Gaughin Posted May 17, 2010 Author ID:251422 Share Posted May 17, 2010 Not sure if the problem is not hardware. What about cooling your computer? Is everything ok?Yes, I think so. Everything seems OK. Link to post Share on other sites More sharing options...
Maniac Posted May 17, 2010 ID:251424 Share Posted May 17, 2010 Okay, let's try this:http://www.bleepingcomputer.com/forums/topic43051.html Link to post Share on other sites More sharing options...
Gaughin Posted May 18, 2010 Author ID:251658 Share Posted May 18, 2010 Okay, let's try this:http://www.bleepingcomputer.com/forums/topic43051.htmlHere's the current situation. I may have goofed, but I don't think so.The Windows CD is in storage (I know, we should have it at easier access, but it got moved, along with lots of other stuff, to a rented storage unit when we were trying to clear out room to walk.)Anyway, until I can get to that to try your latest suggestion, I found a way to get Avira to finally load. I was reading up on services.exe related problems, and found some notes that said it was related to unnecessary spawning of svchost.exe instances; I found one that was attached to about a dozen different applications. So I started the Avira install, and it hung like usual, so I manually killed that svchost.exe. It almost immediately reappeared, but in the few seconds it was down, the Avira install started moving again. One more kill of that process, and Avira'a installation was completed. I think I may have gotten Java to install in the same way; it said the installation was complete, but I haven't restarted the computer to find out.Anyway, I was very proud of myself. In fact, maybe too proud; I got so excited that I started an Avira scan, and forgot until I opened up this borrowed computer and looked at the forum that you had specifically asked me not to scan anything without your go ahead.The Avira scan is running now; I will post the result when it is finished. I hope I haven't screwed up our progress. Thanks,gaughin Link to post Share on other sites More sharing options...
Gaughin Posted May 18, 2010 Author ID:251696 Share Posted May 18, 2010 Here's the Avira logAvira AntiVir PersonalReport file date: Monday, May 17, 2010 19:57Scanning for 1990003 virus strains and unwanted programs.The program is running as an unrestricted full version.Online services are available:Licensee : Avira AntiVir Personal - FREE AntivirusSerial number : 0000149996-ADJIE-0000001Platform : Windows XPWindows version : (Service Pack 3) [5.1.2600]Boot mode : Safe mode with networkUsername : David VinsonComputer name : VINSON1Version information:BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:29:03VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:29:03VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:29:03VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:29:03VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:29:03VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:29:03VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:29:03VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:29:03VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 20:43:21VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 20:24:21VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 22:41:40VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 14:25:53VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 14:39:58VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 18:01:24VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 15:24:56VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 12:04:23VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 14:23:02VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 22:47:50VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 00:11:22VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 22:53:48VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 18:56:47VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 10:56:20VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 14:43:55VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 14:59:22VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 17:43:17VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 17:43:17VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 17:43:17Engineversion : 8.2.1.210 AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 17:16:21AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 21:05:26AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 