Services.exe

[Gaughin]

Not sure if the problem is not hardware. What about cooling your computer? Is everything ok?

Yes, I think so. Everything seems OK.

[Maniac]

Okay, let's try this:

http://www.bleepingcomputer.com/forums/topic43051.html

[Gaughin]

Okay, let's try this:

http://www.bleepingcomputer.com/forums/topic43051.html

Here's the current situation. I may have goofed, but I don't think so.

The Windows CD is in storage (I know, we should have it at easier access, but it got moved, along with lots of other stuff, to a rented storage unit when we were trying to clear out room to walk.)

Anyway, until I can get to that to try your latest suggestion, I found a way to get Avira to finally load. I was reading up on services.exe related problems, and found some notes that said it was related to unnecessary spawning of svchost.exe instances; I found one that was attached to about a dozen different applications. So I started the Avira install, and it hung like usual, so I manually killed that svchost.exe. It almost immediately reappeared, but in the few seconds it was down, the Avira install started moving again. One more kill of that process, and Avira'a installation was completed. I think I may have gotten Java to install in the same way; it said the installation was complete, but I haven't restarted the computer to find out.

Anyway, I was very proud of myself. In fact, maybe too proud; I got so excited that I started an Avira scan, and forgot until I opened up this borrowed computer and looked at the forum that you had specifically asked me not to scan anything without your go ahead.

The Avira scan is running now; I will post the result when it is finished. I hope I haven't screwed up our progress.

Thanks,

gaughin

[Gaughin]

Here's the Avira log

Avira AntiVir Personal

Report file date: Monday, May 17, 2010 19:57

Scanning for 1990003 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Safe mode with network

Username : David Vinson

Computer name : VINSON1

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03

VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:29:03

VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:29:03

VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:29:03

VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:29:03

VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:29:03

VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:29:03

VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:29:03

VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:29:03

VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 20:43:21

VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 20:24:21

VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 22:41:40

VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 14:25:53

VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 14:39:58

VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 18:01:24

VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 15:24:56

VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 12:04:23

VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 14:23:02

VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 22:47:50

VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 00:11:22

VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 22:53:48

VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 18:56:47

VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 10:56:20

VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 14:43:55

VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 14:59:22

VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 17:43:17

VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 17:43:17

VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 17:43:17

Engineversion : 8.2.1.210

AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 17:16:21

AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 21:05:26

AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 23:38:41

AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 16:09:47

AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 16:09:47

AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51

AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 16:09:46

AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 23:43:13

AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25

AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 21:05:25

AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 14:04:22

AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 21:05:25

AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 17:15:06

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Monday, May 17, 2010 19:57

Starting search for hidden objects.

The driver could not be initialized.

The scan of running processes will be started

Scan process 'avscan.exe' - '59' Module(s) have been scanned

Scan process 'avcenter.exe' - '92' Module(s) have been scanned

Scan process 'svchost.exe' - '50' Module(s) have been scanned

Scan process 'firefox.exe' - '74' Module(s) have been scanned

Scan process 'procexp.exe' - '66' Module(s) have been scanned

Scan process 'Explorer.EXE' - '93' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '48' Module(s) have been scanned

Scan process 'lsass.exe' - '49' Module(s) have been scanned

Scan process 'services.exe' - '27' Module(s) have been scanned

Scan process 'winlogon.exe' - '62' Module(s) have been scanned

Scan process 'csrss.exe' - '12' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1176' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\Documents and Settings\David Vinson\My Documents\Old computer data files\My Pictures\cabinet maker, jacob lawr

[0] Archive type: MacBinary

--> cabinet maker, jacob lawr.rsrc

[WARNING] The file could not be read!

[WARNING] The file could not be read!

C:\Documents and Settings\David Vinson\My Documents\Old computer data files\My Pictures\Poppy, O'Keefe

[0] Archive type: MacBinary

--> Poppy, O'Keefe.rsrc

[WARNING] The file could not be read!

[WARNING] The file could not be read!

End of the scan: Monday, May 17, 2010 22:10

Used time: 2:12:22 Hour(s)

The scan has been done completely.

25684 Scanned directories

549947 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

549947 Files not concerned

6188 Archives were scanned

4 Warnings

0 Notes

[Maniac]

Unbelievable! Congratulations!

Any change? What about my instructions?

[Gaughin]

Unbelievable! Congratulations!

