Gaughin Posted May 15, 2010 Author ID:250512 Share Posted May 15, 2010 I want to be sure that I am deleting the right thing; as far as I can tell, there is noc:\documents and settings\LocalService\Application Data\McAfeefolder. There is a c:\documents and settingsbut there is no LocalService subfolder. Unless it's somehow hidden and I just can't see it. Is that possible?Thanks for your help and patience.gaughin Link to post Share on other sites More sharing options...
Maniac Posted May 15, 2010 ID:250513 Share Posted May 15, 2010 Please follow these instructions and try again:http://www.microsoft.com/windowsxp/using/h...iddenfiles.mspx Link to post Share on other sites More sharing options...
Gaughin Posted May 15, 2010 Author ID:250517 Share Posted May 15, 2010 Please follow these instructions and try again:http://www.microsoft.com/windowsxp/using/h...iddenfiles.mspxOK, that was already activated, but there is still no c:\documents and settings\LocalService\Application Data\McAfeefolder to delete. In fact, there is noc:\documents and settings\LocalServiceI am confused, but will do whatever you say.Thanksdave Link to post Share on other sites More sharing options...
Maniac Posted May 15, 2010 ID:250518 Share Posted May 15, 2010 What about:c:\documents and settings\Local Settings\Application Data\McAfee Link to post Share on other sites More sharing options...
Gaughin Posted May 15, 2010 Author ID:250520 Share Posted May 15, 2010 What about:c:\documents and settings\Local Settings\Application Data\McAfeeNope. The only subfolders under c:\documents and settings\Local SettingsareAdministrator, All Users, Default User, Tempand 4 others tagged to the 4 people who work on this machine. Should I look in each of those?Thanksgaughin Link to post Share on other sites More sharing options...
Maniac Posted May 15, 2010 ID:250523 Share Posted May 15, 2010 No, this is what I wanted to know.How are things now? Link to post Share on other sites More sharing options...
Gaughin Posted May 15, 2010 Author ID:250524 Share Posted May 15, 2010 I am sorry, I mistyped. These IS noc:\documents and settings\Local Settingsthere is onlyc:\documents and settingswith the 8 subfolders I listed aboveSorry for the confusiongaughin Link to post Share on other sites More sharing options...
Gaughin Posted May 15, 2010 Author ID:250527 Share Posted May 15, 2010 Hi,Same deal. After reboot, services.exe still consuming 93-97% of the CPU.Thanks again,gaughin Link to post Share on other sites More sharing options...
Maniac Posted May 15, 2010 ID:250528 Share Posted May 15, 2010 Important!All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.I need you to follow the instructions provided here Pre- HJT Post Instructions first. I also need for you to download this program OTListIt.exe to your desktop.Close all applications and windows so that you have nothing open and are at your DesktopDouble-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.Place a checkmark in the Scan All Users checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)Click the Run Scan buttonNOTE: Please be patient and let the scan run without using the computerWhen the scan is complete, a text file (OTListIt.Txt) will open in Notepad (if not, it can be found on your Desktop)In Notepad, click Edit, Select all then Edit, CopyReply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.Submit your reply and close the Notepad window with OTList.txtAlso OTListIt's Extras.txt log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the windowIn Notepad, click Edit, Select all then Edit, CopyReply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.NOTE: If the files (OTListIt.txt, Extras.txt) do not appear in your taskbar, just open the files in notepad from your desktop.Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me. Link to post Share on other sites More sharing options...
Gaughin Posted May 15, 2010 Author ID:250557 Share Posted May 15, 2010 Like before, Avira Anti-Virus will not load. When I am in safe mode, I get this message"Installation of the Microsoft Runtime Redistributable Kit has failed.The probabe cause is a Windows update running in parallel. Please check whether a Windows update is in progress And run Avira AntiVir Personal - Free Antivirus setup again a little later.If the installation fails again, please contact Avira Support.Setup will close."When I am NOT in safe mode, it grinds and grinds and never completes the installation (the last time I tried it I left it running over night.)Should I do the rest of the stuff anyway?Thanks,gaughin Link to post Share on other sites More sharing options...