23:38:41AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 16:09:47AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 16:09:47AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 16:09:46AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 23:43:13AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 21:05:25AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 14:04:22AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 21:05:25AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 17:15:06AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29Configuration settings for the scan:Jobname.............................: Complete system scanConfiguration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avpLogging.............................: lowPrimary action......................: interactiveSecondary action....................: ignoreScan master boot sector.............: onScan boot sector....................: onBoot sectors........................: C:, Process scan........................: onExtended process scan...............: onScan registry.......................: onSearch for rootkits.................: onIntegrity checking of system files..: offScan all files......................: All filesScan archives.......................: onRecursion depth.....................: 20Smart extensions....................: onMacro heuristic.....................: onFile heuristic......................: mediumStart of the scan: Monday, May 17, 2010 19:57Starting search for hidden objects.The driver could not be initialized.The scan of running processes will be startedScan process 'avscan.exe' - '59' Module(s) have been scannedScan process 'avcenter.exe' - '92' Module(s) have been scannedScan process 'svchost.exe' - '50' Module(s) have been scannedScan process 'firefox.exe' - '74' Module(s) have been scannedScan process 'procexp.exe' - '66' Module(s) have been scannedScan process 'Explorer.EXE' - '93' Module(s) have been scannedScan process 'svchost.exe' - '39' Module(s) have been scannedScan process 'svchost.exe' - '48' Module(s) have been scannedScan process 'lsass.exe' - '49' Module(s) have been scannedScan process 'services.exe' - '27' Module(s) have been scannedScan process 'winlogon.exe' - '62' Module(s) have been scannedScan process 'csrss.exe' - '12' Module(s) have been scannedScan process 'smss.exe' - '2' Module(s) have been scannedStarting master boot sector scan:Master boot sector HD0 [iNFO] No virus was found!Master boot sector HD1 [iNFO] No virus was found!Start scanning boot sectors:Boot sector 'C:\' [iNFO] No virus was found!Starting to scan executable files (registry).The registry was scanned ( '1176' files ).Starting the file scan:Begin scan in 'C:\'C:\Documents and Settings\David Vinson\My Documents\Old computer data files\My Pictures\cabinet maker, jacob lawr[0] Archive type: MacBinary--> cabinet maker, jacob lawr.rsrc [WARNING] The file could not be read! [WARNING] The file could not be read!C:\Documents and Settings\David Vinson\My Documents\Old computer data files\My Pictures\Poppy, O'Keefe[0] Archive type: MacBinary--> Poppy, O'Keefe.rsrc [WARNING] The file could not be read! [WARNING] The file could not be read!End of the scan: Monday, May 17, 2010 22:10Used time: 2:12:22 Hour(s)The scan has been done completely. 25684 Scanned directories 549947 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 549947 Files not concerned 6188 Archives were scanned 4 Warnings 0 Notes Link to post Share on other sites More sharing options...
Maniac Posted May 18, 2010 ID:251869 Share Posted May 18, 2010 Unbelievable! Congratulations! Any change? What about my instructions? Link to post Share on other sites More sharing options...
Gaughin Posted May 18, 2010 Author ID:251909 Share Posted May 18, 2010 Unbelievable! Congratulations! Any change? What about my instructions?It seems better on the safe mode side, but about the same on the normal side. As soon as I booted in the normal side, 3 Avira scans popped up automatically (Full scan, Hidden objects search, Updater.) It's been 10 hours, and those are about 1/3 finished. Unless ou say otherwise, I will let them run, it looks like for about 20 more hours, then try to put your next suggestion into play first thing tomorrow morning.Thanks for your help and encouragement.gaughin Link to post Share on other sites More sharing options...
Maniac Posted May 18, 2010 ID:251910 Share Posted May 18, 2010 Good strategy. Go! Link to post Share on other sites More sharing options...