Any change? What about my instructions?

It seems better on the safe mode side, but about the same on the normal side. As soon as I booted in the normal side, 3 Avira scans popped up automatically (Full scan, Hidden objects search, Updater.) It's been 10 hours, and those are about 1/3 finished. Unless ou say otherwise, I will let them run, it looks like for about 20 more hours, then try to put your next suggestion into play first thing tomorrow morning.

Thanks for your help and encouragement.

gaughin

[Maniac]

Good strategy. Go!

[Gaughin]

Good strategy. Go!

I seem to be at another dead end.

I tried to run sfc.exe in safe mode; certain processes are not enabled in safe mode that are required to run sfc.exe

I switch to normal mode. I run the software, with one irritating problem. It starts up, and displays a window that says this:

[Please wait while Windows verifies that all protected Windows files are intact and in their original versions.]

After maybe 5 seconds, a second window opens that says the following:

[Files that are required for Windows to run properly must be copied to the DLL cache.

Insert your Windows XP Professional CD-ROM now.]

This window contains 3 buttons: Retry, More Information, and Cancel.

I insert the CD (I know it's the right one; Windows came pre-installed on this machine, and I have to break the seal on this disc, that displays the message "Operating System Already Installed On Your Computer")

I push the Retry button. Program runs for 1 or 2 seconds, and Retry screen comes back up. So every time the Retry screen comes up, I push the Retry button. I would up pushing it 637 times. Yes, I counted. Finally, the progress bar is all the way to the right, and the program just quits. The instructions at the BleepingComputer site say that I need to immediately run Windows Updates. Problem with that is that Internet Explorer will not load. I let it sit to try to give it time. Two hours later iexplore.exe is still showing up on Task Manager, but the software is still not available.

I shut down the computer and return to safe mode. Internet Explorer pops right up, but when I go to Windows Update, my computer will not communicate with the Update site. I assume this is because I am in safe mode. The Update site gives me an error message that reads "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem." There is an accompanying error message #; [Error number: 0x8007043C]. I search the site for this error number, and of course it says that I am trying to access a service that is not available from safe mode.

So, in a nutshell, the service is not available in safe mode, and I can't load Internet Explorer in normal mode to even get to the service. I pushed that damn retry button for 50 minutes, and now seem stuck again. Is there any way to load Windows Update without Internet Explorer?

Finally, here's something I have found that could be related to my problem (and seems to suggest to me that this is related to a corrupt Windows update rather than any specific virus/malware.)

If I am safe mode, I get about 5% idle CPU. According to Process Explorer, a single instance of svchost.exe is associated with all of the following services;

C:\\WINDOWS\SYSTEM32\svchost.exe (netsvcs)

Services

COM + Event System [EventSystem]

Computer Browser [browser]

CryptSvc [CryptSvc]

DHCP Client [Dhep]

Error Reporting Service [ERSvc]

Fast User Switching Compatibility [FastUserSwitchingCompatibility]

Help and Support [helpsvc]

Network Connections [Netman]

Network Location Awareness (NLA) [Nla]

Remote Access Connection Manager [RasMan]

Secondary Logon [seclogon]

Security Center [wscsvc]

Server [lanmanserver]

Shell Hardware Detection [shellHWDetection]

System Event Notification [sENS]

System Restore Service [srservice]

Task Scheduler [schedule]

Telephony [TapiSrv]

Themes [Themes]

Windows Audio [AudioSrv]

Windows Firewall/Internet COnnection Sharing (ICS) [sharedAccess]

Windows Management Instrumentation [winmgmt]

Wireless Zero Configuration [WZCSVC]

Workstation [lanmanworkstation]

Now, I know that most of these processes are essential for the computer to run, but the interesting thing I have found is that when I kill or stall this process, available idle CPU (in safe mode) immediately jumps from 3-5% to 50-60%.

Am I on to anything? Is this machine just dead?

Thanks,

gaughin

[Maniac]

We need Internet Explorer. Let's try to fix it:

1. Download IEFix, unzip it to your Desktop, and run it.

2. Click the Apply button.

3. You'll be prompted for the Operating System CD or the Service Pack Files location:

• If you're using Windows XP, insert the Operating System CD. For OEM systems, point to the Operating System source path when prompted. If you've applied a Service Pack separately, you need to insert the Slipstreamed Operating System CD (if you have one) or point the installer to the ServicePack source path when prompted (see the image below). Mention the path as "C:\Windows\ServicePackFiles\i386" or "C:\Windows\ServicePackFiles"
  
• If you don't have the Windows installation CD, and if the installation source files are not present in the hard disk, you may click Cancel when you see a dialog similar to the image below. IEFix will continue with DLL registration part.
  
