50 -------- d-----w- c:\program files\Microsoft Silverlight 2010-03-10 06:15 . 2004-03-19 22:44 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2002-11-18 11:27 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 1980-01-01 05:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 1980-01-01 05:00 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2006-01-04 22:30 . 2006-01-04 22:30 774144 -c----w- c:\program files\RngInterstitial.dll 2009-10-27 22:22 . 2006-11-11 04:54 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-27 30192] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] c:\documents and settings\Andy Vinson\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2005-6-30 225280] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\PowerTerm WebConnect 5.1\\powerterm.pstcc.edu\\ptermX.exe"= "c:\\WINDOWS\\system32"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "c:\\WINDOWS\\SYSTEM32\\msiexec.exe"= "c:\\PowerTerm WebConnect 5.6\\powerterm.pstcc.edu\\ptermX.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aim6.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aolsoftware.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"= "c:\\Program Files\\NBC Direct\\StoreFrontPlayer.exe"= R0 jfuf;jfuf;c:\windows\system32\drivers\qgxc.sys [x] R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-27 30192] R3 idrmkl;idrmkl;c:\docume~1\DAVIDV~1\LOCALS~1\Temp\idrmkl.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service; [x] R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [2009-10-15 328752] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [2009-11-26 172592] S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [2010-04-29 537136] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\ccHPx86.sys [2010-02-25 501888] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.SYS [2010-02-27 116784] S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe [2010-02-25 126392] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-02 102448] S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100505.001\IDSxpx86.sys [2009-11-17 329592] . Contents of the 'Scheduled Tasks' folder 2010-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2010-05-16 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-12 16:16] 2004-07-01 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2004-03-19 00:12] 2010-05-16 c:\windows\Tasks\User_Feed_Synchronization-{96A8F87C-1609-4822-9E2A-BB33302CC2EE}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} FF - ProfilePath - c:\documents and settings\David Vinson\Application Data\Mozilla\Firefox\Profiles\vic99eqj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071504000001.dll FF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071701000002.dll FF - plugin: c:\program files\Microsoft Research\HDView for Firefox\nphdview.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 4095 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 1000000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 1000000 FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 1000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-16 19:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.1.0.32\diMaster.dll\" /prefetch:1" . Completion time: 2010-05-16 22:01:50 ComboFix-quarantined-files.txt 2010-05-17 01:59 ComboFix2.txt 2010-05-10 13:55 Pre-Run: 9,316,790,272 bytes free Post-Run: 9,296,994,304 bytes free Current=3 Default=3 Failed=5 LastKnownGood=6 Sets=1,2,3,5,6 - - End Of File - - 656F9D6ECBB20BDC963BA493BF159253 As always, thanks for your perseverance, and with your patience. gaughin

This is the same problem we talked about before. I have downloaded the newest version of Java, but the installation will not complete. In addition, Internet Explorer will apparently no longer open when not in safe mode. This is a new problem. I opened it, and left the room for about 30 minutes. When I returned, it had not opened, making me think I had forgotten to open it. So I opened Task Manager to check. ieplorer WAS running, but the software is not opening. So I can not open Internet Explorer, and I can not install any version of Java. I do notice a process called mediaagent.exe that does not run when the computer is in safe mode. Is this necessary? Thanks, gaughin

According to the f-secure website "The latest version of Java is required to run F-Secure Online Scanner." I still can't get that installation to work. Is there any way around this? Thanks gaughin

