1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Boot up EXTREMELY slow, cant even work it is so slow

Discussion in 'Virus & Other Malware Removal' started by jpopescu, May 6, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. jpopescu

    jpopescu Thread Starter

    Joined:
    May 18, 2005
    Messages:
    338
    I believe I have some sort of virus as all of a sudden my boot up to even get to a state that I could try to get to a website is very very slow....took me about 20 minutes to even get to this point to post....

    along the way, while trying to open a browser I recieved a NORTON 360 "virus blocked alert" that stated the risk name of "HTTPS Tidserv Request 2" hat was successfully blocked.....

    Yesterday while trying to shut down I recieved an "ICIBAI.exe" Encountered a problem and needs to close

    I also noticed prior to that when I pressed control, Alt, delete listed in my programs running was something called "LSASS.exe"...dont know what that is...there were other programs listed in there as well that I am not aware of and really didnt look like they belonged.....

    and one final item....when booting after this issue occured....(I have shut down and rebooted in an attempt to see if the problem went away....) I have gotten a "Windows Installer" message that then opens up a box for my printer that states "HP Photoshop Essential"...this takes about 25 minutes to finally get up and then gets to another box that states "The feature you are trying to use is on a CD-Rom or other disk that is not available, insert the HPPHOTOSMARTESSENTIAL" disk and press ok"......since that is now open I am going to insert that disk and press ok...

    Hijact this log is below

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:00:02 PM, on 5/5/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\WINDOWS\System32\MsiExec.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnbc.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
    O4 - HKLM\..\Run: [22686] C:\DOCUME~1\JOHNW~1.POP\LOCALS~1\Temp\lcibai.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: http://my.monster.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
    O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - http://products.swiftview.com/install.html?id=sv8/3_IN_1_CAB&ctx=&ref=#Version=5,3,4,0
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} (CMMHost Object) - https://na1.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
    O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fv373.cab
    O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://curaspan.webex.com/client/T26L/webex/ieatgpc.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

    --
    End of file - 12848 bytes
     
  2. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hello & Welcome to TechSupportGuy

    Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

    In the meantime please note the following:
    • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
    • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
      1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
      2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
    • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
    • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
    Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
    If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Thanks

    DDS
    Download DDS.scr by sUBs from one of the following links & save it to your desktop.
    Link 1
    Link 2
    • Double-Click on dds.scr and a command window will appear. This is normal
    • Shortly after two logs will appear, DDS.txt & Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
    Gmer
    Download GMER Rootkit Scanner from here & save it to your desktop.
    • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
    • Save it where you can easily find it, such as your desktop, and post it in reply
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Do not run any programs while Gmer is running.

    NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
    • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
    • Double click the gmer.exe file
    • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
    • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply


    To post in next reply:
    Contents of DDS log
    Contents of Attach.txt
    Contents of Gmer log
     
  3. jpopescu

    jpopescu Thread Starter

    Joined:
    May 18, 2005
    Messages:
    338
    thanks for your assistance, back in town an ready to roll on this.......below are the items you requested
    sending thef first two files you requested as the GMER is still running, will send tomorrow when I wake up


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by John W. Popescu at 21:36:58.85 on Fri 05/07/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.272 [GMT -7:00]

    AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\vssvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Documents and Settings\John W. Popescu\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.cnbc.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    mWinlogon: Userinit=c:\windows\system32\Userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
    TB: {1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
    mRun: [22686] c:\docume~1\johnw~1.pop\locals~1\temp\lcibai.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [pjlueglt] c:\documents and settings\john w. popescu\local settings\application data\vpjnsmfdb\loudrvltssd.exe
    dRun: [pjlueglt] c:\documents and settings\john w. popescu\local settings\application data\vpjnsmfdb\loudrvltssd.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: monster.com\my
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
    DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} - hxxp://www.winkflash.com/photo/loaders/SAXFile.cab
    DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
    DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
    DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} - hxxp://products.swiftview.com/install.html?id=sv8/3_IN_1_CAB&ctx=&ref=#Version=5,3,4,0
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} - hxxps://na1.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
    DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
    DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
    DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - hxxp://www.flipviewer.com/exe/fv373.cab
    DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} - hxxp://www.umediaserver.net/bin/UMediaControl4.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://curaspan.webex.com/client/T26L/webex/ieatgpc.cab
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\johnw~1.pop\applic~1\mozilla\firefox\profiles\pgbbhoo6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.cnbc.com/
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
    FF - plugin: c:\documents and settings\john w. popescu\application data\mozilla\plugins\npPxPlay.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-3 310320]
    R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [2003-8-1 29239]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-3 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-3 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100505.001\IDSXpx86.sys [2010-5-7 329592]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-4-17 25824]
    R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-3 117640]
    R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2005-9-5 14976]
    R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2004-12-30 853504]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-7 102448]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100507.032\NAVENG.SYS [2010-5-7 84912]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100507.032\NAVEX15.SYS [2010-5-7 1324720]
    S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2001-2-18 9312]
    S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\drivers\olcamudp.sys [2004-4-11 10379]

    =============== Created Last 30 ================

    2010-05-07 01:04:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-05-05 17:28:16 912 ----a-w- c:\windows\system32\miniPortInfo.dat
    2010-05-04 21:54:12 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2010-05-04 21:54:12 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
    2010-05-04 21:50:42 66591 -c--a-w- c:\windows\system32\dllcache\el90xbc5.sys
    2010-05-04 21:50:42 66591 ----a-w- c:\windows\system32\drivers\el90xbc5.sys
    2010-05-04 21:49:22 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
    2010-05-04 21:49:22 8192 ----a-w- c:\windows\system32\drivers\changer.sys
    2010-05-04 21:46:30 182784 ----a-w- c:\windows\system32\regedit.exe
    2010-05-01 23:16:29 256 ----a-w- c:\documents and settings\john w. popescu\pool.bin
    2010-04-21 16:29:47 77380 ----a-w- c:\windows\hpqins05.dat

    ==================== Find3M ====================

    2010-04-05 06:36:50 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-17 16:10:28 2189952 ------w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33:11 100864 ------w- c:\windows\system32\6to4svc.dll
    2006-06-21 00:06:56 5287488 ------w- c:\program files\common files\MDAC_TYP.EXE
    2008-09-18 05:11:46 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat

    ============= FINISH: 21:39:46.02 ===============






    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/10/2005 4:47:30 PM
    System Uptime: 5/7/2010 12:17:55 AM (21 hours ago)

    Motherboard: Dell Computer Corp. | | 0W2562
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 112 GiB total, 4.092 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()
    G: is FIXED (NTFS) - 466 GiB total, 405.706 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
    Description: Photosmart C309a series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: C309a,192.168.1.103
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart C309a series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C309a series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:

    ==== System Restore Points ===================

    RP1648: 3/12/2010 10:41:39 AM - System Checkpoint
    RP1649: 3/13/2010 2:39:18 PM - System Checkpoint
    RP1650: 3/15/2010 10:35:46 AM - System Checkpoint
    RP1651: 3/16/2010 11:06:58 AM - System Checkpoint
    RP1652: 3/17/2010 2:19:47 PM - System Checkpoint
    RP1653: 3/18/2010 3:21:11 PM - System Checkpoint
    RP1654: 3/21/2010 1:26:42 PM - System Checkpoint
    RP1655: 3/22/2010 2:04:08 PM - System Checkpoint
    RP1656: 3/23/2010 3:35:43 PM - System Checkpoint
    RP1657: 3/31/2010 2:44:54 PM - Software Distribution Service 3.0
    RP1658: 4/4/2010 3:02:03 PM - System Checkpoint
    RP1659: 4/4/2010 11:35:15 PM - Removed Java(TM) 6 Update 12
    RP1660: 4/4/2010 11:36:20 PM - Installed Java(TM) 6 Update 19
    RP1661: 4/6/2010 9:37:24 PM - System Checkpoint
    RP1662: 4/8/2010 2:02:40 PM - System Checkpoint
    RP1663: 4/9/2010 3:20:05 PM - System Checkpoint
    RP1664: 4/10/2010 7:47:24 PM - System Checkpoint
    RP1665: 4/11/2010 8:04:04 PM - System Checkpoint
    RP1666: 4/14/2010 1:17:45 PM - System Checkpoint
    RP1667: 4/14/2010 4:18:34 PM - Software Distribution Service 3.0
    RP1668: 4/15/2010 6:15:01 PM - System Checkpoint
    RP1669: 4/16/2010 8:40:01 PM - System Checkpoint
    RP1670: 4/19/2010 1:19:30 PM - System Checkpoint
    RP1671: 4/20/2010 5:27:22 PM - System Checkpoint
    RP1672: 4/21/2010 9:29:18 AM - Installed MSVCSetup
    RP1673: 4/25/2010 12:02:15 PM - System Checkpoint
    RP1674: 4/26/2010 1:12:33 PM - System Checkpoint
    RP1675: 4/28/2010 4:45:44 PM - System Checkpoint
    RP1676: 4/30/2010 12:40:32 PM - System Checkpoint
    RP1677: 5/1/2010 1:55:01 PM - System Checkpoint
    RP1678: 5/1/2010 3:46:25 PM - Installed BlackBerry Device Software Updater.
    RP1679: 5/2/2010 4:03:07 PM - System Checkpoint
    RP1680: 5/4/2010 1:45:40 PM - System Checkpoint
    RP1681: 5/6/2010 3:46:02 PM - System Checkpoint

