[Big O]

There are/were a lot of events in both system and application right pane.

There was no AVG folder


Vino's Event Viewer v01c run on Windows XP in English
Report run at 31/12/2010 6:25:11 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Vino's Event Viewer v01c run on Windows XP in English
Report run at 31/12/2010 6:27:02 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Advertisements]

But were there any with recent dates?

I wonder if Avira would have more luck with updates. You might try uninstalling avast and installing the free version of Avira:
http://www.avira.com...-free-antivirus

I'm going to be off-line for the next two days. Have to drive up to NC and back.

Ron

[RKinner]

But were there any with recent dates?

I wonder if Avira would have more luck with updates. You might try uninstalling avast and installing the free version of Avira:
http://www.avira.com...-free-antivirus

I'm going to be off-line for the next two days. Have to drive up to NC and back.

Ron

[Big O]

I should have looked better, I know there some from this month but not sure what day they were.

I will give the other program a go and see how it goes.

I hope your travels go smoothly and I will await your return, the wife will appreciate my attention spent on other things instead of the computer over the next couple days anyways haha.

Safe travels

[Big O]

I was able to download and install Avira, it did a scan and found nothing. I then tried to update the program and it seemed to work just fine although it said I had the most up to date database after scanning for a few seconds.

[RKinner]

I guess we can wait a day or two and see if avira updates. I haven't used Avira in a long time but there should be some way to determine the date of the current database update. You need to register for this one too or it will give you a nag screen at every boot.

Just got back. 1280 miles RT. Going to bed now. Exhausted.

[Big O]

Holy crap! A rest well deserved

[RKinner]

The trip was good practice in a way. In a week or two I will be driving from FL to Orcas Island in Washington state. Circa 3700 miles if I take the southern route to avoid the snow. Luckily there won't be a time constraint this time and I can stop and see friends and relatives along the way.

Download, save and run

AppRemover from

http://www.appremover.com/

Click Next twice and after a short pause you will get a list of installed products. Check anything that is not Avira and remove it.

Reboot

Run AppRemover again and this time check the Clean up a Failed Uninstall before hitting the second Next. Remove anything that is not Avira.

Try Combofix again.

Ron

[Big O]

Found three programs, Avast, Avira, and Malwarebytes

Uninstalling the two as requested

[Big O]

No programs the 'clean'

Running combofix, let it update, still says avg is active scanning, seemed to work better but then froze at scanning screen, mouse wont even move, will let it run for a bit to see if it just needs time.


Let it run for a full 30 minutes with no change and still froze up.

Edited by Big O, 03 January 2011 - 09:14 PM.

[Big O]

Thats an insane trip man, I'm from Wy and my father has a winter home in FL and that drive is something I wouldn't want to do. I've drove from WY to Seattle, and that drive isn't something I would want to do again. There is no way in heck that I would drive from FL to WA, you are a trooper.

[RKinner]

I made the trip back in November. Took the northern route and stopped in KY and NC to visit friends and family and took about 10 days. Wasn't too bad but the after the 3rd day my dog didn't want to get back into the car.

Got a new program for you to run. Comes with these pretty instructions. They say to remove all but you can leave avira:

We need to temporarily remove your Anti-Virus, as it interfere with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceeding

Download AppRemover and run it.

Click Next >>



Ensure "Remove Security Application" is collected and click Next >>



AppRemover will scan all the security applications on your PC


Select Any [<<Application Name>> entries from the applications offered and click Next >> twice.


Follow any further on-screen instructions. If asked to reboot, please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

I'd run it a second time and check Clean up A Failed Uninstall and get rid of everything it finds except Avira.

Then try combofix again.

[Big O]

Yeah I did that with your last suggestion (looks the same to me anyways). No avg found and when I did the clean up uninstalls, it didn't show anything when scanned.

This program removed malwarebytes and avast, then rebooted, then did cleanup uninstall, then combofix which froze up

[RKinner]

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. What do you see in the top 5 and what percentage does each use. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:

• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Ron

[Big O]

System Idle was 98% and then Process Explorer was .7% and services.exe was .7%


Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 97.69 0 K 28 K
procexp.exe 3824 1.54 10,568 K 15,636 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
services.exe 940 0.77 1,796 K 3,580 K Services and Controller app Microsoft Corporation
wuauclt.exe 2496 2,276 K 4,392 K Windows Update Microsoft Corporation
wmiprvse.exe 1364 2,460 K 5,036 K WMI Microsoft Corporation
winlogon.exe 896 8,000 K 6,072 K Windows NT Logon Application Microsoft Corporation
wcescomm.exe 420 1,436 K 5,160 K ActiveSync Connection Manager Microsoft Corporation
System 4 0 K 236 K
svchost.exe 1220 25,500 K 37,500 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1132 3,256 K 5,468 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1180 1,968 K 4,736 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1376 1,380 K 3,724 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1404 7,276 K 10,320 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 232 1,220 K 3,456 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1776 2,476 K 4,468 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2360 1,636 K 3,612 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1632 3,516 K 5,468 K Spooler SubSystem App Microsoft Corporation
smss.exe 824 172 K 416 K Windows NT Session Manager Microsoft Corporation
sched.exe 1700 4,408 K 1,236 K Antivirus Scheduler Avira GmbH
rapimgr.exe 772 2,468 K 5,292 K ActiveSync RAPI Manager Microsoft Corporation
QBCFMonitorService.exe 1248 10,792 K 8,784 K QuickBooks Company File Monitoring Service Intuit
PhxVtSvr.exe 536 252 K 1,048 K Phoenix Vault Service Application Phoenix Technologies Ltd.
PhxPsSvr.exe 468 296 K 1,092 K Phoenix NT Service Application Phoenix Technologies Ltd.
msnmsgr.exe 388 17,424 K 5,056 K Windows Live Messenger Microsoft Corporation
msmsgs.exe 412 1,520 K 2,444 K Windows Messenger Microsoft Corporation
MDM.EXE 176 1,016 K 3,292 K Machine Debug Manager Microsoft Corporation
lsass.exe 952 3,908 K 700 K LSA Shell (Export Version) Microsoft Corporation
LinksysAgent.exe 396 16,036 K 20,968 K Linksys EasyLink Advisor Linksys, a Division of Cisco Systems, Inc.
Interrupts n/a 0 K 0 K Hardware Interrupts
iexplore.exe 452 59,644 K 72,964 K Internet Explorer Microsoft Corporation
iexplore.exe 3456 12,140 K 3,880 K Internet Explorer Microsoft Corporation
HPZipm12.exe 792 780 K 2,244 K PML Driver HP
hpqtra08.exe 540 9,724 K 15,876 K HP Digital Imaging Monitor Hewlett-Packard Development Company, L.P.
hpqste08.exe 2316 15,816 K 21,256 K HP CUE Status Hewlett-Packard Development Company, L.P.
hpqimzone.exe 860 18,864 K 7,104 K HP Photosmart Premier Hewlett-Packard Development Company, L.P.
explorer.exe 1948 25,740 K 34,492 K Windows Explorer Microsoft Corporation
DPCs n/a 0 K 0 K Deferred Procedure Calls
ctfmon.exe 380 976 K 3,952 K CTF Loader Microsoft Corporation
csrss.exe 872 1,916 K 4,596 K Client Server Runtime Process Microsoft Corporation
avshadow.exe 2120 652 K 2,852 K AntiVir shadow copy service Avira GmbH
avguard.exe 1852 85,692 K 18,928 K Antivirus On-Access Service Avira GmbH
avgnt.exe 368 4,764 K 2,456 K Antivirus System Tray Tool Avira GmbH
AppleMobileDeviceService.exe 1764 1,636 K 2,224 K Apple Mobile Device Service Apple, Inc.
alg.exe 3092 1,232 K 3,752 K Application Layer Gateway Service Microsoft Corporation

[Big O]

Vino's Event Viewer v01c run on Windows XP in English
Report run at 04/01/2011 9:32:16 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/01/2011 8:11:38 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 03/01/2011 8:11:38 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 03/01/2011 7:04:59 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 03/01/2011 7:04:59 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/01/2011 8:03:20 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.