Services.exe

[Gaughin]

I want to be sure that I am deleting the right thing; as far as I can tell, there is no

c:\documents and settings\LocalService\Application Data\McAfee

folder. There is a

c:\documents and settings

but there is no

LocalService

subfolder. Unless it's somehow hidden and I just can't see it. Is that possible?

Thanks for your help and patience.

gaughin

[Maniac]

Please follow these instructions and try again:

http://www.microsoft.com/windowsxp/using/h...iddenfiles.mspx

[Gaughin]

Please follow these instructions and try again:

http://www.microsoft.com/windowsxp/using/h...iddenfiles.mspx

OK, that was already activated, but there is still no

c:\documents and settings\LocalService\Application Data\McAfee

folder to delete. In fact, there is no

c:\documents and settings\LocalService

I am confused, but will do whatever you say.

Thanks

dave

[Maniac]

What about:

c:\documents and settings\Local Settings\Application Data\McAfee

[Gaughin]

What about:

c:\documents and settings\Local Settings\Application Data\McAfee

Nope. The only subfolders under

c:\documents and settings\Local Settings

are

Administrator, All Users, Default User, Temp

and 4 others tagged to the 4 people who work on this machine. Should I look in each of those?

Thanks

gaughin

[Maniac]

No, this is what I wanted to know.

How are things now?

[Gaughin]

I am sorry, I mistyped. These IS no

c:\documents and settings\Local Settings

there is only

c:\documents and settings

with the 8 subfolders I listed above

Sorry for the confusion

gaughin

[Gaughin]

Hi,

Same deal. After reboot, services.exe still consuming 93-97% of the CPU.

Thanks again,

gaughin

[Maniac]

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.

I need you to follow the instructions provided here

Pre- HJT Post Instructions

first.

I also need for you to download this program

OTListIt.exe

to your desktop.

• 
  
• Close all applications and windows so that you have nothing open and are at your Desktop
  
  
• Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.
  
  
• Place a checkmark in the
  Scan All Users
  checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)
  
  
• Click the Run Scan button
  
  
• NOTE:
  Please be patient and let the scan run without using the computer
  
  
• When the scan is complete, a text file (
  OTListIt.Txt
  ) will open in Notepad (if not, it can be found on your Desktop)
  
  
• In Notepad, click
  Edit
  ,
  Select all
  then
  Edit
  ,
  Copy
  
  
• Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.
  
  
• Submit your reply and close the Notepad window with
  OTList.txt
  
  
• Also OTListIt's
  Extras.txt
  log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window
  
  
• In Notepad, click
  Edit
  ,
  Select all
  then
  Edit
  ,
  Copy
  
  
• Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.
  
  
• NOTE:
  If the files (
  OTListIt.txt, Extras.txt
  ) do not appear in your taskbar, just open the files in notepad from your desktop.

  
  

Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.

[Gaughin]

Like before, Avira Anti-Virus will not load. When I am in safe mode, I get this message

"Installation of the Microsoft Runtime Redistributable Kit has failed.

The probabe cause is a Windows update running in parallel.

Please check whether a Windows update is in progress And run Avira AntiVir Personal - Free Antivirus setup again a little later.

If the installation fails again, please contact Avira Support.

Setup will close."

When I am NOT in safe mode, it grinds and grinds and never completes the installation (the last time I tried it I left it running over night.)

Should I do the rest of the stuff anyway?

Thanks,

gaughin

[Gaughin]

I am so grateful to have your help, you take as long as you need to analyze these files.

Here's OTL.txt

OTL logfile created on: 5/15/2010 8:10:04 PM - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\David Vinson\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 743.00 Mb Available Physical Memory | 73.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.72 Gb Total Space | 9.71 Gb Free Space | 8.69% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: VINSON1

Current User Name: David Vinson

Logged in as Administrator.