    ==== Installed Programs ======================


    2003 Hospital Blue Book
    32 Bit HP CIO Components Installer
    Acrobat.com
    Ad-Aware SE Personal
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1.1
    Amazon MP3 Downloader 1.0.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Control Panel
    ATI Display Driver
    Audacity 1.2.6
    AutoUpdate
    Banctec Service Agreement
    BlackBerry Desktop Software 4.3
    BlackBerry Device Software Updater
    Bonjour
    Boris Graffiti
    BounceBack Express
    BufferChm
    C309a
    CCleaner (remove only)
    Chris Moneymakers World Poker Championship (remove only)
    Command & Conquer Generals
    Compatibility Pack for the 2007 Office system
    Conexant SmartHSFi V.9x 56K DF PCI Modem
    Cox Online Support Controls
    Creative DVD Audio Plugin for Audigy Series
    Creative MediaSource
    Critical Update for Windows Media Player 11 (KB959772)
    CustomerResearchQFolder
    Dell Digital Jukebox Driver
    Dell Media Experience
    Dell Networking Guide
    Dell Solution Center
    Dell Support Center (Support Software)
    DellSupport
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    Digital Line Detect
    DivX
    DivX Player
    DocProc
    DocProcQFolder
    DVD X Copy Platinum RF 4.0.4
    DVD X Rescue
    DVDneXtCOPY
    DVDSentry
    eSupportQFolder
    Fax
    Full Tilt Poker
    GearDrvs
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
    GoToMeeting 4.0.0.320
    GPBaseService2
    Help and Support Customization
    Hijackthis 1.99.1
    HijackThis 2.0.2
    Hollywood FX 5.5 Additional Effects
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    HP Customer Participation Program 12.0
    HP Imaging Device Functions 12.0
    HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
    HP Photosmart Essential 3.5
    HP Smart Web Printing
    HP Solution Center 13.0
    HP Update
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    Image Resizer Powertoy for Windows XP
    ImageMixer VCD/DVD2 for OLYMPUS
    InstallMgr
    InstantCopy
    Intel A/V Codecs V2.0
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet
    InterActual Player
    Internet Explorer Default Page
    InterVideo WinDVD 7
    iPod Access for Windows v2.9.2
    iPod for Windows
    iPod for Windows 2005-03-23
    iPod Updater 2004-08-06
    iPod Updater 2004-11-15
    iTunes
    J2SE Runtime Environment 5.0 Update 9
    Jasc Paint Shop Photo Album
    Jasc Paint Shop Pro 9
    Jasc Paint Shop Pro 9.01 - (9.0.1.1)
    Java Auto Updater
    Java(TM) 6 Update 19
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Kaspersky On-line Scanner
    LiveUpdate Notice (Symantec Corporation)
    Magic Bullet Looks Studio
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync 3.7
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Small Business Edition 2003
    Microsoft Office Sounds
    Microsoft Outlook Personal Folders Backup
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server Desktop Engine (PINNACLESYS)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Video Email add-in for Outlook 2003
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Journal Viewer
    Modem Helper
    Mozilla Firefox (3.6)
    MSN Money Investment Toolbox
    MSN Music Assistant
    MSN Toolbar
    MSVCSetup
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MUSICMATCH® Jukebox
    Nero 6 Ultra Edition
    NeroMIX
    NetWaiting
    Network
    Norton 360
    OCR Software by I.R.I.S. 12.0
    OLYMPUS Master
    Panda ActiveScan
    Photodex Presenter
    Picasa 3
    Pinnacle Hollywood FX 5
    Pinnacle Hollywood FX for Studio
    Pinnacle Hollywood FX Pack - Extra FX
    Pinnacle Instant DVD Recorder
    Pinnacle Studio 12
    Pinnacle Studio 12 Ultimate Plugins
    Pinnacle Video Driver
    Pivot Software
    PokerStars
    PowerDVD
    PowerPlugs: Music for PowerPoint
    PowerPlugs: PhotoActive FX
    Print Server Driver
    proDAD Heroglyph 1.0
    proDAD Heroglyph 2.5
    proDAD Vitascene 1.0
    PS_AIO_05_C309_Software_Min
    PushpinTool
    QuickTime
    RealPlayer
    RegCure 1.5.2.7
    Roxio Media Manager
    Salesforce Office Edition
    Scan
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    Shockwave
    Shop for HP Supplies
    SmartSound Quicktracks Plugin
    Smilebox
    SolutionCenter
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    SonicStage
    Sound Blaster Audigy 2
    SoundFont Bank Manager
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy 1.3
    SpywareBlaster v3.4
    Status
    Streaming Media Viewer
    Studio 10 Bonus DVD
    Studio 9
    Studio 9 Content CD/DVD
    Studio 9.4 Patch
    SureThing CD Labeler - Stomper Edition 32 bit
    SureThing CD Labeler SE - Sonic
    SwiftView Viewer
    The Print Shop® 6.0
    TiVo Desktop
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VERITAS Simple Backup
    WD Anywhere Backup
    WebEx
    WebFldrs XP
    WebReg
    Winamp (remove only)
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 9 Hotfix [See KB885492 for more information]
    Windows XP Service Pack 3
    WordPerfect Office 11
    World Series of Poker 2008: Battle for the Bracelets
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    5/7/2010 12:23:47 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
    5/6/2010 5:09:54 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
    5/6/2010 5:09:34 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    5/6/2010 5:09:30 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 1 time(s).
    5/6/2010 5:09:30 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    5/6/2010 10:30:07 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/6/2010 10:30:06 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    5/5/2010 2:47:04 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