  
• Restart Windows.
  

[Gaughin]

OK, I have completed this. It did ask for my install disc, and it definitely did something; it took Windows longer than usual to boot up. The icon for Internet Explorer now has a tag (no add-ons). It now will not load on either side, normal boot-up or in safe mode.

Thanks for your tenacity,

gaughin

[Maniac]

Please add to your exclusions in Norton - MalwareBytes' Anti-Malware folder in Program Files.

Also, please manually delete:

c:\documents and settings\Carol Vinson\Application Data\IObit

c:\documents and settings\Carol Vinson\Local Settings\Application Data\AVG Security Toolbar

Finally:

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

Driver::
jfuf
qgxc
idrmkl
McComponentHostService
McAfee Security Scan Component Host Service

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

[Gaughin]

1) In normal mode, there is apparently not enough CPU to allow me to access the menu that would let me add the Malwarebytes files to the exclusion list. In safe mode, I don't have access to those options.

2) I can not find the two folders you are asking me to manually delete.

3) I am hesitant to dump the file into ComboFix until you tell me that it's OK, given that I could not do the first two things.

Thanks

gaughin

[Maniac]

Okay, this will be done later.

Go ahead with ComboFix.

[Gaughin]

Actually, I have been able to find and delete the 2 folders now; they didn't show up in the normal method, I had to manually type in the paths; they did not show up just trying to browse through the subfolders, and a search couldn't locate them either. So now I am just trying to get Malwarebytes to the exclusion list and then I will continue with the ComboFix procedure.

[Gaughin]

Actually, I have been able to find and delete the 2 folders now; they didn't show up in the normal method, I had to manually type in the paths; they did not show up just trying to browse through the subfolders, and a search couldn't locate them either. So now I am just trying to get Malwarebytes to the exclusion list and then I will continue with the ComboFix procedure.

It took about 3 hours to run it; automatically re-booted the computer, and took about 90 more minutes to generate the combofix log. CPU usage still stuck generally between 98-100%; outside of safe mode, virtually no software will open. Here's the combofix log

ComboFix 10-05-19.08 - David Vinson 05/20/2010 12:30:06.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.640 [GMT -4:00]

Running from: c:\documents and settings\David Vinson\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\David Vinson\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IDRMKL

-------\Legacy_MCCOMPONENTHOSTSERVICE

-------\Service_idrmkl

-------\Service_jfuf

-------\Service_McComponentHostService

((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))

.

2010-05-20 13:45 . 2010-05-20 13:45 -------- d-----w- c:\windows\system32\drivers\N360

2010-05-19 04:18 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-05-19 04:18 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-05-19 04:18 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-05-19 04:18 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-05-19 04:18 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-05-19 04:17 . 2001-08-18 02:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe

2010-05-19 04:17 . 2001-08-17 16:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-05-19 04:17 . 2004-08-04 05:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-05-19 04:17 . 2004-08-04 05:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-05-19 04:17 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-05-19 04:15 . 2004-08-04 05:29 11775 ----a-w- c:\windows\system32\dllcache\wadv05nt.sys

2010-05-19 04:14 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys

2010-05-19 04:13 . 2001-08-17 18:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys

2010-05-19 04:12 . 2001-08-17 16:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys

2010-05-19 04:11 . 2001-08-17 16:12 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys

2010-05-19 04:10 . 2001-08-18 02:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll

2010-05-19 04:09 . 2001-08-18 02:36 79872 ----a-w- c:\windows\system32\dllcache\rwia430.dll

2010-05-19 04:08 . 2008-04-13 18:40 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys

2010-05-19 04:07 . 2004-03-19 22:41 20992 ----a-w- c:\windows\system32\dllcache\permchk.dll

2010-05-19 04:06 . 2001-08-17 16:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys

2010-05-19 04:05 . 2001-08-17 16:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys

2010-05-19 04:04 . 2001-08-17 18:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys

2010-05-19 04:04 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2010-05-19 04:04 . 2003-03-31 10:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll

2010-05-19 04:04 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys

2010-05-19 04:04 . 2001-08-17 17:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys

2010-05-19 04:04 . 2001-08-17 17:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys

2010-05-19 04:04 . 2004-03-19 22:39 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe

2010-05-19 04:04 . 2001-08-17 16:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys

2010-05-19 04:04 . 2001-08-17 18:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll

2010-05-19 04:04 . 2004-03-19 22:39 92416 ----a-w- c:\windows\system32\dllcache\mga.sys

2010-05-19 04:02 . 2001-08-17 16:12 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys

2010-05-19 04:02 . 2001-08-18 02:36 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll

2010-05-19 04:02 . 2003-03-31 10:00 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll

2010-05-19 04:02 . 2008-04-14 00:11 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll

2010-05-19 04:02 . 2008-04-14 00:11 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll

2010-05-19 04:02 . 2004-03-19 22:38 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll

2010-05-19 04:02 . 2004-03-19 22:38 7680 ----a-w- c:\windows\system32\dllcache\kbdnecnt.dll

2010-05-19 04:02 . 2004-03-19 22:38 9216 ----a-w- c:\windows\system32\dllcache\kbdnecat.dll

2010-05-19 04:02 . 2004-03-19 22:38 7168 ----a-w- c:\windows\system32\dllcache\kbdnec95.dll

2010-05-19 04:02 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll

2010-05-19 04:02 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll

2010-05-19 04:00 . 2003-03-31 10:00 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe

2010-05-19 03:59 . 2001-08-17 17:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys

2010-05-19 03:58 . 2001-08-17 18:02 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys

2010-05-19 03:57 . 2001-08-18 02:36 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll

2010-05-19 03:56 . 2001-08-17 16:19 37120 ----a-w- c:\windows\system32\dllcache\es1370mp.sys

2010-05-19 03:55 . 2001-08-17 16:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys

2010-05-19 03:54 . 2001-08-17 16:14 21606 ----a-w- c:\windows\system32\dllcache\digiisdn.sys

2010-05-19 03:53 . 2001-08-18 02:36 27136 ----a-w- c:\windows\system32\dllcache\cyzcoins.dll

2010-05-19 03:52 . 2001-08-17 17:51 20736 ----a-w- c:\windows\system32\dllcache\cmbp0wdm.sys

2010-05-19 03:52 . 2001-08-17 17:57 248064 ----a-w- c:\windows\system32\dllcache\cl546xm.sys

2010-05-19 03:52 . 2001-08-17 18:56 170880 ----a-w- c:\windows\system32\dllcache\cl546x.dll

2010-05-19 03:52 . 2001-08-17 18:56 111232 ----a-w- c:\windows\system32\dllcache\cl5465.dll

2010-05-19 03:52 . 2001-08-17 17:57 45696 ----a-w- c:\windows\system32\dllcache\cirrus.sys

2010-05-19 03:52 . 2001-08-17 18:56 91264 ----a-w- c:\windows\system32\dllcache\cirrus.dll

2010-05-19 03:52 . 2001-08-17 18:02 272640 ----a-w- c:\windows\system32\dllcache\cinemclc.sys

2010-05-19 03:52 . 2001-08-17 16:13 980034 ----a-w- c:\windows\system32\dllcache\cicap.sys

2010-05-19 03:50 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys

2010-05-19 03:16 . 2001-08-17 16:11 31529 ----a-w- c:\windows\system32\dllcache\brzwlan.sys

2010-05-19 03:15 . 2001-08-17 17:12 12160 ----a-w- c:\windows\system32\dllcache\brfiltlo.sys

2010-05-19 03:14 . 2001-08-18 02:36 37376 ----a-w- c:\windows\system32\dllcache\atievxx.exe

2010-05-19 03:13 . 2001-08-17 16:19 553984 ----a-w- c:\windows\system32\dllcache\adm8820.sys

2010-05-19 03:12 . 2004-03-19 22:44 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll

2010-05-19 03:12 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-05-17 23:55 . 2010-05-17 23:55 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Avira

2010-05-17 22:58 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-05-17 22:58 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-05-17 22:58 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-05-17 22:58 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-05-17 22:58 . 2010-05-17 22:58 -------- d-----w- c:\program files\Avira