Current Boot Mode: SafeMode with Networking

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/15 20:03:07 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Vinson\Desktop\OTL.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/05/15 20:03:07 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Vinson\Desktop\OTL.exe

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Viewpoint Manager Service)

SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Stopped] -- C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe -- (N360)

SRV - [2009/10/27 18:22:50 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223)

SRV - [2007/12/06 19:33:24 | 000,810,632 | ---- | M] (ExtendMedia Inc.) [Auto | Stopped] -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)

SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel

[Gaughin]

And here's Extras.txt

OTL Extras logfile created on: 5/15/2010 8:10:04 PM - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\David Vinson\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 743.00 Mb Available Physical Memory | 73.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.72 Gb Total Space | 9.71 Gb Free Space | 8.69% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: VINSON1

Current User Name: David Vinson

Logged in as Administrator.

Current Boot Mode: SafeMode with Networking

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3629661980-3954328867-621452736-1009\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\PowerTerm WebConnect 5.1\powerterm.pstcc.edu\ptermX.exe" = C:\PowerTerm WebConnect 5.1\powerterm.pstcc.edu\ptermX.exe:*:Enabled:PowerTerm WebConnect HostView -- (Ericom Software)

"C:\WINDOWS\system32" = C:\WINDOWS\system32:*:Enabled:lockx -- [2010/05/13 17:19:20 | 000,000,000 | ---D | M]

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()

"C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()

"C:\PowerTerm WebConnect 5.6\powerterm.pstcc.edu\ptermX.exe" = C:\PowerTerm WebConnect 5.6\powerterm.pstcc.edu\ptermX.exe:*:Enabled:PowerTerm WebConnect HostView -- (Ericom Software)

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Common Files\AOL\1138142209\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1138142209\ee\aim6.exe:*:Disabled:AIM -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- (AOL LLC)

"C:\Program Files\Common Files\AOL\1138142209\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1138142209\ee\aolsoftware.exe:*:Disabled:AOL Services -- (America Online, Inc.)

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare -- (Eastman Kodak Company)

"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Disabled:LastFM -- (Last.fm)

"C:\WINDOWS\SYSTEM32\dpnsvr.exe" = C:\WINDOWS\SYSTEM32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)

"C:\Program Files\NBC Direct\StoreFrontPlayer.exe" = C:\Program Files\NBC Direct\StoreFrontPlayer.exe:*:Disabled:NBC Direct Beta -- (ExtendMedia Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery

"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC

"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement

"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center

"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK

"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update

"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer

"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK

"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC

"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config

"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold

"{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade

"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD

"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes

"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink

"{62369F2F77534556AEF4C58152E3BDE5}" =

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003

"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide

"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{71C1B94A-74CF-4D8A-AE40-A85A00A19E64}" = Photo Clip Art 150,000

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{8ED929E5-37D5-4E01-8052-4FF5E67F403D}" = OverDrive Media Console

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization

"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt

"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support

"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour

"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel

[Maniac]

Please run the F-Secure Online Scanner

Note: You must use Internet Explorer for this scan!

• Accept the License Agreement.
  
• Once the ActiveX installs click Full System Scan
  
• Once the download completes, the scan will begin automatically.
  
• The scan will take some time to finish, so please be patient.
  
• When the scan completes, click the Automatic cleaning (recommended) button.
  
• Click the Show Report button and copy and paste the entire report in your next reply.
  

[Gaughin]

According to the f-secure website

"The latest version of Java is required to run F-Secure Online Scanner."

I still can't get that installation to work. Is there any way around this?

Thanks

gaughin

[Maniac]

Please download and install the latest version of Java from:

www.java.com/en

[Gaughin]

Please download and install the latest version of Java from:

www.java.com/en

This is the same problem we talked about before. I have downloaded the newest version of Java, but the installation will not complete.

In addition, Internet Explorer will apparently no longer open when not in safe mode. This is a new problem. I opened it, and left the room for about 30 minutes. When I returned, it had not opened, making me think I had forgotten to open it. So I opened Task Manager to check. ieplorer WAS running, but the software is not opening.