Gaughin Posted May 16, 2010 Author ID:250572 Share Posted May 16, 2010 I am so grateful to have your help, you take as long as you need to analyze these files. Here's OTL.txtOTL logfile created on: 5/15/2010 8:10:04 PM - Run 1OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\David Vinson\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,023.00 Mb Total Physical Memory | 743.00 Mb Available Physical Memory | 73.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File freePaging file location(s): C:\pagefile.sys 0 0 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 111.72 Gb Total Space | 9.71 Gb Free Space | 8.69% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: VINSON1Current User Name: David VinsonLogged in as Administrator.Current Boot Mode: SafeMode with NetworkingScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/05/15 20:03:07 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Vinson\Desktop\OTL.exePRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe========== Modules (SafeList) ==========MOD - [2010/05/15 20:03:07 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Vinson\Desktop\OTL.exeMOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- -- (Viewpoint Manager Service)SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Stopped] -- C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe -- (N360)SRV - [2009/10/27 18:22:50 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223)SRV - [2007/12/06 19:33:24 | 000,810,632 | ---- | M] (ExtendMedia Inc.) [Auto | Stopped] -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel Link to post Share on other sites More sharing options...
Gaughin Posted May 16, 2010 Author ID:250573 Share Posted May 16, 2010 And here's Extras.txtOTL Extras logfile created on: 5/15/2010 8:10:04 PM - Run 1OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\David Vinson\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,023.00 Mb Total Physical Memory | 743.00 Mb Available Physical Memory | 73.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File freePaging file location(s): C:\pagefile.sys 0 0 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 111.72 Gb Total Space | 9.71 Gb Free Space | 8.69% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: VINSON1Current User Name: David VinsonLogged in as Administrator.Current Boot Mode: SafeMode with NetworkingScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found[HKEY_USERS\S-1-5-21-3629661980-3954328867-621452736-1009\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)"C:\PowerTerm WebConnect 5.1\powerterm.pstcc.edu\ptermX.exe" = C:\PowerTerm WebConnect 5.1\powerterm.pstcc.edu\ptermX.exe:*:Enabled:PowerTerm WebConnect HostView -- (Ericom Software)"C:\WINDOWS\system32" = C:\WINDOWS\system32:*:Enabled:lockx -- [2010/05/13 17:19:20 | 000,000,000 | ---D | M]"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()"C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()"C:\PowerTerm WebConnect 5.6\powerterm.pstcc.edu\ptermX.exe" = C:\PowerTerm WebConnect 5.6\powerterm.pstcc.edu\ptermX.exe:*:Enabled:PowerTerm WebConnect HostView -- (Ericom Software)"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- File not found"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)"C:\Program Files\Common Files\AOL\1138142209\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1138142209\ee\aim6.exe:*:Disabled:AIM -- (America Online, Inc.)"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- (AOL LLC)"C:\Program Files\Common Files\AOL\1138142209\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1138142209\ee\aolsoftware.exe:*:Disabled:AOL Services -- (America Online, Inc.)"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare -- (Eastman Kodak Company)"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client -- (Hewlett-Packard)"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Disabled:LastFM -- (Last.fm)"C:\WINDOWS\SYSTEM32\dpnsvr.exe" = C:\WINDOWS\SYSTEM32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)"C:\Program Files\NBC Direct\StoreFrontPlayer.exe" = C:\Program Files\NBC Direct\StoreFrontPlayer.exe:*:Disabled:NBC Direct Beta -- (ExtendMedia Inc.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold"{410438A3-B591-4028-B70A-3CC0B33FBCD1}" = "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink"{62369F2F77534556AEF4C58152E3BDE5}" = "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc"{71C1B94A-74CF-4D8A-AE40-A85A00A19E64}" = Photo Clip Art 150,000"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini"{8ED929E5-37D5-4E01-8052-4FF5E67F403D}" = OverDrive Media Console"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel Link to post Share on other sites More sharing options...