2010-05-17 22:58 . 2010-05-17 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-05-17 22:48 . 2010-05-17 22:49 -------- d-----w- c:\program files\Java

2010-05-17 22:48 . 2010-05-17 22:48 -------- d-----w- c:\program files\Common Files\Java

2010-05-17 22:45 . 2010-05-17 22:45 -------- d-----w- c:\documents and settings\David Vinson\Local Settings\Application Data\{6448F0A6-6813-11D6-A77B-00B0D0150160}

2010-05-17 14:20 . 2010-05-17 14:20 -------- d-----w- c:\program files\Windows Live Safety Center

2010-05-13 20:01 . 2010-05-14 04:32 -------- d-----w- c:\documents and settings\David Vinson\DoctorWeb

2010-05-09 23:26 . 2010-05-10 13:59 -------- d-----w- C:\Combo-Fix

2010-05-07 02:22 . 2010-05-07 02:22 -------- d-----w- c:\program files\Trend Micro

2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Malwarebytes

2010-05-06 01:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-06 01:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-03 03:03 . 2010-05-03 03:03 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Tific

2010-05-03 02:55 . 2010-05-03 02:55 -------- d-----w- c:\documents and settings\David Vinson\Local Settings\Application Data\Symantec

2010-05-03 02:22 . 2010-05-03 02:22 -------- d-----w- c:\program files\Windows Sidebar

2010-05-03 02:20 . 2010-05-17 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-05-03 02:05 . 2010-05-20 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-05-01 01:39 . 2010-05-01 01:39 -------- d-----w- c:\documents and settings\Andy Vinson\Local Settings\Application Data\AOL

2010-05-01 01:37 . 2010-05-01 01:37 -------- d-sh--w- c:\documents and settings\Andy Vinson\IETldCache

2010-04-29 14:37 . 2010-04-29 14:37 -------- d-----w- c:\program files\iPod

2010-04-29 14:37 . 2010-04-29 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-29 14:21 . 2010-04-29 14:21 -------- d-----w- c:\program files\Bonjour

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-18 02:45 . 2007-05-11 02:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-16 18:52 . 2008-01-18 12:44 -------- d-----w- c:\program files\OpenSource Flash Video Splitter

2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-05-07 10:48 . 2009-05-25 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2010-05-07 10:45 . 2009-12-19 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-05-07 04:15 . 2009-12-24 12:57 0 ----a-w- c:\documents and settings\David Vinson\Local Settings\Application Data\prvlcl.dat

2010-05-06 12:32 . 2005-10-22 03:26 -------- d-----w- c:\program files\Lavasoft

2010-05-06 12:32 . 2008-08-11 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-05-05 02:21 . 2008-05-31 21:07 -------- d-----w- c:\documents and settings\David Vinson\Application Data\MSN6

2010-04-29 14:39 . 2007-04-05 00:50 -------- d-----w- c:\program files\iTunes

2010-04-29 14:37 . 2007-07-09 13:45 -------- d-----w- c:\program files\Common Files\Apple

2010-04-29 14:31 . 2006-12-18 21:07 -------- d-----w- c:\program files\QuickTime

2010-04-16 12:33 . 2009-03-19 11:02 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-04-16 12:33 . 2007-11-12 03:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Office Genuine Advantage

2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-04-03 05:03 . 2009-09-11 04:04 96272 ---ha-w- c:\windows\system32\mlfcache.dat

2010-03-29 18:04 . 2004-06-03 06:10 130000 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-29 17:30 . 2010-03-29 17:30 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Jasc Software Inc

2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Dell Computer

2010-03-29 14:10 . 2008-01-18 12:43 -------- d-----w- c:\program files\RealMedia

2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Real

2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Common Files\Real

2010-03-29 14:05 . 2010-03-19 02:09 -------- d-----w- c:\program files\SecureBackupShare

2010-03-29 14:02 . 2009-12-22 18:47 -------- d-----w- c:\program files\Uniblue

2010-03-29 13:40 . 2010-03-13 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-03-28 14:59 . 2005-03-22 01:38 -------- d-----w- c:\program files\Avery Wizard

2010-03-28 03:53 . 2007-11-04 21:50 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Uniblue

2010-03-27 11:40 . 2007-05-11 02:24 -------- d--h--w- c:\documents and settings\David Vinson\Application Data\Move Networks