So I can not open Internet Explorer, and I can not install any version of Java.

I do notice a process called mediaagent.exe that does not run when the computer is in safe mode. Is this necessary?

Thanks,

gaughin

[Maniac]

This is a legitimate file.

Delete your copy of ComboFix and:

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Open Tools -> Options -> Main tab
     
   • Set to Always ask me where to Save the files.
     

[*]During the download, rename Combofix to Combo-Fix as follows:

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  

  -----------------------------------------------------------

  
  

• Close any open browsers.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[Gaughin]

Took almost 9 hours for this to run, but here it is

ComboFix 10-05-16.01 - David Vinson 05/16/2010 16:28:22.2.2 - x86

Running from: c:\documents and settings\David Vinson\Desktop\Combo-Fix.exe

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\system32\T2

c:\windows\system32\T3

c:\windows\system32\T4

c:\windows\system32\T4\d5ll.exe

c:\windows\system32\T6

c:\windows\system32\T6\dlwr.exe

----- BITS: Possible infected sites -----

hxxp://liveupdate.symantec.com

hxxp://definitions.symantec.com

.

((((((((((((((((((((((((( Files Created from 2010-04-16 to 2010-05-16 )))))))))))))))))))))))))))))))

.

2010-05-13 20:01 . 2010-05-14 04:32 -------- d-----w- c:\documents and settings\David Vinson\DoctorWeb

2010-05-09 23:26 . 2010-05-10 13:59 -------- d-----w- C:\Combo-Fix

2010-05-07 02:22 . 2010-05-07 02:22 -------- d-----w- c:\program files\Trend Micro

2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Malwarebytes

2010-05-06 01:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-06 01:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-03 03:03 . 2010-05-03 03:03 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Tific

2010-05-03 02:55 . 2010-05-03 02:55 -------- d-----w- c:\documents and settings\David Vinson\Local Settings\Application Data\Symantec

2010-05-03 02:27 . 2010-05-03 02:27 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-05-03 02:27 . 2010-05-03 02:27 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-05-03 02:27 . 2010-05-03 02:43 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-05-03 02:27 . 2010-05-03 02:27 -------- d-----w- c:\program files\Symantec

2010-05-03 02:23 . 2010-05-03 23:36 -------- d-----w- c:\windows\system32\drivers\N360

2010-05-03 02:22 . 2010-05-03 02:23 -------- d-----w- c:\program files\Norton Security Suite

2010-05-03 02:22 . 2010-05-03 02:22 -------- d-----w- c:\program files\Windows Sidebar

2010-05-03 02:20 . 2010-05-03 02:20 -------- d-----w- c:\program files\NortonInstaller

2010-05-03 02:20 . 2010-05-03 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-05-03 02:05 . 2010-05-03 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-05-01 01:39 . 2010-05-01 01:39 -------- d-----w- c:\documents and settings\Andy Vinson\Local Settings\Application Data\AOL

2010-05-01 01:37 . 2010-05-01 01:37 -------- d-sh--w- c:\documents and settings\Andy Vinson\IETldCache

2010-05-01 01:04 . 2010-05-01 01:04 -------- d-----w- c:\documents and settings\Carol Vinson\Application Data\IObit

2010-05-01 00:35 . 2010-05-01 00:35 -------- d-----w- c:\documents and settings\Carol Vinson\Local Settings\Application Data\AVG Security Toolbar

2010-04-29 14:37 . 2010-04-29 14:37 -------- d-----w- c:\program files\iPod

2010-04-29 14:37 . 2010-04-29 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-29 14:21 . 2010-04-29 14:21 -------- d-----w- c:\program files\Bonjour

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-16 18:52 . 2008-01-18 12:44 -------- d-----w- c:\program files\OpenSource Flash Video Splitter