Maniac Posted May 16, 2010 ID:250685 Share Posted May 16, 2010 Please run the F-Secure Online ScannerNote: You must use Internet Explorer for this scan!Accept the License Agreement.Once the ActiveX installs click Full System ScanOnce the download completes, the scan will begin automatically.The scan will take some time to finish, so please be patient.When the scan completes, click the Automatic cleaning (recommended) button.Click the Show Report button and copy and paste the entire report in your next reply. Link to post Share on other sites More sharing options...
Gaughin Posted May 16, 2010 Author ID:250830 Share Posted May 16, 2010 According to the f-secure website"The latest version of Java is required to run F-Secure Online Scanner."I still can't get that installation to work. Is there any way around this? Thanksgaughin Link to post Share on other sites More sharing options...
Maniac Posted May 16, 2010 ID:250833 Share Posted May 16, 2010 Please download and install the latest version of Java from:www.java.com/en Link to post Share on other sites More sharing options...
Gaughin Posted May 16, 2010 Author ID:250863 Share Posted May 16, 2010 Please download and install the latest version of Java from:www.java.com/enThis is the same problem we talked about before. I have downloaded the newest version of Java, but the installation will not complete.In addition, Internet Explorer will apparently no longer open when not in safe mode. This is a new problem. I opened it, and left the room for about 30 minutes. When I returned, it had not opened, making me think I had forgotten to open it. So I opened Task Manager to check. ieplorer WAS running, but the software is not opening.So I can not open Internet Explorer, and I can not install any version of Java.I do notice a process called mediaagent.exe that does not run when the computer is in safe mode. Is this necessary?Thanks,gaughin Link to post Share on other sites More sharing options...
Maniac Posted May 16, 2010 ID:250869 Share Posted May 16, 2010 This is a legitimate file.Delete your copy of ComboFix and:**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper. Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop** If you are using Firefox, make sure that your download settings are as follows: Open Tools -> Options -> Main tab Set to Always ask me where to Save the files. [*]During the download, rename Combofix to Combo-Fix as follows: [*]It is important you rename Combofix during the download, but not after. [*]Please do not rename Combofix to other names, but only to the one indicated. [*]Close any open browsers. [*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results. Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- [*]Double click on combo-Fix.exe & follow the prompts. [*]When finished, it will produce a report for you. [*]Please post the C:\Combo-Fix.txt for further review. **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall** Link to post Share on other sites More sharing options...
Gaughin Posted May 17, 2010 Author ID:251186 Share Posted May 17, 2010 Took almost 9 hours for this to run, but here it isComboFix 10-05-16.01 - David Vinson 05/16/2010 16:28:22.2.2 - x86Running from: c:\documents and settings\David Vinson\Desktop\Combo-Fix.exeAV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datc:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datc:\windows\system32\T2c:\windows\system32\T3c:\windows\system32\T4c:\windows\system32\T4\d5ll.exec:\windows\system32\T6c:\windows\system32\T6\dlwr.exe----- BITS: Possible infected sites -----hxxp://liveupdate.symantec.comhxxp://definitions.symantec.com.((((((((((((((((((((((((( Files Created from 2010-04-16 to 2010-05-16 ))))))))))))))))))))))))))))))).2010-05-13 20:01 . 2010-05-14 04:32 -------- d-----w- c:\documents and settings\David Vinson\DoctorWeb2010-05-09 23:26 . 2010-05-10 13:59 -------- d-----w- C:\Combo-Fix2010-05-07 02:22 . 2010-05-07 02:22 -------- d-----w- c:\program files\Trend Micro2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Malwarebytes2010-05-06 01:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-05-06 01:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-05-03 03:03 . 2010-05-03 03:03 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Tific2010-05-03 02:55 . 2010-05-03 02:55 -------- d-----w- c:\documents and settings\David Vinson\Local Settings\Application Data\Symantec2010-05-03 02:27 . 2010-05-03 02:27 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL2010-05-03 02:27 . 2010-05-03 02:27 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2010-05-03 02:27 . 2010-05-03 02:43 -------- d-----w- c:\program files\Common Files\Symantec Shared2010-05-03 02:27 . 