And here's Extras.txt OTL Extras logfile created on: 5/15/2010 8:10:04 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\David Vinson\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 743.00 Mb Available Physical Memory | 73.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.72 Gb Total Space | 9.71 Gb Free Space | 8.69% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VINSON1 Current User Name: David Vinson Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-3629661980-3954328867-621452736-1009\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\PowerTerm WebConnect 5.1\powerterm.pstcc.edu\ptermX.exe" = C:\PowerTerm WebConnect 5.1\powerterm.pstcc.edu\ptermX.exe:*:Enabled:PowerTerm WebConnect HostView -- (Ericom Software) "C:\WINDOWS\system32" = C:\WINDOWS\system32:*:Enabled:lockx -- [2010/05/13 17:19:20 | 000,000,000 | ---D | M] "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- () "C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- () "C:\PowerTerm WebConnect 5.6\powerterm.pstcc.edu\ptermX.exe" = C:\PowerTerm WebConnect 5.6\powerterm.pstcc.edu\ptermX.exe:*:Enabled:PowerTerm WebConnect HostView -- (Ericom Software) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- File not found "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Common Files\AOL\1138142209\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1138142209\ee\aim6.exe:*:Disabled:AIM -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- (AOL LLC) "C:\Program Files\Common Files\AOL\1138142209\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1138142209\ee\aolsoftware.exe:*:Disabled:AOL Services -- (America Online, Inc.) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare -- (Eastman Kodak Company) "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( ) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- () "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Disabled:LastFM -- (Last.fm) "C:\WINDOWS\SYSTEM32\dpnsvr.exe" = C:\WINDOWS\SYSTEM32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation) "C:\Program Files\NBC Direct\StoreFrontPlayer.exe" = C:\Program Files\NBC Direct\StoreFrontPlayer.exe:*:Disabled:NBC Direct Beta -- (ExtendMedia Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1 "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update "{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer "{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3 "{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK "{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC "{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config "{2466E904-7E48-4597-9321-722CF02930EB}" = 5600 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1 "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold "{410438A3-B591-4028-B70A-3CC0B33FBCD1}" = "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2 "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001 "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade "{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81 "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1 "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B "{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink "{62369F2F77534556AEF4C58152E3BDE5}" = "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003 "{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc "{71C1B94A-74CF-4D8A-AE40-A85A00A19E64}" = Photo Clip Art 150,000 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder "{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext "{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2 "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{8ED929E5-37D5-4E01-8052-4FF5E67F403D}" = OverDrive Media Console "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization "{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour "{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel

I am so grateful to have your help, you take as long as you need to analyze these files. Here's OTL.txt OTL logfile created on: 5/15/2010 8:10:04 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\David Vinson\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 743.00 Mb Available Physical Memory | 73.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.72 Gb Total Space | 9.71 Gb Free Space | 8.69% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VINSON1 Current User Name: David Vinson Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/15 20:03:07 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Vinson\Desktop\OTL.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010/05/15 20:03:07 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Vinson\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (Viewpoint Manager Service) SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService) SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Stopped] -- C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe -- (N360) SRV - [2009/10/27 18:22:50 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223) SRV - [2007/12/06 19:33:24 | 000,810,632 | ---- | M] (ExtendMedia Inc.) [Auto | Stopped] -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent) SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel

Like before, Avira Anti-Virus will not load. When I am in safe mode, I get this message "Installation of the Microsoft Runtime Redistributable Kit has failed. The probabe cause is a Windows update running in parallel. Please check whether a Windows update is in progress And run Avira AntiVir Personal - Free Antivirus setup again a little later. If the installation fails again, please contact Avira Support. Setup will close." When I am NOT in safe mode, it grinds and grinds and never completes the installation (the last time I tried it I left it running over night.) Should I do the rest of the stuff anyway? Thanks, gaughin

Hi, Same deal. After reboot, services.exe still consuming 93-97% of the CPU. Thanks again, gaughin

I am sorry, I mistyped. These IS no c:\documents and settings\Local Settings there is only c:\documents and settings with the 8 subfolders I listed above Sorry for the confusion gaughin

Nope. The only subfolders under c:\documents and settings\Local Settings are Administrator, All Users, Default User, Temp and 4 others tagged to the 4 people who work on this machine. Should I look in each of those? Thanks gaughin

OK, that was already activated, but there is still no c:\documents and settings\LocalService\Application Data\McAfee folder to delete. In fact, there is no c:\documents and settings\LocalService I am confused, but will do whatever you say. Thanks dave

I want to be sure that I am deleting the right thing; as far as I can tell, there is no c:\documents and settings\LocalService\Application Data\McAfee folder. There is a c:\documents and settings but there is no LocalService subfolder. Unless it's somehow hidden and I just can't see it. Is that possible? Thanks for your help and patience. gaughin