2010-05-13 08:58 . 2007-05-11 02:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-05-07 10:48 . 2009-05-25 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2010-05-07 10:45 . 2009-12-19 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-05-07 04:15 . 2009-12-24 12:57 0 ----a-w- c:\documents and settings\David Vinson\Local Settings\Application Data\prvlcl.dat

2010-05-06 12:32 . 2005-10-22 03:26 -------- d-----w- c:\program files\Lavasoft

2010-05-06 12:32 . 2008-08-11 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-05-05 02:21 . 2008-05-31 21:07 -------- d-----w- c:\documents and settings\David Vinson\Application Data\MSN6

2010-05-03 02:27 . 2010-05-03 02:27 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-05-03 02:27 . 2010-05-03 02:27 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-04-29 14:39 . 2007-04-05 00:50 -------- d-----w- c:\program files\iTunes

2010-04-29 14:37 . 2007-07-09 13:45 -------- d-----w- c:\program files\Common Files\Apple

2010-04-29 14:31 . 2006-12-18 21:07 -------- d-----w- c:\program files\QuickTime

2010-04-16 12:33 . 2009-03-19 11:02 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-04-16 12:33 . 2007-11-12 03:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Office Genuine Advantage

2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-04-03 05:03 . 2009-09-11 04:04 96272 ---ha-w- c:\windows\system32\mlfcache.dat

2010-03-29 18:04 . 2004-06-03 06:10 130000 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-29 17:30 . 2010-03-29 17:30 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Jasc Software Inc

2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Dell Computer

2010-03-29 14:10 . 2008-01-18 12:43 -------- d-----w- c:\program files\RealMedia

2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Real

2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Common Files\Real

2010-03-29 14:05 . 2010-03-19 02:09 -------- d-----w- c:\program files\SecureBackupShare

2010-03-29 14:02 . 2009-12-22 18:47 -------- d-----w- c:\program files\Uniblue

2010-03-29 13:40 . 2010-03-13 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-03-28 14:59 . 2005-03-22 01:38 -------- d-----w- c:\program files\Avery Wizard

2010-03-28 03:53 . 2007-11-04 21:50 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Uniblue

2010-03-27 11:40 . 2007-05-11 02:24 -------- d--h--w- c:\documents and settings\David Vinson\Application Data\Move Networks

2010-03-23 01:45 . 2010-02-14 22:43 -------- d-----w- c:\documents and settings\David Vinson\Application Data\TrueSwitch

2010-03-23 01:42 . 2009-11-28 16:36 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Amazon

2010-03-21 13:49 . 2004-07-30 15:52 -------- d-----w- c:\program files\Common Files\Adobe

2010-03-20 07:05 . 2010-03-20 07:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-03-20 02:59 . 2008-08-18 01:50 -------- d-----w- c:\program files\Microsoft Silverlight

2010-03-10 06:15 . 2004-03-19 22:44 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2002-11-18 11:27 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-16 14:08 . 1980-01-01 05:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25 . 1980-01-01 05:00 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

2006-01-04 22:30 . 2006-01-04 22:30 774144 -c----w- c:\program files\RngInterstitial.dll

2009-10-27 22:22 . 2006-11-11 04:54 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-27 30192]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

c:\documents and settings\Andy Vinson\Start Menu\Programs\Startup\

PowerReg Scheduler V3.exe [2005-6-30 225280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\PowerTerm WebConnect 5.1\\powerterm.pstcc.edu\\ptermX.exe"=

"c:\\WINDOWS\\system32"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

"c:\\WINDOWS\\SYSTEM32\\msiexec.exe"=

"c:\\PowerTerm WebConnect 5.6\\powerterm.pstcc.edu\\ptermX.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aim6.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\Last.fm\\LastFM.exe"=

"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=

"c:\\Program Files\\NBC Direct\\StoreFrontPlayer.exe"=

R0 jfuf;jfuf;c:\windows\system32\drivers\qgxc.sys [x]

R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-27 30192]

R3 idrmkl;idrmkl;c:\docume~1\DAVIDV~1\LOCALS~1\Temp\idrmkl.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service; [x]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [2009-10-15 328752]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [2009-11-26 172592]

S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [2010-04-29 537136]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\ccHPx86.sys [2010-02-25 501888]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.SYS [2010-02-27 116784]

S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe [2010-02-25 126392]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-02 102448]

S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100505.001\IDSxpx86.sys [2009-11-17 329592]

.

