Help - Hijack Log Included

[Blubyu]

First - let me say thank you for all of your patience and assistance. I am very grateful. I was finally able to download Windows defender and also open the Malicious Software Removal Tool. However I cannot run any of the spyware tools. When I start them, my computer just shuts down completly. I was able to get my computer to start in safe boot - by disconnecting from the internet and doing the F8 method. The DOS info that I am referring to comes up after I select SAFE MODE then a screen comes up asking me to select my system, there is only one system listed and it says something like "Windows Operating System" after I hit enter on that, then I get the whole screen of DOS info - each line starts out the same way - something like disk (0)rdisk(0)partition(1)\windows\system32\drivers\ (there is some other stuff too) each line ends with a different driver file name - the first file is - 1394BUS.SYS. I saw that 1394 once when I was in control panel under Network Connections - there were two connections listed, my LAN and a connection called 1394. I'm not sure what that 1394 is, I do have a linksys router (for my sons X-Box Online) I thought that 1394 Network Connection might be for that. do you know? I'm at work now but last night I did write down all of the DOS lines that come up when I'm enetering SAF MODE (it took that long to go past that screen), but I don't have the list with me. When it finally did start windows, it showed 3 users, myself, my husband and a user called "Administrator" I have never set up a user called "Administrator" and did not know what it was, so I clicked on that user . . . my computer shut off immediately. So I waited a few minutes and was able to bring up SAFE MODE again, this time I selected myself and the system came up. When I clicked on the ATF cleanup it came up for just a second and then . . .my computer shut down again.
Once when I had run Norton password security check it had told me that there were three users with weak passwords - my two sons and "Administrator". I wondered then, who was this Administrator? I looked everywhere I could think of in my system, Administrator is not listed in the control panel under "USERS" and I could not find it anywhere else. The first time I ever saw it was when I went into SAFE MODE. Is that supposed to be there, or is that where the virus is controlling my computer from? Once when I went into SAFE MODE under MY user profile - I went to the control panel and cliked on "Users" and my computer immediately shut down. I'm wondering if this Administrator" and that "1394 Network Connection" are what is preventing me from running any of the scans on my computer. As long as I don't try to run any virus scans, I cna work in my computer normally. What do you think?

[jholland1964]

I select SAFE MODE then a screen comes up asking me to select my system, there is only one system listed and it says something like "Windows Operating System"

Perfectly normal. This is the way all computers are set up...if you have more than one operating system on the computer, and many do, it will show them all and you choose which one you want to boot in Safe Mode

the DOS info that I am referring to comes up after I select SAFE MODE then a screen comes up asking me to select my system, there is only one system listed and it says something like "Windows Operating System" after I hit enter on that, then I get the whole screen of DOS info - each line starts out the same way -

It just shows a bunch of dos info and stays there

It really IS loading, just looks like it is staying there you just had to give it time.
This is exactly what is supposed to happen. It is showing you everything that the computer must load in order to boot. You can throw out the list you made, all of these items should have show during a safe boot. They all actually always run during boot up but what you normally would see during that time would be the Windows logo

the first file is - 1394BUS.SYS.

This is your Microsoft Network Driver and it is a necessary file. You should be worried if you didn't see it.
This 1394 Network Connection file has absolutely nothing to do with your inability to run any of these scans that I can think of. It has to do with your internet connections and set up and is totally necessary and absolutely has to be there.

When it finally did start windows, it showed 3 users, myself, my husband and a user called "Administrator" I have never set up a user called "Administrator"

Administrator is built in on ALL computers. The computer administrator account is intended for someone who can make systemwide changes to the computer, install programs, and access all files on the computer. Only a user with computer administrator account has full access to other user accounts on the computer. This user:
•Can create and delete user accounts on the computer.
•Can create account passwords for other user accounts on the computer.
•Can change other people's account names, pictures, passwords, and account types.
•Cannot change his or her own account type to a limited account type unless there is at least one other user with a computer administrator account type on the computer. This ensures that there is always at least one user with a computer administrator account on the computer. Running Windows 2000 or Windows XP as an administrator makes the system vulnerable to Trojan horses and other security risks. The simple act of visiting an Internet site can be extremely damaging to the system. An unfamiliar Internet site may have Trojan horse code that can be downloaded to the system and executed. If you are logged on with administrator privileges, a Trojan horse could do things like reformat your hard drive, delete all your files, create a new user account with administrative access, and so on.

You should add yourself to the Users or Power Users group, which you or your husband has obviously done since you are both listed there. Whoever actually set everything up when you got the computer is probably the Administrator. When you log on as a member of the Users group, you can perform routine tasks, including running programs and visiting Internet sites, without exposing your computer to unnecessary risk. As a member of the Power Users group, you can perform routine tasks and you can also install programs, add printers, and use most Control Panel items. If you need to perform administrative tasks, such as upgrading the operating system or configuring system parameters, then log off and log back on as an administrator.

I'm wondering if this Administrator" and that "1394 Network Connection" are what is preventing me from running any of the scans on my computer. As long as I don't try to run any virus scans, I cna work in my computer normally. What do you think?

Absolutely not. Honestly? Right now, with the small amount of RAM you are showing I think part of the problem may be this Norton Program you have on the machine. Is this a Norton Security Suite program...with anti-virus, firewall, etc.? It just sounds to me like it may be too much for the computer.
Your HiJackThis log is a very odd looking log...you only show 4 programs loading with the Start Up and in Services which are also auto start items you have 6 Symantec or Norton Services loading, a Phoenix FailSafe Program along with some others. Three of the Symantec starters have missing files. I really don't see anything bad in your HJT log but I am questioning the problem as stemming from the Norton, either it is too large OR because some of it's files are missing it is causing these problems. I cannot say absolutely that this is the problem but it is possible.
Why don't you see if you can Uninstall the Norton Program...entirely..by going through the list in Add/Remove. There will be several. Uninstall them all. Then do a file search on the computer using Start, Search, Files and Folders...first search for Symantec. Delete everything found. Then do the same for Norton and delete everything found.

Now one other thing to consider is overheating. I have found this mentioned on numerous sites concerning laptops and the use of Norton on them. Because Norton IS somewhat of a resource hog and therefore the computer must work hard to run it and therefore gets very warm. One suggestion was to do the following; vacuum the intake vent above the cpu. You can also try to blow out the vents. If you can open the case then do so and blow out the dust there also.

Try these suggestions and let me know.
Judy

[Blubyu]

The computer started having these problems BEFORE I bought the Norton. It is Norton 360 and I bought it off their web site. So, should I still delete the Norton? I only bought it because of the problems I was having with the computer shutting down from time to time. Spybot was already on my computer and I tried to run it . . .and my computer would shut down. I am going to run a new Hijack this log and post it for you to look at.

[jholland1964]

Tell you what, the more you tell me the more it sounds like a heat problem or at least a hardware problem. Especially since you say you had it BEFORE you installed Norton.
Have you tried the "dusting" I mentioned in my post above your last one? How old is this computer? Can you hear the fan running when you use it?