Here it is Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:59:50 AM, on 5/15/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\IPSBHO.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) -- End of file - 6217 bytes

virusinfo_syscure.zip

Here are the requested zipfiles virusinfo_syscheck.zip

I seem to have run in to a snag on this step. I got the installer downloaded, but when I try to run it 1) If I am in safe mode, it says an administrator has blocked the ability of this file to load 2) If I am not in safe mode, it can't seem to get enough CPU to complete the installation; I got an indicator that it was installing (a moving bar), but after 120 minutes, that was still all I had, and the CPU was constantly at 99-100 %. Is there a way to trick it into installing the Java so that I can run the Kaspersky? Thanks gaughin

As always, thanks again; current CPU consumption is about 90%, running in safe mode with networking. Here are the requested logs gtdownde_110.ocx;C:\WINDOWS\system32;Probably DLOADER.Trojan;Incurable.Deleted.; ocpinst.exe\___;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\ocpinst.exe;Probably BACKDOOR.Trojan;; ocpinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024;Archive contains infected objects;Moved.; setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2;Probably BACKDOOR.Trojan;Incurable.Deleted.; inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.3.30.1;Probably BACKDOOR.Trojan;Incurable.Deleted.; FBToolbar.exe\___;C:\Documents and Settings\Emma Vinson\Desktop\FBToolbar.exe;Probably DLOADER.Trojan;; FBToolbar.exe;C:\Documents and Settings\Emma Vinson\Desktop;Archive contains infected objects;Moved.; PtAgent.exe;C:\PowerTerm WebConnect 5.1\powerterm.pstcc.edu;Probably DLOADER.Trojan;Incurable.Deleted.; A0066478.ocx;C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408;Probably DLOADER.Trojan;Incurable.Deleted.; A0066479.exe\___;C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0066479.exe;Probably BACKDOOR.Trojan;; A0066479.exe;C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408;Archive contains infected objects;Moved.; A0066480.exe\___;C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0066480.exe;Probably DLOADER.Trojan;; A0066480.exe;C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408;Archive contains infected objects;Moved.; ****************************************** Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:26:32 PM, on 5/14/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\IPSBHO.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel

CPU usage is still running at about 93-97 percent.

Here's the esetscan logfile C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined C:\Documents and Settings\David Vinson\Desktop\Desktop is here\LuxorARSetup-dm.exe a variant of Win32/Adware.Trymedia application cleaned by deleting - quarantined C:\quarantine\3175733Bd01.Vir HTML/TrojanClicker.Agent.A trojan cleaned by deleting - quarantined C:\quarantine\3175733Bd01.Vir.0 HTML/TrojanClicker.Agent.A trojan cleaned by deleting - quarantined C:\quarantine\_CACHE_002_.Vir JS/Agent.NCA trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0065446.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0065447.exe a variant of Win32/Adware.Trymedia application cleaned by deleting - quarantined C:\WINDOWS\Help\tenipat.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\WINDOWS\Help\tenipat.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\WINDOWS\Registration\cvsmbk.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\WINDOWS\Registration\cvsmbk.bak2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\WINDOWS\Registration\cvsmbk.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\WINDOWS\Registration\cvsmbk.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\WINDOWS\SYSTEM\nulitu.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\WINDOWS\SYSTEM\nulitu.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\WINDOWS\SYSTEM32\qqstv.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\WINDOWS\SYSTEM32\qqstv.bak2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\WINDOWS\SYSTEM32\qqstv.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined Thanks!

I think I have this right gaughin gmerlog.zip

I downloaded WinZip.Zipped the file. It doesn't give me an option for extension names, as fas as I can see, just saves it as gmerlox.zipx I try to attcha it here; it tells me it can not upload files in this format. Will continue, perhaps try with another zip software. gaughin

I have the log file; I am trying to research the easiest way to zip it. I will keep looking, but if you have prepared instructions you can just paste, that would be great. Thanks