Contents of the 'Scheduled Tasks' folder

2010-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-05-16 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-12 16:16]

2004-07-01 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-03-19 00:12]

2010-05-16 c:\windows\Tasks\User_Feed_Synchronization-{96A8F87C-1609-4822-9E2A-BB33302CC2EE}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}

FF - ProfilePath - c:\documents and settings\David Vinson\Application Data\Mozilla\Firefox\Profiles\vic99eqj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071504000001.dll

FF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\Microsoft Research\HDView for Firefox\nphdview.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-16 19:41

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"

.

Completion time: 2010-05-16 22:01:50

ComboFix-quarantined-files.txt 2010-05-17 01:59

ComboFix2.txt 2010-05-10 13:55

Pre-Run: 9,316,790,272 bytes free

Post-Run: 9,296,994,304 bytes free

Current=3 Default=3 Failed=5 LastKnownGood=6 Sets=1,2,3,5,6

- - End Of File - - 656F9D6ECBB20BDC963BA493BF159253

As always, thanks for your perseverance, and with your patience.

gaughin

[Maniac]

How are things after ComboFix?

[Gaughin]

How are things after ComboFix?

The same; CPU usage at 100%, can't install Java, can't get Excel or Word to load.

[Maniac]

You mention that you can't load the Avira. Let's try a rescue disk from Avira:

Please try downloading and burning the following from another computer.

Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

• Download the
  Avira AntiVir Rescue System
  from
  here
  
  
• Place a blank CD in your burner and double-click on the downloaded file named
  rescue_system-common-en.exe
  
  
• The program will automatically burn the CD for you.
  
  
• Place the burned CD into the affected computer and start the computer from this CD.
  
  
• On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
  
  
• Click on the
  Configuration
  button.
  
  
  • Select
    Scan all files
    
    
  • Select
    Try to repair infected files
    and
    Rename files, if they cannot be removed
    
    
  • Select
    Scan for dialers
    
    
  • Select
    Scan for joke programs (Jokes)
    
    
  • Select
    Scan for games
    
    
  • Select
    Scan for spyware (SPR)
    
    
  [*]
  Click on
  Virus scanner
  [*]
  Click on
  Start scanner
  at the bottom of the screen
  [*]
  Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Possible solutions to Screen Resolution and other issues

1. Please see the post
   here
   if you're unable to view the entire screen of Avira.
   
   
2. You can also review this one
   Fixed Rescue CD Resolution Probs with Dell Video
   
   
3. Currently only the German keyboard is supported.
   Command Line not working
   English keyboards require work arounds.
   
   
4. Some computers attempt to mount the floppy even though they don't have one. You may need to go in to the BIOS and disable the floppy drive in order to mount your hard drive for scanning.
   
   

[Gaughin]

I am having a problem booting this disc. While it is a monitor problem, it does not seem to be the same problem described on the links you have provided. I can get the disk to load tup, and regardless of the resolution I choose, I get an image of two animals (penguins, maybe?) on screen for 3-5 seconds, then there is a flash to a screen with one or two line of text for about 1/4 second, just enough to see it's there without being able to actually read it, then the monitor blanks, and the monitor button starts to blink. Reboot is then required.

Thanks

dave

[Maniac]

Please post a new fresh HiJackThis log.

[Gaughin]

Please post a new fresh HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:21:23 AM, on 5/17/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\IPSBHO.DLL

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 5457 bytes

THANKS!

gaughin

[Maniac]

Not sure if the problem is not hardware. What about cooling your computer? Is everything ok?