Gaughin Posted May 19, 2010 Author ID:252515 Share Posted May 19, 2010 Good strategy. Go! I seem to be at another dead end.I tried to run sfc.exe in safe mode; certain processes are not enabled in safe mode that are required to run sfc.exeI switch to normal mode. I run the software, with one irritating problem. It starts up, and displays a window that says this:[Please wait while Windows verifies that all protected Windows files are intact and in their original versions.]After maybe 5 seconds, a second window opens that says the following:[Files that are required for Windows to run properly must be copied to the DLL cache.Insert your Windows XP Professional CD-ROM now.]This window contains 3 buttons: Retry, More Information, and Cancel.I insert the CD (I know it's the right one; Windows came pre-installed on this machine, and I have to break the seal on this disc, that displays the message "Operating System Already Installed On Your Computer")I push the Retry button. Program runs for 1 or 2 seconds, and Retry screen comes back up. So every time the Retry screen comes up, I push the Retry button. I would up pushing it 637 times. Yes, I counted. Finally, the progress bar is all the way to the right, and the program just quits. The instructions at the BleepingComputer site say that I need to immediately run Windows Updates. Problem with that is that Internet Explorer will not load. I let it sit to try to give it time. Two hours later iexplore.exe is still showing up on Task Manager, but the software is still not available.I shut down the computer and return to safe mode. Internet Explorer pops right up, but when I go to Windows Update, my computer will not communicate with the Update site. I assume this is because I am in safe mode. The Update site gives me an error message that reads "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem." There is an accompanying error message #; [Error number: 0x8007043C]. I search the site for this error number, and of course it says that I am trying to access a service that is not available from safe mode. So, in a nutshell, the service is not available in safe mode, and I can't load Internet Explorer in normal mode to even get to the service. I pushed that damn retry button for 50 minutes, and now seem stuck again. Is there any way to load Windows Update without Internet Explorer?Finally, here's something I have found that could be related to my problem (and seems to suggest to me that this is related to a corrupt Windows update rather than any specific virus/malware.)If I am safe mode, I get about 5% idle CPU. According to Process Explorer, a single instance of svchost.exe is associated with all of the following services;C:\\WINDOWS\SYSTEM32\svchost.exe (netsvcs)Services COM + Event System [EventSystem] Computer Browser [browser] CryptSvc [CryptSvc] DHCP Client [Dhep] Error Reporting Service [ERSvc] Fast User Switching Compatibility [FastUserSwitchingCompatibility] Help and Support [helpsvc] Network Connections [Netman] Network Location Awareness (NLA) [Nla] Remote Access Connection Manager [RasMan] Secondary Logon [seclogon] Security Center [wscsvc] Server [lanmanserver] Shell Hardware Detection [shellHWDetection] System Event Notification [sENS] System Restore Service [srservice] Task Scheduler [schedule] Telephony [TapiSrv] Themes [Themes] Windows Audio [AudioSrv] Windows Firewall/Internet COnnection Sharing (ICS) [sharedAccess] Windows Management Instrumentation [winmgmt] Wireless Zero Configuration [WZCSVC] Workstation [lanmanworkstation]Now, I know that most of these processes are essential for the computer to run, but the interesting thing I have found is that when I kill or stall this process, available idle CPU (in safe mode) immediately jumps from 3-5% to 50-60%.Am I on to anything? Is this machine just dead?Thanks,gaughin Link to post Share on other sites More sharing options...
Maniac Posted May 19, 2010 ID:252521 Share Posted May 19, 2010 We need Internet Explorer. Let's try to fix it:1. Download IEFix, unzip it to your Desktop, and run it.2. Click the Apply button.3. You'll be prompted for the Operating System CD or the Service Pack Files location:If you're using Windows XP, insert the Operating System CD. For OEM systems, point to the Operating System source path when prompted. If you've applied a Service Pack separately, you need to insert the Slipstreamed Operating System CD (if you have one) or point the installer to the ServicePack source path when prompted (see the image below). Mention the path as "C:\Windows\ServicePackFiles\i386" or "C:\Windows\ServicePackFiles"If you don't have the Windows installation CD, and if the installation source files are not present in the hard disk, you may click Cancel when you see a dialog similar to the image below. IEFix will continue with DLL registration part.Restart Windows. Link to post Share on other sites More sharing options...
Gaughin Posted May 20, 2010 Author ID:252866 Share Posted May 20, 2010 OK, I have completed this. It did ask for my install disc, and it definitely did something; it took Windows longer than usual to boot up. The icon for Internet Explorer now has a tag (no add-ons). It now will not load on either side, normal boot-up or in safe mode.Thanks for your tenacity,gaughin Link to post Share on other sites More sharing options...