    5/5/2010 2:46:27 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
    5/5/2010 11:33:05 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    5/5/2010 11:32:38 AM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
    5/5/2010 11:32:38 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
    5/5/2010 11:32:32 AM, error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).
    5/5/2010 10:47:38 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    5/5/2010 10:29:00 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    5/5/2010 10:29:00 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    5/4/2010 3:01:18 PM, error: Service Control Manager [7000] - The Windows Driver Foundation - User-mode Driver Framework Reflector service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:01:17 PM, error: Service Control Manager [7000] - The Windows Driver Foundation - User-mode Driver Framework Platform Driver service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:01:15 PM, error: Service Control Manager [7000] - The World Standard Teletext Codec service failed to start due to the following error: Access is denied.
    5/4/2010 3:01:07 PM, error: Service Control Manager [7000] - The WAN Miniport (ATW) service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:01:07 PM, error: Service Control Manager [7000] - The USB Video Device (WDM) service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:01:06 PM, error: Service Control Manager [7000] - The USB Mass Storage Driver service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:01:05 PM, error: Service Control Manager [7000] - The USB Scanner Driver service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:01:04 PM, error: Service Control Manager [7000] - The Microsoft USB PRINTER Class service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:01:03 PM, error: Service Control Manager [7000] - The Microsoft USB Generic Parent Driver service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:00:50 PM, error: Service Control Manager [7000] - The Symantec Network Security Intermediate Filter Service service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:00:49 PM, error: Service Control Manager [7000] - The Microsoft Kernel GS Wavetable Synthesizer service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:00:48 PM, error: Service Control Manager [7000] - The BDA IPSink service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:00:47 PM, error: Service Control Manager [7000] - The Still Serial Digital Camera Driver service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:00:44 PM, error: Service Control Manager [7000] - The Microsoft Kernel Audio Splitter service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:00:43 PM, error: Service Control Manager [7000] - The BDA Slip De-Framer service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:00:39 PM, error: Service Control Manager [7000] - The BlackBerry Smartphone service failed to start due to the following error: Access is denied.
    5/4/2010 3:00:28 PM, error: Service Control Manager [7000] - The Terminal Server Device Redirector Driver service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 3:00:26 PM, error: Service Control Manager [7000] - The Processor Driver service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:56:40 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file p3.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    5/4/2010 2:56:40 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\p3.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    5/4/2010 2:56:28 PM, error: Service Control Manager [7000] - The Intel PentiumIII Processor Driver service failed to start due to the following error: The specified driver is invalid.
    5/4/2010 2:55:48 PM, error: Service Control Manager [7000] - The OLYMPUS Digital Camera service failed to start due to the following error: Access is denied.
    5/4/2010 2:55:03 PM, error: Service Control Manager [7000] - The IPX Traffic Filter Driver service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:54:55 PM, error: Service Control Manager [7000] - The 1394 Net Driver service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:54:54 PM, error: Service Control Manager [7000] - The Microsoft TV/Video Connection service failed to start due to the following error: Access is denied.
    5/4/2010 2:54:53 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ndisip.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.0.900.
    5/4/2010 2:54:35 PM, error: Service Control Manager [7000] - The NABTS/FEC VBI Codec service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:54:33 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mspqm.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    5/4/2010 2:54:33 PM, error: Service Control Manager [7000] - The Microsoft Streaming Tee/Sink-to-Sink Converter service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:54:31 PM, error: Service Control Manager [7000] - The Microsoft Streaming Quality Manager Proxy service failed to start due to the following error: Access is denied.
    5/4/2010 2:54:14 PM, information: Windows File Protection [64004] - The protected system file lbrtfdc.sys could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x00000000 [The operation completed successfully. ].
    5/4/2010 2:54:14 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mspclock.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.0.900.
    5/4/2010 2:54:14 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file lbrtfdc.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.10.1.0.