2010-05-03 02:27 -------- d-----w- c:\program files\Symantec2010-05-03 02:23 . 2010-05-03 23:36 -------- d-----w- c:\windows\system32\drivers\N3602010-05-03 02:22 . 2010-05-03 02:23 -------- d-----w- c:\program files\Norton Security Suite2010-05-03 02:22 . 2010-05-03 02:22 -------- d-----w- c:\program files\Windows Sidebar2010-05-03 02:20 . 2010-05-03 02:20 -------- d-----w- c:\program files\NortonInstaller2010-05-03 02:20 . 2010-05-03 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller2010-05-03 02:05 . 2010-05-03 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton2010-05-01 01:39 . 2010-05-01 01:39 -------- d-----w- c:\documents and settings\Andy Vinson\Local Settings\Application Data\AOL2010-05-01 01:37 . 2010-05-01 01:37 -------- d-sh--w- c:\documents and settings\Andy Vinson\IETldCache2010-05-01 01:04 . 2010-05-01 01:04 -------- d-----w- c:\documents and settings\Carol Vinson\Application Data\IObit2010-05-01 00:35 . 2010-05-01 00:35 -------- d-----w- c:\documents and settings\Carol Vinson\Local Settings\Application Data\AVG Security Toolbar2010-04-29 14:37 . 2010-04-29 14:37 -------- d-----w- c:\program files\iPod2010-04-29 14:37 . 2010-04-29 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2010-04-29 14:21 . 2010-04-29 14:21 -------- d-----w- c:\program files\Bonjour.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-05-16 18:52 . 2008-01-18 12:44 -------- d-----w- c:\program files\OpenSource Flash Video Splitter2010-05-13 08:58 . 2007-05-11 02:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-05-07 10:48 . 2009-05-25 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop2010-05-07 10:45 . 2009-12-19 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg92010-05-07 04:15 . 2009-12-24 12:57 0 ----a-w- c:\documents and settings\David Vinson\Local Settings\Application Data\prvlcl.dat2010-05-06 12:32 . 2005-10-22 03:26 -------- d-----w- c:\program files\Lavasoft2010-05-06 12:32 . 2008-08-11 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft2010-05-05 02:21 . 2008-05-31 21:07 -------- d-----w- c:\documents and settings\David Vinson\Application Data\MSN62010-05-03 02:27 . 2010-05-03 02:27 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF2010-05-03 02:27 . 2010-05-03 02:27 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT2010-04-29 14:39 . 2007-04-05 00:50 -------- d-----w- c:\program files\iTunes2010-04-29 14:37 . 2007-07-09 13:45 -------- d-----w- c:\program files\Common Files\Apple2010-04-29 14:31 . 2006-12-18 21:07 -------- d-----w- c:\program files\QuickTime2010-04-16 12:33 . 2009-03-19 11:02 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll2010-04-16 12:33 . 2007-11-12 03:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Office Genuine Advantage2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe2010-04-03 05:03 . 2009-09-11 04:04 96272 ---ha-w- c:\windows\system32\mlfcache.dat2010-03-29 18:04 . 2004-06-03 06:10 130000 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-03-29 17:30 . 2010-03-29 17:30 -------- d-----w- c:\program files\Eusing Free Registry Cleaner2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Jasc Software Inc2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Dell Computer2010-03-29 14:10 . 2008-01-18 12:43 -------- d-----w- c:\program files\RealMedia2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Real2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Common Files\Real2010-03-29 14:05 . 2010-03-19 02:09 -------- d-----w- c:\program files\SecureBackupShare2010-03-29 14:02 . 2009-12-22 18:47 -------- d-----w- c:\program files\Uniblue2010-03-29 13:40 . 2010-03-13 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS2010-03-28 14:59 . 2005-03-22 01:38 -------- d-----w- c:\program files\Avery Wizard2010-03-28 03:53 . 2007-11-04 21:50 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Uniblue2010-03-27 11:40 . 2007-05-11 02:24 -------- d--h--w- c:\documents and settings\David Vinson\Application Data\Move Networks2010-03-23 01:45 . 2010-02-14 22:43 -------- d-----w- c:\documents and settings\David Vinson\Application Data\TrueSwitch2010-03-23 01:42 . 2009-11-28 16:36 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Amazon2010-03-21 13:49 . 2004-07-30 15:52 -------- d-----w- c:\program files\Common Files\Adobe2010-03-20 07:05 . 2010-03-20 07:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.22010-03-20 02:59 . 2008-08-18 01:50 -------- d-----w- c:\program files\Microsoft Silverlight2010-03-10 06:15 . 2004-03-19 22:44 420352 ----a-w- c:\windows\system32\vbscript.dll2010-02-25 06:24 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll2010-02-24 13:11 . 2002-11-18 11:27 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-02-16 14:08 . 1980-01-01 05:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe2010-02-16 13:25 . 1980-01-01 05:00 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe2006-01-04 22:30 . 2006-01-04 22:30 774144 -c----w- c:\program files\RngInterstitial.dll2009-10-27 22:22 . 2006-11-11 04:54 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-18 68856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-27 30192]"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]c:\documents and settings\Andy Vinson\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [2005-6-30 225280][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@=""[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\PowerTerm WebConnect 5.1\\powerterm.pstcc.edu\\ptermX.exe"="c:\\WINDOWS\\system32"="c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="c:\\WINDOWS\\SYSTEM32\\msiexec.exe"="c:\\PowerTerm WebConnect 5.6\\powerterm.pstcc.edu\\ptermX.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aim6.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aolsoftware.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\Last.fm\\LastFM.exe"="c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"="c:\\Program Files\\NBC Direct\\StoreFrontPlayer.exe"=R0 jfuf;jfuf;c:\windows\system32\drivers\qgxc.sys [x]R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-27 30192]R3 idrmkl;idrmkl;c:\docume~1\DAVIDV~1\LOCALS~1\Temp\idrmkl.sys [x]R3 McComponentHostService;McAfee Security Scan Component Host Service; [x]R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [2009-10-15 328752]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [2009-11-26 172592]S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [2010-04-29 537136]S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\ccHPx86.sys [2010-02-25 501888]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.SYS [2010-02-27 116784]S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe [2010-02-25 126392]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-02 102448]S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100505.001\IDSxpx86.sys [2009-11-17 329592].Contents of the 'Scheduled Tasks' folder2010-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]2010-05-16 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-12 16:16]2004-07-01 c:\windows\Tasks\ISP signup reminder 1.job- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-03-19 00:12]2010-05-16 c:\windows\Tasks\User_Feed_Synchronization-{96A8F87C-1609-4822-9E2A-BB33302CC2EE}.job- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]..------- Supplementary Scan -------.uStart Page = about:blankuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext = iexploreuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search/?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}FF - ProfilePath - c:\documents and settings\David Vinson\Application Data\Mozilla\Firefox\Profiles\vic99eqj.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.comFF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - www.google.comFF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dllFF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dllFF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071504000001.dllFF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071701000002.dllFF - plugin: c:\program files\Microsoft Research\HDView for Firefox\nphdview.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dllFF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dllFF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----FF - user.js: browser.cache.memory.capacity - 16000FF - user.js: browser.chrome.favicons - falseFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.max.tokenizing.time - 3000000FF - user.js: content.maxtextrun - 4095FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 1000000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 1000000FF - user.js: dom.disable_window_status_change - trueFF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 1000FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-05-16 19:41Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.1.0.32\diMaster.dll\" /prefetch:1".Completion time: 2010-05-16 22:01:50ComboFix-quarantined-files.txt 2010-05-17 01:59ComboFix2.txt 2010-05-10 13:55Pre-Run: 9,316,790,272 bytes freePost-Run: 9,296,994,304 bytes freeCurrent=3 Default=3 Failed=5 LastKnownGood=6 Sets=1,2,3,5,6- - End Of File - - 656F9D6ECBB20BDC963BA493BF159253As always, thanks for your perseverance, and with your patience.gaughin Link to post Share on other sites More sharing options...
Maniac Posted May 17, 2010 ID:251236 Share Posted May 17, 2010 How are things after ComboFix? Link to post Share on other sites More sharing options...
Gaughin Posted May 17, 2010 Author ID:251345 Share Posted May 17, 2010 How are things after ComboFix?The same; CPU usage at 100%, can't install Java, can't get Excel or Word to load. Link to post Share on other sites More sharing options...
Maniac Posted May 17, 2010 ID:251354 Share Posted May 17, 2010 You mention that you can't load the Avira. Let's try a rescue disk from Avira:Please try downloading and burning the following from another computer.Avira AntiVir Rescue SystemRequires access to a working computer with a CD/DVD burner to create a bootable CD.Download the Avira AntiVir Rescue System from herePlace a blank CD in your burner and double-click on the downloaded file named rescue_system-common-en.exeThe program will automatically burn the CD for you.Place the burned CD into the affected computer and start the computer from this CD.On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.Click on the Configuration button.Select Scan all filesSelect Try to repair infected files and Rename files, if they cannot be removedSelect Scan for dialersSelect Scan for joke programs (Jokes)Select Scan for gamesSelect Scan for spyware (SPR)[*]Click on Virus scanner[*]Click on Start scanner at the bottom of the screen[*]Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and WarningsThe Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.Possible solutions to Screen Resolution and other issuesPlease see the post here if you're unable to view the entire screen of Avira.You can also review this one Fixed Rescue CD Resolution Probs with Dell VideoCurrently only the German keyboard is supported. Command Line not working English keyboards require work arounds.Some computers attempt to mount the floppy even though they don't have one. You may need to go in to the BIOS and disable the floppy drive in order to mount your hard drive for scanning. Link to post Share on other sites More sharing options...
Gaughin Posted May 17, 2010 Author ID:251393 Share Posted May 17, 2010 I am having a problem booting this disc. While it is a monitor problem, it does not seem to be the same problem described on the links you have provided. I can get the disk to load tup, and regardless of the resolution I choose, I get an image of two animals (penguins, maybe?) on screen for 3-5 seconds, then there is a flash to a screen with one or two line of text for about 1/4 second, just enough to see it's there without being able to actually read it, then the monitor blanks, and the monitor button starts to blink. Reboot is then required.Thanksdave Link to post Share on other sites More sharing options...
Maniac Posted May 17, 2010 ID:251408 Share Posted May 17, 2010 Please post a new fresh HiJackThis log. Link to post Share on other sites More sharing options...
Gaughin Posted May 17, 2010 Author ID:251412 Share Posted May 17, 2010 Please post a new fresh HiJackThis log.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:21:23 AM, on 5/17/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\IPSBHO.DLLO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dllO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cabO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dllO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe--End of file - 5457 bytesTHANKS!gaughin Link to post Share on other sites More sharing options...
Maniac Posted May 17, 2010 ID:251419 Share Posted May 17, 2010 Not sure if the problem is not hardware. What about cooling your computer? Is everything ok? Link to post Share on other sites More sharing options...
Recommended Posts