Maniac Posted May 20, 2010 ID:253037 Share Posted May 20, 2010 Please add to your exclusions in Norton - MalwareBytes' Anti-Malware folder in Program Files.Also, please manually delete: c:\documents and settings\Carol Vinson\Application Data\IObitc:\documents and settings\Carol Vinson\Local Settings\Application Data\AVG Security ToolbarFinally:Open Notepad and copy and paste the text in the code box below into it:KillAll::Driver::jfufqgxcidrmklMcComponentHostServiceMcAfee Security Scan Component Host ServiceSave the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system. Link to post Share on other sites More sharing options...
Gaughin Posted May 20, 2010 Author ID:253109 Share Posted May 20, 2010 1) In normal mode, there is apparently not enough CPU to allow me to access the menu that would let me add the Malwarebytes files to the exclusion list. In safe mode, I don't have access to those options.2) I can not find the two folders you are asking me to manually delete.3) I am hesitant to dump the file into ComboFix until you tell me that it's OK, given that I could not do the first two things.Thanksgaughin Link to post Share on other sites More sharing options...
Maniac Posted May 20, 2010 ID:253110 Share Posted May 20, 2010 Okay, this will be done later.Go ahead with ComboFix. Link to post Share on other sites More sharing options...
Gaughin Posted May 20, 2010 Author ID:253113 Share Posted May 20, 2010 Actually, I have been able to find and delete the 2 folders now; they didn't show up in the normal method, I had to manually type in the paths; they did not show up just trying to browse through the subfolders, and a search couldn't locate them either. So now I am just trying to get Malwarebytes to the exclusion list and then I will continue with the ComboFix procedure. Link to post Share on other sites More sharing options...
Gaughin Posted May 20, 2010 Author ID:253253 Share Posted May 20, 2010 Actually, I have been able to find and delete the 2 folders now; they didn't show up in the normal method, I had to manually type in the paths; they did not show up just trying to browse through the subfolders, and a search couldn't locate them either. So now I am just trying to get Malwarebytes to the exclusion list and then I will continue with the ComboFix procedure.It took about 3 hours to run it; automatically re-booted the computer, and took about 90 more minutes to generate the combofix log. CPU usage still stuck generally between 98-100%; outside of safe mode, virtually no software will open. Here's the combofix logComboFix 10-05-19.08 - David Vinson 05/20/2010 12:30:06.3.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.640 [GMT -4:00]Running from: c:\documents and settings\David Vinson\Desktop\Combo-Fix.exeCommand switches used :: c:\documents and settings\David Vinson\Desktop\CFScript.txtAV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_IDRMKL-------\Legacy_MCCOMPONENTHOSTSERVICE-------\Service_idrmkl-------\Service_jfuf-------\Service_McComponentHostService((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 ))))))))))))))))))))))))))))))).2010-05-20 13:45 . 2010-05-20 13:45 -------- d-----w- c:\windows\system32\drivers\N3602010-05-19 04:18 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll2010-05-19 04:18 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll2010-05-19 04:18 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll2010-05-19 04:18 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe2010-05-19 04:18 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe2010-05-19 04:17 . 2001-08-18 02:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe2010-05-19 04:17 . 2001-08-17 16:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys2010-05-19 04:17 . 2004-08-04 05:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys2010-05-19 04:17 . 2004-08-04 05:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys2010-05-19 04:17 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll2010-05-19 04:15 . 2004-08-04 05:29 11775 ----a-w- c:\windows\system32\dllcache\wadv05nt.sys2010-05-19 04:14 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys2010-05-19 04:13 . 2001-08-17 18:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys2010-05-19 04:12 . 2001-08-17 16:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys2010-05-19 04:11 . 2001-08-17 16:12 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys2010-05-19 04:10 . 2001-08-18 02:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll2010-05-19 04:09 . 