ServicePackFiles i386 services.exe

It asked me whether to run a QuickScan, c:, etc. I chose c:.



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-06 07:50:18
-----------------------------
07:50:18.453 OS Version: Windows 5.1.2600 Service Pack 3
07:50:18.453 Number of processors: 1 586 0x2701
07:50:18.453 ComputerName: YOUR-2EFBFD6E73 UserName: Owner
07:50:22.718 Initialize success
07:52:53.562 AVAST engine defs: 12090600
08:43:28.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:43:28.812 Disk 0 Vendor: ST3200827A 3.AAE Size: 190782MB BusType: 3
08:43:28.843 Disk 0 MBR read successfully
08:43:28.843 Disk 0 MBR scan
08:43:29.437 Disk 0 unknown MBR code
08:43:29.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 186567 MB offset 8626905
08:43:29.468 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4212 MB offset 63
08:43:29.484 Disk 0 scanning sectors +390716865
08:43:29.625 Disk 0 scanning C:\WINDOWS\system32\drivers
08:43:56.093 Service scanning
08:44:26.156 Modules scanning
08:44:34.250 Disk 0 trace - called modules:
08:44:34.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:44:34.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85567030]
08:44:34.281 3 CLASSPNP.SYS[f7590fd7] -> nt!IofCallDriver -> \Device\00000099[0x85557f18]
08:44:34.281 5 ACPI.sys[f73a7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8556a940]
08:44:36.171 AVAST engine scan C:\WINDOWS
08:44:46.093 AVAST engine scan C:\WINDOWS\system32
08:49:03.843 AVAST engine scan C:\WINDOWS\system32\drivers
08:49:27.000 AVAST engine scan C:\Documents and Settings\Owner.YOUR-2EFBFD6E73
09:07:23.890 AVAST engine scan C:\Documents and Settings\All Users
09:16:12.828 Scan finished successfully
09:18:42.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.YOUR-2EFBFD6E73\Desktop\MBR.dat"
09:18:42.421 The log file has been saved successfully to "C:\Documents and Settings\Owner.YOUR-2EFBFD6E73\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-07 23:00:13
-----------------------------
23:00:13.281 OS Version: Windows 5.1.2600 Service Pack 3
23:00:13.281 Number of processors: 1 586 0x2701
23:00:13.281 ComputerName: YOUR-2EFBFD6E73 UserName: Owner
23:01:28.781 Initialize success
23:03:04.359 AVAST engine defs: 12090600
23:03:35.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:03:35.296 Disk 0 Vendor: ST3200827A 3.AAE Size: 190782MB BusType: 3
23:03:35.375 Disk 0 MBR read successfully
23:03:35.375 Disk 0 MBR scan
23:03:35.843 Disk 0 unknown MBR code
23:03:35.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 186567 MB offset 8626905
23:03:35.937 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4212 MB offset 63
23:03:36.140 Disk 0 scanning sectors +390716865
23:03:36.609 Disk 0 scanning C:\WINDOWS\system32\drivers
23:05:06.546 Service scanning
23:08:11.796 Modules scanning
23:09:24.875 Disk 0 trace - called modules:
23:09:24.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
23:09:24.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8550c030]
23:09:24.906 3 CLASSPNP.SYS[f7590fd7] -> nt!IofCallDriver -> \Device\00000099[0x854e3f18]
23:09:24.906 5 ACPI.sys[f73a7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8550c940]
23:09:45.625 AVAST engine scan C:\
03:24:11.890 Scan finished successfully
08:33:32.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.YOUR-2EFBFD6E73\Desktop\MBR.dat"
08:33:32.781 The log file has been saved successfully to "C:\Documents and Settings\Owner.YOUR-2EFBFD6E73\Desktop\aswMBR.txt"

Please upload MBR.dat located on the Desktop.

If it is too difficult for you to post here, then the log can be uploaded to www.mediafire.com, which is a free cloud service that provides storage for documents, photos, etc. Please use that service to upload it, and then click on the Share button after it finishes upload and it will provide a download link. Post that in your next reply, please.

http://www.mediafire.com/?1l9o6d16xet2gdd

Did this work?

Good job!

It's clean: https://www.virustotal.com/file/0a3d320811b5eb3b7f8b0b2c5aca7625bb95dcea5b8ad0ecb8cd2c9f1fb0206a/analysis/1347289631/

Please re-run ComboFix and post a log.

http://www.mediafire.com/view/?ymzohqu27ogo24z


I don't know if it's relevant, but even with a new corded mouse, the cpu pointer keeps freezing. We can navigate somewhat by using tab, but it's beginning to take 2-4 reboots to get the mouse back.

Go to Start > Run, type the following and hit OK:

ComboFix /fixCset


It will run again. Post the log when finished please.

ComboFix Script

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::
  
  DDS::
  FF - prefs.js: network.proxy.http - 127.0.0.1
  FF - prefs.js: network.proxy.http_port - 54061

  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.
  

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

http://www.mediafire.com/?zvezzhb2xum4w3d


Re: other issues...in order of my concern (not necessarily what you'll think is most concerning)

- We've seen the blue screen of death several times in the last several days. I have not seen it yesterday or today.
- The mouse pointer still keeps freezing. I can move around the screen with tab, etc., but it takes (usually several) reboots to get it back. I've tried 3 different mouses on all the available USB ports (front and back of the CPU) to no avail. I tried my mouse on another computer and it works fine. Sometimes it happens when we're online, sometimes during word processing and sometimes when the computer is sitting idle.
- When loading Internet pages, the whole system sometimes just keeps waiting and waiting and waiting. I've given it over an hour on Google and the address bar says the right address, but the screen is white waiting for the site to load. If I go into the address bar, to the end of the address and click and then enter (I guess reloading the site?) it always loads immediately.

The speed seems much improved.
svchost.exe is no longer running at 100%. I have no idea what we did, but you ROCK!

Thank you!!!
Alicia

Upload Dump Files:

Please go to C:\Windows\Minidump and zip up the contents of the folder. Then upload/attach the .zip file with your post.

Here's how to do it:

• Left click on the first minidump file.
• Hold down the "Shift" key and left click on the last minidump file.
• Right click on the blue highlighted area and select "Send to"
• Select "Compressed (zipped) folder" and note where the folder is saved.
• Upload that .zip file with your post.

Note: If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there. If it still won't let you zip them up, post in the thread about the error so we can give further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service . I recommend www.mediafire.com or another free, file-hosting service. Then post the link to it in your topic so that we can download it.

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file).


Go Start and then to Run,
Type in: sfc /scannow
Click OK.
Have Windows CD/DVD handy.
If System File Checker (sfc) finds any errors, it may ask you for the CD/DVD.
If sfc does not find any errors in Windows XP, it will simply quit, without any message.

If you don't have Windows CD....

Go Start and then Run
type in regedit and click OK


Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

On the right hand side, find: SourcePath

It probably has an entry pointing to your CD-ROM drive, usually D and that is why it is asking for the XP CD.
All we need to do is change it to: C:
Now, double click the SourcePath setting and a new box will pop up.
Change the drive letter from your CD drive to your root drive, usually C:
Close Registry Editor.

Now restart your computer and try sfc /scannow again!

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

Minidump file attached. Off to do the rest of your instructions.

It is asking for the Windows CD. I made the change you suggested, but it still asks for the CD. Also, the mouse is freezing up more and more.

The whole system rebooted on its own. It said Windows recovered from a serious error. In clicking through to see the error, here is what was listed.

C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\WER720c.dir00\Mini091512-01.dmp
C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\WER720c.dir00\sysdata.xml

So, it will not boot, or what?

It rebooted and is working now. But, when I run the scan, it's still asking for the Windows CD.

Let's do it automated then...

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:





Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:




Go to Step 4 and under "System Restore" click on Create button:




Go to Start Repairs tab and click Start button.




Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):



Click on box next to the Restart System when Finished. Then click on Start.