2010-03-23 01:45 . 2010-02-14 22:43 -------- d-----w- c:\documents and settings\David Vinson\Application Data\TrueSwitch

2010-03-23 01:42 . 2009-11-28 16:36 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Amazon

2010-03-10 06:15 . 2004-03-19 22:44 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2002-11-18 11:27 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2006-01-04 22:30 . 2006-01-04 22:30 774144 -c----w- c:\program files\RngInterstitial.dll

2009-10-27 22:22 . 2006-11-11 04:54 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-27 30192]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\Andy Vinson\Start Menu\Programs\Startup\

PowerReg Scheduler V3.exe [2005-6-30 225280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\PowerTerm WebConnect 5.1\\powerterm.pstcc.edu\\ptermX.exe"=

"c:\\WINDOWS\\system32"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

"c:\\WINDOWS\\SYSTEM32\\msiexec.exe"=

"c:\\PowerTerm WebConnect 5.6\\powerterm.pstcc.edu\\ptermX.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aim6.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\Last.fm\\LastFM.exe"=

"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=

"c:\\Program Files\\NBC Direct\\StoreFrontPlayer.exe"=

.

Contents of the 'Scheduled Tasks' folder

2010-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-05-20 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-12 16:16]

2004-07-01 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-03-19 00:12]

2010-05-20 c:\windows\Tasks\User_Feed_Synchronization-{96A8F87C-1609-4822-9E2A-BB33302CC2EE}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}

FF - ProfilePath - c:\documents and settings\David Vinson\Application Data\Mozilla\Firefox\Profiles\vic99eqj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071504000001.dll

FF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\Microsoft Research\HDView for Firefox\nphdview.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-20 15:37

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1732)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\sched.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\fxssvc.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2010-05-20 16:40:00 - machine was rebooted

ComboFix-quarantined-files.txt 2010-05-20 20:39

ComboFix2.txt 2010-05-17 02:02

ComboFix3.txt 2010-05-10 13:55

Pre-Run: 8,860,114,944 bytes free

Post-Run: 8,895,758,336 bytes free

Current=3 Default=3 Failed=5 LastKnownGood=6 Sets=1,2,3,5,6

- - End Of File - - 43A358040A254085C5C6648B08FB29EA

[Gaughin]

And now there's a more troubling problem; I can no longer connect to the internet with either Firefox or Internet Explorer, whether I am in safe mode or not.

gaughin

[Gaughin]

Is Windows repair an option? Or should I just try to find a reputable local person to work on it? Without any internet access, I assume I am crippled.

[Maniac]

Is Windows repair an option? Or should I just try to find a reputable local person to work on it? Without any internet access, I assume I am crippled.

I did not want to happen, but if you are able to do so, I strongly recommend it.

[Gaughin]

I did not want to happen, but if you are able to do so, I strongly recommend it.

Actually, for whatever reason, after I re-started the machine this morning, I could get Firefox to start. And surprisingly, I seem to consistently have 10-15% free CPU. Internet Explorer still won't open, but if you have any other fix options, I am willing to try them. I don't trust the locals.

Thanks

gaughin

[Maniac]

Wow... perfect. IEFix not help?

[Gaughin]

Wow... perfect. IEFix not help?

Apparently not. Should I try to run it again? By the way, one strange thing happened with ComboFix; since I couldn't disable Norton, and since I had Avira running, I simply uninstalled Norton. Despite this, when ComboFix ran, it reported that Norton was running.

Thanks,

gaughin

[Maniac]

Yes, please, run it again. Don't worry about Norton.

[Gaughin]

Yes, please, run it again. Don't worry about Norton.

iefix did not seem to respond; i hit the "run" button, and it did not respond in any way for 35 minutes. But I do have Internet Exporer running (I am typing this from within it now.) I simply downloaded a fresh version of IE8 and re-installed it. So now that IE is working, what next? I appreciate the education I am receiving from these exchanges, though I suppose you are tired of me by now. Thanks again,

gaughin

[Maniac]

Now, I want to know is everything okay there.

[Gaughin]

Now, I want to know is everything okay there.

No, it's not. CPU usage is still around 90-95% when in normal mode, Office software looks like it is loading, but if I try to open any file, it freezes up the entire computer, forcing a hard shut-down. IE will open in safe mode, but not in normal mode, so I still can't run windows update.

Thanks

gaughin