2001-08-18 02:36 79872 ----a-w- c:\windows\system32\dllcache\rwia430.dll2010-05-19 04:08 . 2008-04-13 18:40 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys2010-05-19 04:07 . 2004-03-19 22:41 20992 ----a-w- c:\windows\system32\dllcache\permchk.dll2010-05-19 04:06 . 2001-08-17 16:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys2010-05-19 04:05 . 2001-08-17 16:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys2010-05-19 04:04 . 2001-08-17 18:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys2010-05-19 04:04 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys2010-05-19 04:04 . 2003-03-31 10:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll2010-05-19 04:04 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys2010-05-19 04:04 . 2001-08-17 17:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys2010-05-19 04:04 . 2001-08-17 17:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys2010-05-19 04:04 . 2004-03-19 22:39 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe2010-05-19 04:04 . 2001-08-17 16:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys2010-05-19 04:04 . 2001-08-17 18:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll2010-05-19 04:04 . 2004-03-19 22:39 92416 ----a-w- c:\windows\system32\dllcache\mga.sys2010-05-19 04:02 . 2001-08-17 16:12 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys2010-05-19 04:02 . 2001-08-18 02:36 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll2010-05-19 04:02 . 2003-03-31 10:00 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll2010-05-19 04:02 . 2008-04-14 00:11 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll2010-05-19 04:02 . 2008-04-14 00:11 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll2010-05-19 04:02 . 2004-03-19 22:38 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll2010-05-19 04:02 . 2004-03-19 22:38 7680 ----a-w- c:\windows\system32\dllcache\kbdnecnt.dll2010-05-19 04:02 . 2004-03-19 22:38 9216 ----a-w- c:\windows\system32\dllcache\kbdnecat.dll2010-05-19 04:02 . 2004-03-19 22:38 7168 ----a-w- c:\windows\system32\dllcache\kbdnec95.dll2010-05-19 04:02 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll2010-05-19 04:02 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll2010-05-19 04:00 . 2003-03-31 10:00 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe2010-05-19 03:59 . 2001-08-17 17:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys2010-05-19 03:58 . 2001-08-17 18:02 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys2010-05-19 03:57 . 2001-08-18 02:36 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll2010-05-19 03:56 . 2001-08-17 16:19 37120 ----a-w- c:\windows\system32\dllcache\es1370mp.sys2010-05-19 03:55 . 2001-08-17 16:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys2010-05-19 03:54 . 2001-08-17 16:14 21606 ----a-w- c:\windows\system32\dllcache\digiisdn.sys2010-05-19 03:53 . 2001-08-18 02:36 27136 ----a-w- c:\windows\system32\dllcache\cyzcoins.dll2010-05-19 03:52 . 2001-08-17 17:51 20736 ----a-w- c:\windows\system32\dllcache\cmbp0wdm.sys2010-05-19 03:52 . 2001-08-17 17:57 248064 ----a-w- c:\windows\system32\dllcache\cl546xm.sys2010-05-19 03:52 . 2001-08-17 18:56 170880 ----a-w- c:\windows\system32\dllcache\cl546x.dll2010-05-19 03:52 . 2001-08-17 18:56 111232 ----a-w- c:\windows\system32\dllcache\cl5465.dll2010-05-19 03:52 . 2001-08-17 17:57 45696 ----a-w- c:\windows\system32\dllcache\cirrus.sys2010-05-19 03:52 . 2001-08-17 18:56 91264 ----a-w- c:\windows\system32\dllcache\cirrus.dll2010-05-19 03:52 . 2001-08-17 18:02 272640 ----a-w- c:\windows\system32\dllcache\cinemclc.sys2010-05-19 03:52 . 2001-08-17 16:13 980034 ----a-w- c:\windows\system32\dllcache\cicap.sys2010-05-19 03:50 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys2010-05-19 03:16 . 2001-08-17 16:11 31529 ----a-w- c:\windows\system32\dllcache\brzwlan.sys2010-05-19 03:15 . 2001-08-17 17:12 12160 ----a-w- c:\windows\system32\dllcache\brfiltlo.sys2010-05-19 03:14 . 2001-08-18 02:36 37376 ----a-w- c:\windows\system32\dllcache\atievxx.exe2010-05-19 03:13 . 2001-08-17 16:19 553984 ----a-w- c:\windows\system32\dllcache\adm8820.sys2010-05-19 03:12 . 2004-03-19 22:44 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll2010-05-19 03:12 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll2010-05-17 23:55 . 2010-05-17 23:55 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Avira2010-05-17 22:58 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys2010-05-17 22:58 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys2010-05-17 22:58 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys2010-05-17 22:58 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys2010-05-17 22:58 . 2010-05-17 22:58 -------- d-----w- c:\program files\Avira2010-05-17 22:58 . 2010-05-17 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira2010-05-17 22:48 . 2010-05-17 22:49 -------- d-----w- c:\program files\Java2010-05-17 22:48 . 2010-05-17 22:48 -------- d-----w- c:\program files\Common Files\Java2010-05-17 22:45 . 2010-05-17 22:45 -------- d-----w- c:\documents and settings\David Vinson\Local Settings\Application Data\{6448F0A6-6813-11D6-A77B-00B0D0150160}2010-05-17 14:20 . 2010-05-17 14:20 -------- d-----w- c:\program files\Windows Live Safety Center2010-05-13 20:01 . 2010-05-14 04:32 -------- d-----w- c:\documents and settings\David Vinson\DoctorWeb2010-05-09 23:26 . 2010-05-10 13:59 -------- d-----w- C:\Combo-Fix2010-05-07 02:22 . 2010-05-07 02:22 -------- d-----w- c:\program files\Trend Micro2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Malwarebytes2010-05-06 01:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-05-06 01:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-05-03 03:03 . 2010-05-03 03:03 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Tific2010-05-03 02:55 . 2010-05-03 02:55 -------- d-----w- c:\documents and settings\David Vinson\Local Settings\Application Data\Symantec2010-05-03 02:22 . 2010-05-03 02:22 -------- d-----w- c:\program files\Windows Sidebar2010-05-03 02:20 . 2010-05-17 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller2010-05-03 02:05 . 2010-05-20 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton2010-05-01 01:39 . 2010-05-01 01:39 -------- d-----w- c:\documents and settings\Andy Vinson\Local Settings\Application Data\AOL2010-05-01 01:37 . 2010-05-01 01:37 -------- d-sh--w- c:\documents and settings\Andy Vinson\IETldCache2010-04-29 14:37 . 2010-04-29 14:37 -------- d-----w- c:\program files\iPod2010-04-29 14:37 . 2010-04-29 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2010-04-29 14:21 . 2010-04-29 14:21 -------- d-----w- c:\program files\Bonjour.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-05-18 02:45 . 2007-05-11 02:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat2010-05-16 18:52 . 2008-01-18 12:44 -------- d-----w- c:\program files\OpenSource Flash Video Splitter2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-05-07 10:48 . 2009-05-25 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop2010-05-07 10:45 . 2009-12-19 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg92010-05-07 04:15 . 2009-12-24 12:57 0 ----a-w- c:\documents and settings\David Vinson\Local Settings\Application Data\prvlcl.dat2010-05-06 12:32 . 2005-10-22 03:26 -------- d-----w- c:\program files\Lavasoft2010-05-06 12:32 . 2008-08-11 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft2010-05-05 02:21 . 2008-05-31 21:07 -------- d-----w- c:\documents and settings\David Vinson\Application Data\MSN62010-04-29 14:39 . 2007-04-05 00:50 -------- d-----w- c:\program files\iTunes2010-04-29 14:37 . 2007-07-09 13:45 -------- d-----w- c:\program files\Common Files\Apple2010-04-29 14:31 . 2006-12-18 21:07 -------- d-----w- c:\program files\QuickTime2010-04-16 12:33 . 2009-03-19 11:02 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll2010-04-16 12:33 . 2007-11-12 03:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Office Genuine Advantage2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe2010-04-03 05:03 . 2009-09-11 04:04 96272 ---ha-w- c:\windows\system32\mlfcache.dat2010-03-29 18:04 . 2004-06-03 06:10 130000 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-03-29 17:30 . 2010-03-29 17:30 -------- d-----w- c:\program files\Eusing Free Registry Cleaner2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Jasc Software Inc2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Dell Computer2010-03-29 14:10 . 2008-01-18 12:43 -------- d-----w- c:\program files\RealMedia2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Real2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Common Files\Real2010-03-29 14:05 . 2010-03-19 02:09 -------- d-----w- c:\program files\SecureBackupShare2010-03-29 14:02 . 2009-12-22 18:47 -------- d-----w- c:\program files\Uniblue2010-03-29 13:40 . 2010-03-13 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS2010-03-28 14:59 . 2005-03-22 01:38 -------- d-----w- c:\program files\Avery Wizard2010-03-28 03:53 . 2007-11-04 21:50 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Uniblue2010-03-27 11:40 . 2007-05-11 02:24 -------- d--h--w- c:\documents and settings\David Vinson\Application Data\Move Networks2010-03-23 01:45 . 2010-02-14 22:43 -------- d-----w- c:\documents and settings\David Vinson\Application Data\TrueSwitch2010-03-23 01:42 . 2009-11-28 16:36 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Amazon2010-03-10 06:15 . 2004-03-19 22:44 420352 ----a-w- c:\windows\system32\vbscript.dll2010-02-25 06:24 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll2010-02-24 13:11 . 2002-11-18 11:27 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2006-01-04 22:30 . 2006-01-04 22:30 774144 -c----w- c:\program files\RngInterstitial.dll2009-10-27 22:22 . 2006-11-11 04:54 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-18 68856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-27 30192]"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]c:\documents and settings\Andy Vinson\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [2005-6-30 225280][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@=""[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\PowerTerm WebConnect 5.1\\powerterm.pstcc.edu\\ptermX.exe"="c:\\WINDOWS\\system32"="c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="c:\\WINDOWS\\SYSTEM32\\msiexec.exe"="c:\\PowerTerm WebConnect 5.6\\powerterm.pstcc.edu\\ptermX.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aim6.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Common Files\\AOL\\1138142209\\ee\\aolsoftware.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\Last.fm\\LastFM.exe"="c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"="c:\\Program Files\\NBC Direct\\StoreFrontPlayer.exe"=.Contents of the 'Scheduled Tasks' folder2010-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]2010-05-20 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-12 16:16]2004-07-01 c:\windows\Tasks\ISP signup reminder 1.job- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-03-19 00:12]2010-05-20 c:\windows\Tasks\User_Feed_Synchronization-{96A8F87C-1609-4822-9E2A-BB33302CC2EE}.job- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]..------- Supplementary Scan -------.uStart Page = about:blankuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext = iexploreuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search/?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}FF - ProfilePath - c:\documents and settings\David Vinson\Application Data\Mozilla\Firefox\Profiles\vic99eqj.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.comFF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - www.google.comFF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=FF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071504000001.dllFF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071701000002.dllFF - plugin: c:\program files\Microsoft Research\HDView for Firefox\nphdview.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dllFF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dllFF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----FF - user.js: browser.cache.memory.capacity - 16000FF - user.js: browser.chrome.favicons - falseFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.max.tokenizing.time - 3000000FF - user.js: content.maxtextrun - 4095FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 1000000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 1000000FF - user.js: dom.disable_window_status_change - trueFF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 1000FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-05-20 15:37Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'explorer.exe'(1732)c:\windows\system32\WININET.dllc:\progra~1\WINDOW~2\wmpband.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Avira\AntiVir Desktop\sched.exec:\program files\Avira\AntiVir Desktop\avguard.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exec:\program files\Avira\AntiVir Desktop\avshadow.exec:\windows\system32\nvsvc32.exec:\windows\system32\HPZipm12.exec:\windows\system32\fxssvc.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\rundll32.exe.**************************************************************************.Completion time: 2010-05-20 16:40:00 - machine was rebootedComboFix-quarantined-files.txt 2010-05-20 20:39ComboFix2.txt 2010-05-17 02:02ComboFix3.txt 2010-05-10 13:55Pre-Run: 8,860,114,944 bytes freePost-Run: 8,895,758,336 bytes freeCurrent=3 Default=3 Failed=5 LastKnownGood=6 Sets=1,2,3,5,6- - End Of File - - 43A358040A254085C5C6648B08FB29EA Link to post Share on other sites More sharing options...