    5/4/2010 2:54:12 PM, error: Service Control Manager [7000] - The Microsoft Streaming Clock Proxy service failed to start due to the following error: Access is denied.
    5/4/2010 2:53:54 PM, error: Service Control Manager [7000] - The Microsoft Streaming Service Proxy service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:53:53 PM, error: Service Control Manager [7000] - The Microsoft DV Camera and VCR service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:53:52 PM, information: Windows File Protection [64003] - File replacement was attempted on the protected system file lbrtfdc.sys. This file was restored to the original version to maintain system stability. The file version of the bad file is unknown.
    5/4/2010 2:53:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file kbdhid.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    5/4/2010 2:53:01 PM, error: Service Control Manager [7000] - The IR Enumerator Service service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:52:59 PM, error: Service Control Manager [7000] - The IP in IP Tunnel Driver service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:52:57 PM, error: Service Control Manager [7000] - The IP Traffic Filter Driver service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:52:56 PM, error: Service Control Manager [7003] - The IPv6 Windows Firewall Driver service depends on the following nonexistent service: Tcpip6
    5/4/2010 2:52:55 PM, error: Service Control Manager [7000] - The Intel PC Camera Pro service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:52:53 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file watv04nt.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.13.1.3198.
    5/4/2010 2:52:42 PM, information: Windows File Protection [64004] - The protected system file watv01nt.sys could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x00000000 [The operation completed successfully. ].
    5/4/2010 2:52:42 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file watv01nt.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.13.1.3198.
    5/4/2010 2:52:31 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file wvchntxx.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.13.1.3198.
    5/4/2010 2:51:29 PM, error: Service Control Manager [7000] - The USB to IEEE-1284.4 Translation Driver HPZius12 service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:51:18 PM, error: Service Control Manager [7000] - The Print Class Driver for IEEE-1284.4 HPZipr12 service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:51:04 PM, error: Service Control Manager [7000] - The IEEE-1284.4 Driver HPZid412 service failed to start due to the following error: Access is denied.
    5/4/2010 2:50:48 PM, error: Service Control Manager [7000] - The %usbscan.SvcDesc% service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:50:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file el90xbc5.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 4.5.0.0.
    5/4/2010 2:50:39 PM, error: Service Control Manager [7000] - The Linksys Wireless-B USB Network Adapter v2.8 Driver service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:50:38 PM, error: Service Control Manager [7000] - The 3Com EtherLink XL 90XB/C Adapter Driver service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:50:17 PM, error: Service Control Manager [7000] - The DSproct service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:49:45 PM, error: Service Control Manager [7000] - The Microsoft Kernel DRM Audio Descrambler service failed to start due to the following error: The system cannot find the file specified.
    5/4/2010 2:49:44 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file dmusic.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    5/4/2010 2:49:43 PM, error: Service Control Manager [7000] - The Microsoft Kernel DLS Syntheiszer service failed to start due to the following error: Access is denied.
    5/4/2010 2:49:35 PM, error: Service Control Manager [7000] - The Creative DVD-Audio Device Driver service failed to start due to the following error: Access is denied.
    5/4/2010 2:49:34 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file changer.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    5/4/2010 2:49:19 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ccdecode.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.0.900.
    5/4/2010 2:49:18 PM, error: Service Control Manager [7000] - The Closed Caption Decoder service failed to start due to the following error: Access is denied.
    5/4/2010 2:49:11 PM, error: Service Control Manager [7000] - The bvrp_pci service failed to start due to the following error: Access is denied.
    5/4/2010 2:49:04 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file avc.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    5/4/2010 2:49:00 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file atmarpc.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    5/4/2010 2:49:00 PM, error: Service Control Manager [7000] - The AVC Device service failed to start due to the following error: Access is denied.
    5/4/2010 2:48:44 PM, error: Service Control Manager [7000] - The ATM ARP Client Protocol service failed to start due to the following error: Access is denied.
    5/4/2010 2:48:17 PM, error: Service Control Manager [7000] - The 1394 ARP Client Protocol service failed to start due to the following error: Access is denied.
    5/4/2010 2:47:55 PM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: Access is denied.
    5/4/2010 2:47:48 PM, error: Service Control Manager [7000] - The 61883 Unit Device service failed to start due to the following error: The system cannot find the file specified.