Gaughin Posted May 20, 2010 Author ID:253275 Share Posted May 20, 2010 And now there's a more troubling problem; I can no longer connect to the internet with either Firefox or Internet Explorer, whether I am in safe mode or not.gaughin Link to post Share on other sites More sharing options...
Gaughin Posted May 20, 2010 Author ID:253336 Share Posted May 20, 2010 Is Windows repair an option? Or should I just try to find a reputable local person to work on it? Without any internet access, I assume I am crippled. Link to post Share on other sites More sharing options...
Maniac Posted May 21, 2010 ID:253580 Share Posted May 21, 2010 Is Windows repair an option? Or should I just try to find a reputable local person to work on it? Without any internet access, I assume I am crippled.I did not want to happen, but if you are able to do so, I strongly recommend it. Link to post Share on other sites More sharing options...
Gaughin Posted May 21, 2010 Author ID:253601 Share Posted May 21, 2010 I did not want to happen, but if you are able to do so, I strongly recommend it.Actually, for whatever reason, after I re-started the machine this morning, I could get Firefox to start. And surprisingly, I seem to consistently have 10-15% free CPU. Internet Explorer still won't open, but if you have any other fix options, I am willing to try them. I don't trust the locals.Thanksgaughin Link to post Share on other sites More sharing options...
Maniac Posted May 21, 2010 ID:253604 Share Posted May 21, 2010 Wow... perfect. IEFix not help? Link to post Share on other sites More sharing options...
Gaughin Posted May 21, 2010 Author ID:253607 Share Posted May 21, 2010 Wow... perfect. IEFix not help?Apparently not. Should I try to run it again? By the way, one strange thing happened with ComboFix; since I couldn't disable Norton, and since I had Avira running, I simply uninstalled Norton. Despite this, when ComboFix ran, it reported that Norton was running.Thanks,gaughin Link to post Share on other sites More sharing options...
Maniac Posted May 21, 2010 ID:253609 Share Posted May 21, 2010 Yes, please, run it again. Don't worry about Norton. Link to post Share on other sites More sharing options...
Gaughin Posted May 21, 2010 Author ID:253634 Share Posted May 21, 2010 Yes, please, run it again. Don't worry about Norton.iefix did not seem to respond; i hit the "run" button, and it did not respond in any way for 35 minutes. But I do have Internet Exporer running (I am typing this from within it now.) I simply downloaded a fresh version of IE8 and re-installed it. So now that IE is working, what next? I appreciate the education I am receiving from these exchanges, though I suppose you are tired of me by now. Thanks again,gaughin Link to post Share on other sites More sharing options...
Maniac Posted May 21, 2010 ID:253742 Share Posted May 21, 2010 Now, I want to know is everything okay there. Link to post Share on other sites More sharing options...
Gaughin Posted May 21, 2010 Author ID:253784 Share Posted May 21, 2010 Now, I want to know is everything okay there.No, it's not. CPU usage is still around 90-95% when in normal mode, Office software looks like it is loading, but if I try to open any file, it freezes up the entire computer, forcing a hard shut-down. IE will open in safe mode, but not in normal mode, so I still can't run windows update. Thanksgaughin Link to post Share on other sites More sharing options...
Recommended Posts