    ==== End Of File ===========================
     
  4. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    OK... no problem
     
  5. jpopescu

    jpopescu Thread Starter

    Joined:
    May 18, 2005
    Messages:
    338
    well, not really the thing I wanted to see on the computer upon waking up today.....a BLUE SCREEN with the message "A problem has been detected......" the issue noted was "PAGE_FAULT_IN_NONPAGED_AREA" the only manner I could shut it down was to press and hold the power key...the computer powered down, shut off and is sitting in the other room as I am writing this message on our other (slow) computer......

    I will await a reply but if I must try and use that computer I will need to turn it on and see if I could get to a deskop,.....that is unless you reply first and tell me what to do....

    some other items to note......the first time I ran the GMER program it seemed to be running ok but then stopped with a message of "l1orbk9s.exe encountered a problem" when I clicked "ok" the dialog box went away and the GMER program I think was closed....I opened it up again, and then started this second scan that seemed to be running for 2 - 3 hours prior to me finally going to bed......only to wake up to the issue noted above...

    Please let me know what to do next, if you dont reply shortly and I have to turn it on and try to get to a desktop, I will let you know what occured...

    thank you
     
  6. jpopescu

    jpopescu Thread Starter

    Joined:
    May 18, 2005
    Messages:
    338
    ok, tried to turn the computer and see if the blue screen comes up again......it did.

    this is what it stated...........

    ________________________________________________________________________________________________
    Run a system Diagnostic utlity supplied by your hardware manufacturer. In particular run a memory check, and check for faulty or mismatched memory. Try changing video adaptors

    Disable or remove any newly installed hardware & drivers. Disable or remove any newly installed software. If you need to use Safe mode to remove or disable components, restart your computer, press F8 to select advanced startup options, then select Safe mode.
    _______________________________________________________________________________________________

    didnt see ANY blue screen prior to installation of the programs though......
     
  7. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hi

    The Attach.txt log is showing a lot of attempted file replacements & failed Service start errors... could be the cause.

    See if you can get Gmer to run by booting to Safe Mode. If successful, save the log as instructed then try getting back to Normal Mode by rebooting your computer & pressing F8 again to get to the Advanced Menu Options. Scroll down to the Last Known Good Configuration option & press Enter.

    Post the content of the Gmer log.
     
  8. jpopescu

    jpopescu Thread Starter

    Joined:
    May 18, 2005
    Messages:
    338
    ok, was able to get to Safe mode, cliked on GMER, it launched and then unclicked the items you previously noted, cliked on Scan....it started (like last night) to scan is is running thru things once again......IF I get to the end, I will "Save" the log and then try to get on using the "last known good configuration" to post......

    What IF it does get thru the scan YET I am unable to send the log as I cant get into the "last known configuration?" how do I get the log to you ?

    just thinking ahead such to do these things asap

    thanks
     
  9. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hi

    You could try transferring the file to a USB stick while in Safe Mode, then plug the usb stick into a working computer & post the log from there.

    Or under the Advanced Menu Options try Safe Mode with Networking, which may give you an Internet connection.
     
  10. jpopescu

    jpopescu Thread Starter

    Joined:
    May 18, 2005
    Messages:
    338
    just to let you know, the computer is still running the GMER after several hours (how long should this take per GB?).....files are being reviewed in a flash....will keep an eye on it and pray it completes such that you can continue to guide me thru this darkness.......
     
  11. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hi
    Can't give you a definitive answer to that. Sometimes it takes five minutes, sometimes five hours. There is no set time for these types of scans... just a matter of being patient :)
     
  12. jpopescu

    jpopescu Thread Starter

    Joined:
    May 18, 2005
    Messages:
    338
    well, it appears as the gmer stopped.....so, I copied/pasted on flash drive and moved to the working computer.....attached is that file

    please let me know what to do from this point as if you reply in the next 3 hours I should be able to do this today......

    remember, the last time I tried to but up I recieved the blue screen, then had to do the gmer scan and log in Safe mode
     

    Attached Files:

  13. jpopescu

    jpopescu Thread Starter

    Joined:
    May 18, 2005
    Messages:
    338
    tried to "restart" the computer.....its been stuck on "Saving your settings" for over 5 minutes........will just wait to hear back from you OR will press and hold the start power button to shut down.
     
  14. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hi

    Give a little time to go through these logs. Ill get back to you shortly.

    Did you try to boot using Last Known Good Configuration?
     
  15. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Quick question.... did you try Safe Mode with Networking? The reason I ask is that if you cannot boot to Normal Mode, it would be good (but not ideal) if you still had an Internet connection while is Safe Mode.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/921376

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice