# Boot up EXTREMELY slow, cant even work it is so slow



## jpopescu (May 18, 2005)

I believe I have some sort of virus as all of a sudden my boot up to even get to a state that I could try to get to a website is very very slow....took me about 20 minutes to even get to this point to post....

along the way, while trying to open a browser I recieved a NORTON 360 "virus blocked alert" that stated the risk name of "HTTPS Tidserv Request 2" hat was successfully blocked.....

Yesterday while trying to shut down I recieved an "ICIBAI.exe" Encountered a problem and needs to close

I also noticed prior to that when I pressed control, Alt, delete listed in my programs running was something called "LSASS.exe"...dont know what that is...there were other programs listed in there as well that I am not aware of and really didnt look like they belonged.....

and one final item....when booting after this issue occured....(I have shut down and rebooted in an attempt to see if the problem went away....) I have gotten a "Windows Installer" message that then opens up a box for my printer that states "HP Photoshop Essential"...this takes about 25 minutes to finally get up and then gets to another box that states "The feature you are trying to use is on a CD-Rom or other disk that is not available, insert the HPPHOTOSMARTESSENTIAL" disk and press ok"......since that is now open I am going to insert that disk and press ok...

Hijact this log is below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:02 PM, on 5/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [22686] C:\DOCUME~1\JOHNW~1.POP\LOCALS~1\Temp\lcibai.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://my.monster.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - http://products.swiftview.com/install.html?id=sv8/3_IN_1_CAB&ctx=&ref=#Version=5,3,4,0
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} (CMMHost Object) - https://na1.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fv373.cab
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://curaspan.webex.com/client/T26L/webex/ieatgpc.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 12848 bytes


----------



## jmw3 (Jul 23, 2007)

Hello & Welcome to TechSupportGuy

Please *Subscribe to this Thread* to get immediate notification of replies as soon as they are posted. To do this click *Thread Tools*, then click *Subscribe to this Thread*. Make sure it is set to *Instant notification by email*, then click *Add Subscription*.

*In the meantime please note the following:*

Any recommendations made are for your computer problems only and should *NOT* be used on any other computer.
Please *DO NOT* run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them: 
1. The tools that we use are very powerful and can cause *>>irreparable damage<<* to your computer if not used correctly.
2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
If you get stuck or are unsure of something please ask for a further explanation, do not guess.
It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
*Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.*
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

*Because of this, I advise you to backup any personal files and folders before you start.*

Thanks

*DDS*
Download *DDS.scr* by sUBs from one of the following links & save it to your desktop.
*Link 1*
*Link 2*

Double-Click on *dds.scr* and a command window will appear. This is normal
Shortly after two logs will appear, *DDS.txt* & *Attach.txt*
A window will open instructing you save & post the logs 
Save the logs to a convenient place such as your desktop
Copy the contents of *both* logs & post in your next reply
*Gmer*
Download *GMER Rootkit Scanner* from *here* & save it to your desktop.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*


_Click the image to enlarge it_

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\) 
Show All (don't miss this one)

Then click the Scan button & wait for it to finish
Once done click on the *[Save..]* button, and in the File name area, type in *"Gmer.txt"* or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply
_**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries_
*Do not run any programs while Gmer is running.*

*NOTE:* _If you cannot run GMER as indicated above, save a scan from the initial startup scan.

Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
Double click the *gmer.exe* file
The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click *No*
After the "initial scan" is complete, click on the *Save* button, save the log file to your desktop & post it in your reply
_
To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log


----------



## jpopescu (May 18, 2005)

thanks for your assistance, back in town an ready to roll on this.......below are the items you requested
sending thef first two files you requested as the GMER is still running, will send tomorrow when I wake up

DDS (Ver_10-03-17.01) - NTFSx86 
Run by John W. Popescu at 21:36:58.85 on Fri 05/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.272 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\John W. Popescu\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.cnbc.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
mRun: [22686] c:\docume~1\johnw~1.pop\locals~1\temp\lcibai.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [pjlueglt] c:\documents and settings\john w. popescu\local settings\application data\vpjnsmfdb\loudrvltssd.exe
dRun: [pjlueglt] c:\documents and settings\john w. popescu\local settings\application data\vpjnsmfdb\loudrvltssd.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: monster.com\my
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} - hxxp://www.winkflash.com/photo/loaders/SAXFile.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} - hxxp://products.swiftview.com/install.html?id=sv8/3_IN_1_CAB&ctx=&ref=#Version=5,3,4,0
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} - hxxps://na1.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - hxxp://www.flipviewer.com/exe/fv373.cab
DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} - hxxp://www.umediaserver.net/bin/UMediaControl4.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://curaspan.webex.com/client/T26L/webex/ieatgpc.cab
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johnw~1.pop\applic~1\mozilla\firefox\profiles\pgbbhoo6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnbc.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\documents and settings\john w. popescu\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-3 310320]
R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [2003-8-1 29239]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-3 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100505.001\IDSXpx86.sys [2010-5-7 329592]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-4-17 25824]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2005-9-5 14976]
R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2004-12-30 853504]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-7 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100507.032\NAVENG.SYS [2010-5-7 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100507.032\NAVEX15.SYS [2010-5-7 1324720]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2001-2-18 9312]
S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\drivers\olcamudp.sys [2004-4-11 10379]

=============== Created Last 30 ================

2010-05-07 01:04:03	664	----a-w-	c:\windows\system32\d3d9caps.dat
2010-05-05 17:28:16	912	----a-w-	c:\windows\system32\miniPortInfo.dat
2010-05-04 21:54:12	34688	-c--a-w-	c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-04 21:54:12	34688	----a-w-	c:\windows\system32\drivers\lbrtfdc.sys
2010-05-04 21:50:42	66591	-c--a-w-	c:\windows\system32\dllcache\el90xbc5.sys
2010-05-04 21:50:42	66591	----a-w-	c:\windows\system32\drivers\el90xbc5.sys
2010-05-04 21:49:22	8192	-c--a-w-	c:\windows\system32\dllcache\changer.sys
2010-05-04 21:49:22	8192	----a-w-	c:\windows\system32\drivers\changer.sys
2010-05-04 21:46:30	182784	----a-w-	c:\windows\system32\regedit.exe
2010-05-01 23:16:29	256	----a-w-	c:\documents and settings\john w. popescu\pool.bin
2010-04-21 16:29:47	77380	----a-w-	c:\windows\hpqins05.dat

==================== Find3M ====================

2010-04-05 06:36:50	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-03-10 06:15:52	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-02-25 06:24:37	916480	----a-w-	c:\windows\system32\wininet.dll
2010-02-17 16:10:28	2189952	------w-	c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04	2066816	------w-	c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11	100864	------w-	c:\windows\system32\6to4svc.dll
2006-06-21 00:06:56	5287488	------w-	c:\program files\common files\MDAC_TYP.EXE
2008-09-18 05:11:46	32768	--sh--w-	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat

============= FINISH: 21:39:46.02 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/10/2005 4:47:30 PM
System Uptime: 5/7/2010 12:17:55 AM (21 hours ago)

Motherboard: Dell Computer Corp. | | 0W2562
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 4.092 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 405.706 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart C309a series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: C309a,192.168.1.103
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C309a series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C309a series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

RP1648: 3/12/2010 10:41:39 AM - System Checkpoint
RP1649: 3/13/2010 2:39:18 PM - System Checkpoint
RP1650: 3/15/2010 10:35:46 AM - System Checkpoint
RP1651: 3/16/2010 11:06:58 AM - System Checkpoint
RP1652: 3/17/2010 2:19:47 PM - System Checkpoint
RP1653: 3/18/2010 3:21:11 PM - System Checkpoint
RP1654: 3/21/2010 1:26:42 PM - System Checkpoint
RP1655: 3/22/2010 2:04:08 PM - System Checkpoint
RP1656: 3/23/2010 3:35:43 PM - System Checkpoint
RP1657: 3/31/2010 2:44:54 PM - Software Distribution Service 3.0
RP1658: 4/4/2010 3:02:03 PM - System Checkpoint
RP1659: 4/4/2010 11:35:15 PM - Removed Java(TM) 6 Update 12
RP1660: 4/4/2010 11:36:20 PM - Installed Java(TM) 6 Update 19
RP1661: 4/6/2010 9:37:24 PM - System Checkpoint
RP1662: 4/8/2010 2:02:40 PM - System Checkpoint
RP1663: 4/9/2010 3:20:05 PM - System Checkpoint
RP1664: 4/10/2010 7:47:24 PM - System Checkpoint
RP1665: 4/11/2010 8:04:04 PM - System Checkpoint
RP1666: 4/14/2010 1:17:45 PM - System Checkpoint
RP1667: 4/14/2010 4:18:34 PM - Software Distribution Service 3.0
RP1668: 4/15/2010 6:15:01 PM - System Checkpoint
RP1669: 4/16/2010 8:40:01 PM - System Checkpoint
RP1670: 4/19/2010 1:19:30 PM - System Checkpoint
RP1671: 4/20/2010 5:27:22 PM - System Checkpoint
RP1672: 4/21/2010 9:29:18 AM - Installed MSVCSetup
RP1673: 4/25/2010 12:02:15 PM - System Checkpoint
RP1674: 4/26/2010 1:12:33 PM - System Checkpoint
RP1675: 4/28/2010 4:45:44 PM - System Checkpoint
RP1676: 4/30/2010 12:40:32 PM - System Checkpoint
RP1677: 5/1/2010 1:55:01 PM - System Checkpoint
RP1678: 5/1/2010 3:46:25 PM - Installed BlackBerry Device Software Updater.
RP1679: 5/2/2010 4:03:07 PM - System Checkpoint
RP1680: 5/4/2010 1:45:40 PM - System Checkpoint
RP1681: 5/6/2010 3:46:02 PM - System Checkpoint

==== Installed Programs ======================

2003 Hospital Blue Book
32 Bit HP CIO Components Installer
Acrobat.com
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AutoUpdate
Banctec Service Agreement
BlackBerry Desktop Software 4.3
BlackBerry Device Software Updater
Bonjour
Boris Graffiti
BounceBack Express
BufferChm
C309a
CCleaner (remove only)
Chris Moneymakers World Poker Championship (remove only)
Command & Conquer Generals
Compatibility Pack for the 2007 Office system
Conexant SmartHSFi V.9x 56K DF PCI Modem
Cox Online Support Controls
Creative DVD Audio Plugin for Audigy Series
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support Center (Support Software)
DellSupport
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DivX
DivX Player
DocProc
DocProcQFolder
DVD X Copy Platinum RF 4.0.4
DVD X Rescue
DVDneXtCOPY
DVDSentry
eSupportQFolder
Fax
Full Tilt Poker
GearDrvs
Google Desktop
Google Toolbar for Internet Explorer
Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
GoToMeeting 4.0.0.320
GPBaseService2
Help and Support Customization
Hijackthis 1.99.1
HijackThis 2.0.2
Hollywood FX 5.5 Additional Effects
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Image Resizer Powertoy for Windows XP
ImageMixer VCD/DVD2 for OLYMPUS
InstallMgr
InstantCopy
Intel A/V Codecs V2.0
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterActual Player
Internet Explorer Default Page
InterVideo WinDVD 7
iPod Access for Windows v2.9.2
iPod for Windows
iPod for Windows 2005-03-23
iPod Updater 2004-08-06
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaspersky On-line Scanner
LiveUpdate Notice (Symantec Corporation)
Magic Bullet Looks Studio
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.7
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Office Sounds
Microsoft Outlook Personal Folders Backup
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Video Email add-in for Outlook 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Modem Helper
Mozilla Firefox (3.6)
MSN Money Investment Toolbox
MSN Music Assistant
MSN Toolbar
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH® Jukebox
Nero 6 Ultra Edition
NeroMIX
NetWaiting
Network
Norton 360
OCR Software by I.R.I.S. 12.0
OLYMPUS Master
Panda ActiveScan
Photodex Presenter
Picasa 3
Pinnacle Hollywood FX 5
Pinnacle Hollywood FX for Studio
Pinnacle Hollywood FX Pack - Extra FX
Pinnacle Instant DVD Recorder
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Video Driver
Pivot Software
PokerStars
PowerDVD
PowerPlugs: Music for PowerPoint
PowerPlugs: PhotoActive FX
Print Server Driver
proDAD Heroglyph 1.0
proDAD Heroglyph 2.5
proDAD Vitascene 1.0
PS_AIO_05_C309_Software_Min
PushpinTool
QuickTime
RealPlayer
RegCure 1.5.2.7
Roxio Media Manager
Salesforce Office Edition
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Shockwave
Shop for HP Supplies
SmartSound Quicktracks Plugin
Smilebox
SolutionCenter
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SonicStage 
Sound Blaster Audigy 2
SoundFont Bank Manager
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy 1.3
SpywareBlaster v3.4
Status
Streaming Media Viewer
Studio 10 Bonus DVD
Studio 9
Studio 9 Content CD/DVD
Studio 9.4 Patch
SureThing CD Labeler - Stomper Edition 32 bit
SureThing CD Labeler SE - Sonic
SwiftView Viewer
The Print Shop® 6.0
TiVo Desktop
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VERITAS Simple Backup
WD Anywhere Backup
WebEx
WebFldrs XP
WebReg
Winamp (remove only)
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3
WordPerfect Office 11
World Series of Poker 2008: Battle for the Bracelets
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/7/2010 12:23:47 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
5/6/2010 5:09:54 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
5/6/2010 5:09:34 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/6/2010 5:09:30 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 1 time(s).
5/6/2010 5:09:30 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
5/6/2010 10:30:07 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/6/2010 10:30:06 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
5/5/2010 2:47:04 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
5/5/2010 2:46:27 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
5/5/2010 11:33:05 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
5/5/2010 11:32:38 AM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
5/5/2010 11:32:38 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
5/5/2010 11:32:32 AM, error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).
5/5/2010 10:47:38 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
5/5/2010 10:29:00 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/5/2010 10:29:00 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/4/2010 3:01:18 PM, error: Service Control Manager [7000] - The Windows Driver Foundation - User-mode Driver Framework Reflector service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:01:17 PM, error: Service Control Manager [7000] - The Windows Driver Foundation - User-mode Driver Framework Platform Driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:01:15 PM, error: Service Control Manager [7000] - The World Standard Teletext Codec service failed to start due to the following error: Access is denied.
5/4/2010 3:01:07 PM, error: Service Control Manager [7000] - The WAN Miniport (ATW) service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:01:07 PM, error: Service Control Manager [7000] - The USB Video Device (WDM) service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:01:06 PM, error: Service Control Manager [7000] - The USB Mass Storage Driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:01:05 PM, error: Service Control Manager [7000] - The USB Scanner Driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:01:04 PM, error: Service Control Manager [7000] - The Microsoft USB PRINTER Class service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:01:03 PM, error: Service Control Manager [7000] - The Microsoft USB Generic Parent Driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:00:50 PM, error: Service Control Manager [7000] - The Symantec Network Security Intermediate Filter Service service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:00:49 PM, error: Service Control Manager [7000] - The Microsoft Kernel GS Wavetable Synthesizer service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:00:48 PM, error: Service Control Manager [7000] - The BDA IPSink service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:00:47 PM, error: Service Control Manager [7000] - The Still Serial Digital Camera Driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:00:44 PM, error: Service Control Manager [7000] - The Microsoft Kernel Audio Splitter service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:00:43 PM, error: Service Control Manager [7000] - The BDA Slip De-Framer service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:00:39 PM, error: Service Control Manager [7000] - The BlackBerry Smartphone service failed to start due to the following error: Access is denied.
5/4/2010 3:00:28 PM, error: Service Control Manager [7000] - The Terminal Server Device Redirector Driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 3:00:26 PM, error: Service Control Manager [7000] - The Processor Driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:56:40 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file p3.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
5/4/2010 2:56:40 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\p3.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
5/4/2010 2:56:28 PM, error: Service Control Manager [7000] - The Intel PentiumIII Processor Driver service failed to start due to the following error: The specified driver is invalid.
5/4/2010 2:55:48 PM, error: Service Control Manager [7000] - The OLYMPUS Digital Camera service failed to start due to the following error: Access is denied.
5/4/2010 2:55:03 PM, error: Service Control Manager [7000] - The IPX Traffic Filter Driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:54:55 PM, error: Service Control Manager [7000] - The 1394 Net Driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:54:54 PM, error: Service Control Manager [7000] - The Microsoft TV/Video Connection service failed to start due to the following error: Access is denied.
5/4/2010 2:54:53 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ndisip.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.0.900.
5/4/2010 2:54:35 PM, error: Service Control Manager [7000] - The NABTS/FEC VBI Codec service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:54:33 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mspqm.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
5/4/2010 2:54:33 PM, error: Service Control Manager [7000] - The Microsoft Streaming Tee/Sink-to-Sink Converter service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:54:31 PM, error: Service Control Manager [7000] - The Microsoft Streaming Quality Manager Proxy service failed to start due to the following error: Access is denied.
5/4/2010 2:54:14 PM, information: Windows File Protection [64004] - The protected system file lbrtfdc.sys could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x00000000 [The operation completed successfully. ].
5/4/2010 2:54:14 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mspclock.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.0.900.
5/4/2010 2:54:14 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file lbrtfdc.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.10.1.0.
5/4/2010 2:54:12 PM, error: Service Control Manager [7000] - The Microsoft Streaming Clock Proxy service failed to start due to the following error: Access is denied.
5/4/2010 2:53:54 PM, error: Service Control Manager [7000] - The Microsoft Streaming Service Proxy service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:53:53 PM, error: Service Control Manager [7000] - The Microsoft DV Camera and VCR service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:53:52 PM, information: Windows File Protection [64003] - File replacement was attempted on the protected system file lbrtfdc.sys. This file was restored to the original version to maintain system stability. The file version of the bad file is unknown.
5/4/2010 2:53:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file kbdhid.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
5/4/2010 2:53:01 PM, error: Service Control Manager [7000] - The IR Enumerator Service service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:52:59 PM, error: Service Control Manager [7000] - The IP in IP Tunnel Driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:52:57 PM, error: Service Control Manager [7000] - The IP Traffic Filter Driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:52:56 PM, error: Service Control Manager [7003] - The IPv6 Windows Firewall Driver service depends on the following nonexistent service: Tcpip6
5/4/2010 2:52:55 PM, error: Service Control Manager [7000] - The Intel PC Camera Pro service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:52:53 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file watv04nt.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.13.1.3198.
5/4/2010 2:52:42 PM, information: Windows File Protection [64004] - The protected system file watv01nt.sys could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x00000000 [The operation completed successfully. ].
5/4/2010 2:52:42 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file watv01nt.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.13.1.3198.
5/4/2010 2:52:31 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file wvchntxx.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.13.1.3198.
5/4/2010 2:51:29 PM, error: Service Control Manager [7000] - The USB to IEEE-1284.4 Translation Driver HPZius12 service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:51:18 PM, error: Service Control Manager [7000] - The Print Class Driver for IEEE-1284.4 HPZipr12 service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:51:04 PM, error: Service Control Manager [7000] - The IEEE-1284.4 Driver HPZid412 service failed to start due to the following error: Access is denied.
5/4/2010 2:50:48 PM, error: Service Control Manager [7000] - The %usbscan.SvcDesc% service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:50:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file el90xbc5.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 4.5.0.0.
5/4/2010 2:50:39 PM, error: Service Control Manager [7000] - The Linksys Wireless-B USB Network Adapter v2.8 Driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:50:38 PM, error: Service Control Manager [7000] - The 3Com EtherLink XL 90XB/C Adapter Driver service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:50:17 PM, error: Service Control Manager [7000] - The DSproct service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:49:45 PM, error: Service Control Manager [7000] - The Microsoft Kernel DRM Audio Descrambler service failed to start due to the following error: The system cannot find the file specified.
5/4/2010 2:49:44 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file dmusic.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
5/4/2010 2:49:43 PM, error: Service Control Manager [7000] - The Microsoft Kernel DLS Syntheiszer service failed to start due to the following error: Access is denied.
5/4/2010 2:49:35 PM, error: Service Control Manager [7000] - The Creative DVD-Audio Device Driver service failed to start due to the following error: Access is denied.
5/4/2010 2:49:34 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file changer.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
5/4/2010 2:49:19 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ccdecode.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.0.900.
5/4/2010 2:49:18 PM, error: Service Control Manager [7000] - The Closed Caption Decoder service failed to start due to the following error: Access is denied.
5/4/2010 2:49:11 PM, error: Service Control Manager [7000] - The bvrp_pci service failed to start due to the following error: Access is denied.
5/4/2010 2:49:04 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file avc.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
5/4/2010 2:49:00 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file atmarpc.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
5/4/2010 2:49:00 PM, error: Service Control Manager [7000] - The AVC Device service failed to start due to the following error: Access is denied.
5/4/2010 2:48:44 PM, error: Service Control Manager [7000] - The ATM ARP Client Protocol service failed to start due to the following error: Access is denied.
5/4/2010 2:48:17 PM, error: Service Control Manager [7000] - The 1394 ARP Client Protocol service failed to start due to the following error: Access is denied.
5/4/2010 2:47:55 PM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: Access is denied.
5/4/2010 2:47:48 PM, error: Service Control Manager [7000] - The 61883 Unit Device service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================


----------



## jmw3 (Jul 23, 2007)

OK... no problem


----------



## jpopescu (May 18, 2005)

well, not really the thing I wanted to see on the computer upon waking up today.....a BLUE SCREEN with the message "A problem has been detected......" the issue noted was "PAGE_FAULT_IN_NONPAGED_AREA" the only manner I could shut it down was to press and hold the power key...the computer powered down, shut off and is sitting in the other room as I am writing this message on our other (slow) computer......

I will await a reply but if I must try and use that computer I will need to turn it on and see if I could get to a deskop,.....that is unless you reply first and tell me what to do....

some other items to note......the first time I ran the GMER program it seemed to be running ok but then stopped with a message of "l1orbk9s.exe encountered a problem" when I clicked "ok" the dialog box went away and the GMER program I think was closed....I opened it up again, and then started this second scan that seemed to be running for 2 - 3 hours prior to me finally going to bed......only to wake up to the issue noted above...

Please let me know what to do next, if you dont reply shortly and I have to turn it on and try to get to a desktop, I will let you know what occured...

thank you


----------



## jpopescu (May 18, 2005)

ok, tried to turn the computer and see if the blue screen comes up again......it did.

this is what it stated...........

________________________________________________________________________________________________
Run a system Diagnostic utlity supplied by your hardware manufacturer. In particular run a memory check, and check for faulty or mismatched memory. Try changing video adaptors

Disable or remove any newly installed hardware & drivers. Disable or remove any newly installed software. If you need to use Safe mode to remove or disable components, restart your computer, press F8 to select advanced startup options, then select Safe mode.
_______________________________________________________________________________________________

didnt see ANY blue screen prior to installation of the programs though......


----------



## jmw3 (Jul 23, 2007)

Hi

The Attach.txt log is showing a lot of attempted file replacements & failed Service start errors... could be the cause.

See if you can get Gmer to run by booting to Safe Mode. If successful, save the log as instructed then try getting back to Normal Mode by rebooting your computer & pressing *F8* again to get to the *Advanced Menu Options*. Scroll down to the *Last Known Good Configuration* option & press *Enter*.

Post the content of the Gmer log.


----------



## jpopescu (May 18, 2005)

ok, was able to get to Safe mode, cliked on GMER, it launched and then unclicked the items you previously noted, cliked on Scan....it started (like last night) to scan is is running thru things once again......IF I get to the end, I will "Save" the log and then try to get on using the "last known good configuration" to post......

What IF it does get thru the scan YET I am unable to send the log as I cant get into the "last known configuration?" how do I get the log to you ?

just thinking ahead such to do these things asap 

thanks


----------



## jmw3 (Jul 23, 2007)

Hi

You could try transferring the file to a USB stick while in Safe Mode, then plug the usb stick into a working computer & post the log from there.

Or under the *Advanced Menu Options* try *Safe Mode with Networking*, which may give you an Internet connection.


----------



## jpopescu (May 18, 2005)

just to let you know, the computer is still running the GMER after several hours (how long should this take per GB?).....files are being reviewed in a flash....will keep an eye on it and pray it completes such that you can continue to guide me thru this darkness.......


----------



## jmw3 (Jul 23, 2007)

Hi


> how long should this take per GB?


Can't give you a definitive answer to that. Sometimes it takes five minutes, sometimes five hours. There is no set time for these types of scans... just a matter of being patient


----------



## jpopescu (May 18, 2005)

well, it appears as the gmer stopped.....so, I copied/pasted on flash drive and moved to the working computer.....attached is that file

please let me know what to do from this point as if you reply in the next 3 hours I should be able to do this today......

remember, the last time I tried to but up I recieved the blue screen, then had to do the gmer scan and log in Safe mode


----------



## jpopescu (May 18, 2005)

tried to "restart" the computer.....its been stuck on "Saving your settings" for over 5 minutes........will just wait to hear back from you OR will press and hold the start power button to shut down.


----------



## jmw3 (Jul 23, 2007)

Hi

Give a little time to go through these logs. Ill get back to you shortly.

Did you try to boot using Last Known Good Configuration?


----------



## jmw3 (Jul 23, 2007)

Quick question.... did you try Safe Mode with Networking? The reason I ask is that if you cannot boot to Normal Mode, it would be good (but not ideal) if you still had an Internet connection while is Safe Mode.


----------



## jmw3 (Jul 23, 2007)

Hi

It would be preferable if the following could be done from Normal Mode, however if you can't get to Normal Mode for what ever reason then try in Safe Mode.
You may also need to download ComboFix from a clean working computer & transfer to infected computer via a USB stick or some other type of removable media.

*ComboFix*
Download *ComboFix* from one of these locations (*DO NOT* download ComboFix from anywhere else but one of the provided links):
*Link 1*
*Link 2*

***IMPORTANT !!! Save ComboFix.exe to your Desktop***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
*A guide to do this can be found here*
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console









**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of *C:\ComboFix.txt* in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix *SHOULD NOT* be used unless requested by a forum helper

To post in next reply:
ComboFix log
Update on how the computer is running


----------



## jpopescu (May 18, 2005)

I had to press and hold the power button as it did seem like it was stuck in the "Saving your settings" screen......when powered back up I pressed the F8 button, then selected the "Last known good configuration".....this brought up a black screen with a white "bar" about an inch from the bottom of the screen...and just about when I thought it was once again stuck and going to press & hold the power button the white bar at the bottom took a " movement" further to the right.....it appears that it is very very slowly moving to the right or completely this bar on the bottom of the screen. When I say very slowly I mean it maybe completed 20% across the bottom in 10 min

Please let me know if I should just wait for this bar to continue to move the the right of the screen or press and hold the power button, thus shutting down.


----------



## jmw3 (Jul 23, 2007)

I'd be inclined to let it finish


----------



## jpopescu (May 18, 2005)

ok, the bar finally completed....then the "Windows XP" screen came up and as I was waiting for the screen to come up asking for my password.....the same Blue screen came up again. It stated the same thing from prior.......

What should I do from this point?


----------



## jmw3 (Jul 23, 2007)

Follow the instructions regarding ComboFix & run in Safe Mode. As stated you may need to transfer it to the infected computer via a USB stick or similar.


----------



## jpopescu (May 18, 2005)

I trust that the warning about running this program from only a "forum helper" only would indeed be yourself? just seems like we ran into additional issues such as the blue screen after we downloaded those first two programs??

I will download this combo program on the flash drive and wait to hear back about this question


----------



## jmw3 (Jul 23, 2007)

> I trust that the warning about running this program from only a "forum helper" only would indeed be yourself?


Correct


----------



## jpopescu (May 18, 2005)

had to download on the flash drive, transferred to the other computer in SAFE mode.....put combo program on that desktop......since Norton was not in the system tray in the lower right corner (nothing was) I assumed it was NOT on......proceeded with the combo program and it stated that Norton was on and needs to be turned off prior to continuing.......I went to Norton 360 and cliked on it.....and it stated that it could not run in Safe mode, YET when I go back to combo telling it to proceed....it states it has detected Norton 360 running???

how do I turn Norton off?


----------



## jmw3 (Jul 23, 2007)

If you are in Safe Mode, your Anti-virus program will not be running. Booting to Safe Mode loads only the barest minimum of files for the system to work. That does not include Anti-virus software.

Continue with ComboFix.


----------



## jpopescu (May 18, 2005)

I cliked on continue with the Combo.....recieved yet another message stating that "you have an active scanner still running, Norton 360"

and then states do you want to continue at your own risk?

I will await your reply before pressing anything


----------



## jmw3 (Jul 23, 2007)

Continue with ComboFix


----------



## jpopescu (May 18, 2005)

cliked to continue, a small blue window came up, then stated starting Combo.......
another window then, that stated soemthing about getting 9 files but appeared to only get 2 files then this window closed.....

now it states "attempting to create a new restore point"
should I be waiting for this to continue or will this take a long time as it is 1am in the morning here??


----------



## jmw3 (Jul 23, 2007)

Hi

As with the other scans I cannot give you a definitive time. It depends on how badly infected the computer is etc. It could take ten minutes or could take an hour.

Just let it run & come back to it in your morning.


----------



## jpopescu (May 18, 2005)

ok, I had to shut down, then reboot in safe mode with networking as I did not have the MS windows recovery console.......this time it appeared as it connected to download.Microsoft and a bar under this then counted to 100%......with a blinking cursor underneath this....

this is where I am at right now.....it has been in this state for about 5-10 min or so

should I just wait?


----------



## jmw3 (Jul 23, 2007)

Yes... these things can take time. You have to be patient with them.


----------



## jpopescu (May 18, 2005)

it ran for a about 3 minutes and then a box came up stating "Combo has detected the presence of Rootkit activity and needs to reboot the machine"

when I clik "Ok"....should I try to intercept and press F8 to reboot in Safe mode with networking?


----------



## jmw3 (Jul 23, 2007)

Hi

No, let it run & see if it can boot into Normal Mode. If it blues screens again then you'll probably need to start it again. Only then should you try & intercept it


----------



## jpopescu (May 18, 2005)

ok, I let it go and the blue screen came up again...with the message of the "PAGE_FAULT_IN_NONPAGED_ AREA"

at the bottom of the page after a few paragraphs "if this is the first time ......" It read 
"Beginning dump of Physical Memory 
Dumping Physical memory to disk 38" (this number continued to go up.....I pressed and held the power button to shut it down

I am going to have to get to bed right now but please tell me in what manner to continue whether it be in Safe mode, with/without networking......and what to do thereafter. 

What if I get to the same point and need to do this reboot again? what should I do?

thanks for your help


----------



## jmw3 (Jul 23, 2007)

Hi

I'll get back to you on this. Go to bed & get some rest.


----------



## jmw3 (Jul 23, 2007)

Hi



> please tell me in what manner to continue whether it be in Safe mode, with/without networking......and what to do thereafter.
> 
> What if I get to the same point and need to do this reboot again? what should I do?


Boot to Safe Mode with Networking. If prompted by ComboFix to update allow it to do so.
If you get the "Combo has detected the presence of Rootkit activity and needs to reboot the machine" message again click OK & then attempt to reboot back to Safe Mode with Networking. ComboFix should continue with it's scan.


----------



## jpopescu (May 18, 2005)

booted up in Safe mode with Networking.....then came the screen as to which operating system to use....prior, there was only Windows XP...now, I have the Microsoft Windows Recovery Console as an option as well.

Which one should I select?
I am guessing (but afraid to select due to the prior "Be very careful" message) that it is the Recovery Console option?

Please advise


----------



## jpopescu (May 18, 2005)

ok, figured that we needed the recovery mode operating system to get to a certain point so I selelcted that....it came to a point of asking for the Administrators password....I dont remember what that might be and after several attempts and rebooting twice I selected the XP operating system....this time, Combo little blue screen came up and stated it was preparing to start....I allowed it to continue for about 10-15 min and then the log popped up....I saved to a file, it is attached.

I am sitting in Safe mode with networking and have not rebooted since the log appeared.

Hopefully will hear back from you so the computer doesnt have to stay on all day or until later in the day.

Please let me know what to do from this point

thanks


----------



## jmw3 (Jul 23, 2007)

Hi

Just got up. had quick glance at the log. Looks like the main infection has been dealt with, but there is still a lot to do here as there is another infection still do deal with. Just bare with me as I'm off to work now. I should be able to go through the log there when I get a minute or two.

In the mean time see if you can now boot to Normal Mode & let me know how it goes. If no luck with Normal Mode then shut the PC down for a while until I get back to you.


----------



## jmw3 (Jul 23, 2007)

Hi

*HelpAsst_mebroot_fix*
Download *HelpAsst_mebroot_fix.exe* from *Here* & save it to your desktop.
Close all other open programs and windows
Double click the file to run it & follow any prompts
If the tool detects an mbr infection allow it to run *mbr -f* & shutdown your computer
Upon restarting wait about 5 minutes then click *Start>Run* & type the following bolded text & click *OK*

*helpasst -mbrt* (Make sure you leave a space between *helpasst* & *-mbrt* !)

When it completes, a log will open. Post the contents of that log in your next reply
In the event the tool does not detect an mbr infection & completes, click *Start>Run* & type the following bolded text then click *OK*

*mbr -f*​

Now do the *Start>Run>mbr -f* command a second time
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up
Give it about 5 minutes, click *Start>Run* & type the following bolded text then click *OK*

*helpasst -mbrt* (Make sure you leave a space between *helpasst* and *-mbrt* !)

When it completes, a log will open. Post the contents of that log in your next reply

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).


----------



## jpopescu (May 18, 2005)

after shuttting down, I tried to reboot normally....recieved a blue screen with many paragraphs....nothing noted from prior but something to the fact of "if your bios has changed......" I pressed and held the power button, then restarted again.....got that blue screen again.....it stated somethign to the effect of:

Check that you have adequet disk space, if a driver is identified in stop message try changing video adaptor

Check with your hardware vendor for an BIOS update, Disable Bio Memory options such as caching or Shadowing

If you need to restart your computer press F8 to get to Safe mode....

then, at the bottom it stated beginning dump of physical memory
dumping physical memory to disk 77 ( and this number continued to count up)
______________________________________________

so, I pressed and held the power button again......*and will wait for your guide*
I did not as I was unable to get to the last program (HelpAsst_mebroot_fix) you stated to get as I could not start up that computer.....


----------



## jmw3 (Jul 23, 2007)

Hi

Those errors really sound like some sort of hardware problem to me.

Boot to Safe Mode & follow the instructions for HelpAsst_mebroot_fix. We'll try & get your computer clean first, then try & sort out those other issues.


----------



## jpopescu (May 18, 2005)

will have to download the program on the other computer, take with flash drive to the one we are trying to get up again and run in Safe mode
will let you know what happens


----------



## jpopescu (May 18, 2005)

downloaded the program to flash drive, booted up the other computer in Safe mode, and cliked the program....a blue window came up and it just says "Please Wait" with a blinking cursor right underneath it.....been like that for about 10 min now....

Question > as I just remembered I cliked on the program from the flash drive instead of putting on the infected computers Desktop.......does that matter?

should I simply continue to wait?


----------



## jmw3 (Jul 23, 2007)

Hi

Transfer it to the desktop of the infected computer, then right click on HelpAsst_mebroot_fix to open the Properties box. Down the bottom click the *Unblock* button next to *This file came from another computer and might be blocked to help protect this computer*. OK your way out then double click HelpAsst_mebroot_fix again & see if it runs.


----------



## jpopescu (May 18, 2005)

I dragged the program from the flash drive to the desktop, did as you stated as for right cliked the program and went to Properties.......BUT, I did not see the "Down the bottom click the Unblock button next to This file came from another computer and might be blocked to help protect this computer." statement?? I searched on the other tabs and still didnt see it?? I DID see under the compatibility tab that "Windows 95" and IF I were to clik the box then providing the ability to select an OS Windows XP was in it......Now, I dont know IF this has anything to do with any of this but noticed this when searching for your statement noted above....

*Something else happened during all this*......in the little blue box where it previously stated "Please Wait"......it now changed to saying that the "User & kernel MBR ok, the tool has completed Press any key to continue".....

I cliked thru everything, then did what you stated earlier to do.....the part where I go to Start>Run>mbr -f twice, right now I am at the point where you stated to boot up.........*BUT, do I boot up in NORMAL mode or SAFE MODE???*
then to wait for 5 min


----------



## jpopescu (May 18, 2005)

fyi , this is a DELL computer


----------



## jpopescu (May 18, 2005)

also, I now just saw that the computer is still running and appears to be stuck on "Saving your settings" before shutting down from previous.....will update IF this changes .....otherwise I would have to press and hold the power button once again to shut it down.....


----------



## jmw3 (Jul 23, 2007)

Boot to Safe Mode again for the time being


----------



## jpopescu (May 18, 2005)

just to let you know it is still stuck on "Saving your settings"....

I will have to press and hold the power button to shut it down, then boot up in Safe mode from what you have stated.....will report back shortly


----------



## jpopescu (May 18, 2005)

I had to press and hold the power button to shut down, waited a few minutes as instructed, then rebooted in Safe Mode....I am at the point where you said to wait for 5 mins before going to Start>Run and type .....then getting the log (hopefully) to post

btw - this whole time booting up in Safe mode I have been selecting the "Windows XP" Operating system vs the other "Recovery Console" one .......

hopefully will have a log for you shortly that I will have to put on a flash drive, and bring to this other computer to post....


----------



## jpopescu (May 18, 2005)

ahhh, frustrated....

waited the 5 minutes, in safe mode went to Start>Run and typed "helpasst -mbrt" , cliked OK and then recieved a window that stated "helpasst could not be found...."

what should I do?

does this maybe have something to do with the fact that the program ran from the flash drive and not from the one I dragged to the desktop??

will wait to hear back


----------



## jpopescu (May 18, 2005)

also, if you could please let me know if you have time to work on this tonight (over here, now) as I would love to get my computer up/running such to try and work on it tomorrow if possible as I am looking for a job.....OR, you will not have the time right now to assist as then i will go to bed

thanks


----------



## jmw3 (Jul 23, 2007)

Hi

Unfortunately the time differences between us is not making this any easier. It is currently just after 3pm here, but I'm still at work & will be until 6pm tonight (my time). So I have been trying to do what I can for you when I have a quiet moment.
I don't think we can do much more for the moment. I would like to have a chat with the developer of HelpAsst_mebroot_fix before we go any further.


----------



## jpopescu (May 18, 2005)

yes, I thought about the time difference as well and didnt know what side of Australia you lived on......

btw, I did go back to the desktop and run the program, it stated the same thing that that I noted prior...then I had the exact same things happen.....end result is that it stated the file "helpasst" could not be found...

Ok, gonna go to sleep.....will follow tomorrow morning as soon as I get up and see if I could get to the desktop you noted I should of been able to get to earlier....but didnt

Thanks


----------



## jmw3 (Jul 23, 2007)

Hi

Ensure *HelpAsst_mebroot_fix* is directly on your desktop, then reboot the computer.... to Safe Mode if your still having problems getting to Normal Mode.

Click *Start>Run* type the following bolded text then click *OK*

*"%userprofile%\desktop\HelpAssistant_mebroot_fix.exe" -mbrt* (Make sure you leave a space between " & -mbrt !)

When it completes, a log will open. Post the contents of that log in your next reply.


----------



## jpopescu (May 18, 2005)

have not tried to do what you stated yet but IF by some chance you get this when waking up on your end.....Question as far as what I should be typing....

Do I type the Quotes (") at the beginning and End of the line?
Also, you stated "Make sure you leave a space between " & -mbrt !)
BUT, I dont see the "&" in the line?????

*"%userprofile%\desktop\HelpAssistant_mebroot_fix.exe" -mbrt *

just type what is in bold above?


----------



## jpopescu (May 18, 2005)

ok, here is the latest......

I did what you stated and went to Start>Run and typed the *"%userprofile%\desktop\HelpAssistant_mebroot_fix.exe" -mbrt *....a box came up stating it was NOT found. I did this twice, same result.

I figured why not do this whole thing over one more time, so I did....going back to double cliking on the Helpasst mebroot fix exe......it again found the "user & kernel mbr ok, the tool has completed press any key to continue"....I did and continued with the prior instructions. THIS TIME the computer shut down by itself (remembering that last time it did not and I had to press and hold the power button as it got stuck on the "Saving your settings"......so, I WAS ABLE to get the log this time, it is attached. All this was done in SAFE MODE

BUT, upon shutting down after getting the log the computer once again got stuck in the "Saving your settings", nothing appears to be occuring and I will let this stay as just maybe it really is taking a long time to "Save my settings"....although I believe the computer to be stuck and I will have to press and hold the power button once again to shut down.....Does this perhaps then mess something up as maybe this is why we were unable to get the log the first time around, and then the computer could not find the file you were looking for????

log is attached, computer is still stuck on "Saving your settings"........


----------



## jpopescu (May 18, 2005)

just a quick fyi as it might affect the manner in which to proceed....the computer is still stuck on the "Saving your settings" screen. I am guessing it is indeed stuck and I will once again have to press and hold the power button to shut down?


----------



## jpopescu (May 18, 2005)

I am wondering if it might be best to pull in someone closer to my time zone on this that might be able to assist as I would like to run thru the items I need to such to get this back up? Also, it sounded as if we were at points where you thought I might be "ok" yet I still cant get to a desktop in normal mode.....

maybe you just got busy with other things but I would like to try and run through the things I need to such to get it up and running again

do you have any suggestions at this point?


----------



## jmw3 (Jul 23, 2007)

Do you have or can you get hold of an XP Installation disc?


----------



## jpopescu (May 18, 2005)

boy, I wish I could say "you are kidding" but I know your not.......I really am not sure if I do have one or can get a hold of one.....

I kind of have been in this situation before and then someone else jumped in and was able to get me back up and running within a day....any chance that you could put that word out for assistance with the possibility of collarborating with others? I know this is the manner in which this was done prior

Please let me know

Since I finally was able to get that last log, what did the last log I provided let you know?

thanks


----------



## jmw3 (Jul 23, 2007)

Click *Start>Run* & copy/paste or type the following bolded text then click *OK*

*net localgroup Administrators HelpAssistant /delete*

You will need an XP Installation disc to attempt a *Repair Install* of the Operating System. Appears that may be the only way to fix the PAGE_FAULT_IN_NONPAGED_AREA blue screen issue other than full format & reinstall.


----------



## JSntgRvr (Jul 1, 2003)

Hi, *jpopescu* 

*jmw3* has requested I take a look at your problem.

First verify that you can logon to the Windows Recovery Console.

To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console


Next, please download *maxlook*, saving the file to your desktop.
Double click *maxlook.exe* to run it. *Note - you must run it only once!*
Restart the computer and logon to the *Recovery Console.*
Execute the following bolded command at the _x:\windows>_ prompt <--- the red x represents your operating system drive letter, usually C
*batch look.bat*







You will see *1 file copied* many times then return to the _x:\windows>_ prompt.
Type *Exit* to restart your computer then logon in normal mode.
Once in Windows, obtain an Internet Connection. This program must download a tool to check files' signatures.
Then go to Start -> Run, copy and paste the following command in the run Box and Click OK
*"%Userprofile%\Desktop\maxlook.exe" -sig*​
It will produce *looklog.txt* in the C:\ folder.
Please post the results here.

Browse to the *C:\Windows* folder. Chances are there is a *Minidump* folder. If so, open that folder, gather the last ten minidumps files (They are created based on date and time), copy them to a new folder and label the folder as you wish. Once done right click on the newly created folder and select Send to -> Compressed (zipped) folder. That will create a .zip folder. Attach that zipped folder to a reply.


----------



## jpopescu (May 18, 2005)

couple of things here.....

*What should I be doing first? *

should I be Clicking Start>Run & copy/paste or type the following bolded text then click OK

*net localgroup Administrators HelpAssistant /delete*?

Please keep in mind that all of this has primarily been done in SAFE Mode as I have not been able to get to a normal desktop......should I be doing this in Safe mode?

Recovery console was installed, when I go to Safe mode, there comes a point where it asks me which OS do you want to use......Recovery Console or Windows XP....I have been selecting the XP.

If order to get the Maxlook do you want me to download from another computer, put on a flash drive and bring to the infected one OR go into Safe mode with Networking and try to get it that way? again, do I use the XP or Recovery console OS?

OH, another thing......I am not sure, but perhaps the reason I did not use the Recovery Console OS selection is because I could not remember what the Administrator password was?? not sure, but IF this OS selection asks that, ......I cant remember it

Please advise what I should be doing next and if you could be as detailed as possible

thanks


----------



## jpopescu (May 18, 2005)

I was able to get to *C:\Windows>* prompt after selecting the "Recovery Console" OS to start up in.....

BUT, how would I get "Maxlook" from this point?

should I be booting up in Safe mode with networking to get Maxlook first?
should I be getting Maxlook from the other computer, put the file on a flash drive, drag to desktop in Safe mode first???
Double clik from this point?

point being is that if I select the Recovery console when booting up in Safe mode, I can only get the C:\Windows> prompt noted above and dont have the ability to double clik on any icons such as Maxlook???

Please advise


----------



## EAFiedler (Apr 25, 2000)

Hi *jpopescu*

Yes. If you cannot boot into normal mode, boot into safe mode with networking and download Maxlock.

Run Maxlock, ONCE!

Restart the computer.

Then as the directions specify, login to the Recovery console.

You need to read the directions as they appear, they are straight forward and no reading between the lines is required.
At this point, you will need to use whatever options you have to access the internet to get the programs you need.
Whether it be by using Safe Mode with networking or using a USB flash drive to copy files back and forth.
We can only advise you, we cannot do this for you.


----------



## jpopescu (May 18, 2005)

sorry, doing my best to follow but had I followed the directions as they appeared I think I would of done the "net localgroup Administrators HelpAssistant /delete" as was suggested first

this is what happened......

got the Maxlook from the other computer to a flash drive, started the infected computer in safe mode and dragged the Maxlook to the desktop from the flash drive, double cliked it once, and it ran......then, "Restarted" the computer the windows XP screen came up then a long pause and I recieved a black screen with blinking cursor....I was unable to type anything at this point, it stayed like this for about 5 min and I pressed and held the power button. waited a few minutes and rebooted in Safe mode, then recovery console selected, typed the *batch look.bat* and the screen did list a *full screen *of "1 file(s) copied" and it seemed to cycle thru many screen (perhaps as many as 25-30 times) then did come to the prompt. I typed exit and then let the computer run as it normally would to try and get to a normal desktop (not safe mode).....

Then a blue screen came up and many paragraphs on it:
A problem occured and windows shut down to prevent damage to your computer......

If this is the first time you have seen......

Check that you have adequet disk space......if drivers identified .....try changing the video adaptors......

Check w your hardware vendor for BIOS updates......

Technical information
*** STOP: 0x0000008E (0xcoooooo5, 0x84BF7013, 0xb9ED17F4, 0x00000000)

beginning dump of physical memory
dumping physical memory 23 (counting up)
____________________________________________________

I pressed and held the power button to shut it down


----------



## EAFiedler (Apr 25, 2000)

Attempt to finish the rest of the instructions in post # 63 by *JSntgRvr* and give your computer more than five minutes to complete what it needs to do. Let's try 20 minutes.


----------



## jpopescu (May 18, 2005)

just so I am clear on this......I am to do everything in post #63?

Which means to rerun Maxlook again? (even though that post stated specifically to run only once?)

So, I will first boot up in Safe mode such to run Maxlook again...
Shut down and reboot in Recovery console mode and follow everything in post #63 from that point?

I will need to step out for a while but do what you instructed upon return

Thanks


----------



## EAFiedler (Apr 25, 2000)

Attempt to *Finish* the *Rest* of the instructions in post # 63.

I did not say to go back and repeat anything.


----------



## jpopescu (May 18, 2005)

in post #63 it states to only do the Maxlook ONCE....IF I go back and do what you are now stating to do this would result in doing the Maxlook TWICE.....is this what I am now suppose to do?

thus, I would boot up in Safe mode, do the maxlook , shut down. boot up again in Recovery console mode and follow the instructions from that point and finish everything in post #63 again?

is this correct?

also, you are stating to give the computer 20 minutes to boot up in normal mode as this is where it got hung up prior with the black screen and blinking cursor, correct?


----------



## EAFiedler (Apr 25, 2000)

*jpopescu* are you deliberately being obtuse???

If you have already run Maxlock and proceeded to login to the Recovery console you need to continue on with the NEXT step.
Which I am assuming is step 8, correct?

If you have already done step 8 then what step are you on?
Where are the log results that were requested?

And yes, give your computer time to do something.


----------



## jpopescu (May 18, 2005)

I guess I am asking whether or not I am suppose to begin doing everything in post #63 again (from running the Maxlook again) OR since the other steps completed should I try to boot up in normal mode and try to get to a desktop?

dont know how far back to go ??


----------



## jpopescu (May 18, 2005)

EAFiedler, no i am not being obtuse, just being somewhat careful to follow directions as I was told too.

Ok, so I completed all the steps prior to #7 so I tried once again try to boot up in Normal mode (as this is where I have run into issues), I pressed the power button, saw the Windows XP screen....long pause, then a blue screen. This time a different message stating":

NO_MORE_IRP_STACK_LOCATIONS

will await your guide
thanks


----------



## JSntgRvr (Jul 1, 2003)

Attach the minidump files.


----------



## jpopescu (May 18, 2005)

I am sorry for my stupity.....can you please advise how to get to these files as I read above to get to a C prompt but not sure what manner to do so?

In Safe mode?
Recovery console mode?
Other?

thanks


----------



## JSntgRvr (Jul 1, 2003)

jpopescu said:


> I am sorry for my stupity.....can you please advise how to get to these files as I read above to get to a C prompt but not sure what manner to do so?
> 
> In Safe mode?
> Recovery console mode?
> ...


It has to be in either Normal or Safe Mode. Let make it simpler

Right click on the Start button and select* Explore*. Navigate to the *C:\Windows* folder. Within that folder, there should be a *Minidump* folder. Right click on the Minidump folder and select *Send to -> Compress (zipped) folder*. That should create a *minidump.zip* folder in the *C:\Windows* folder.

Come to the forum and click on Add a Reply. Scroll down to *Manage Attachments* and click on it. Browse to the *C:\Windows\minidump.zip* folder, Click on Open then *Upload*. Write a small message in the main window and click on Submit Reply.

Let me know if having problems with these instructions.


----------



## jpopescu (May 18, 2005)

thanks for the detailed explanation, just that I never use the right clik explore .....

ok, so I found the minidump folder, although it showed nothing in it I did what you stated but then recieved a message telling me that the function could not be completed as there are no folders/files in the minidump folder..

Will await your next instruction


----------



## JSntgRvr (Jul 1, 2003)

You must set Windows to record events whenever there is a crash. Without these files (minidumps) we wont be able to tell the reason for the crash.

Download the enclosed file. Save and extract its contents to the desktop. Once extracted, click on the *Crash.reg* file and select Yes when prompted to merge it into your registry.

Download *OTL* to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change *Drivers* to *All*
Change *Standard Registry* to *All*
Under *File Scans*, change *File age* to *30*

Under the Custom Scan box paste this in

*netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
*

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt* (first run only). These are saved in the same location as OTL.
Please post the contents of these files in your next reply.


----------



## jpopescu (May 18, 2005)

I need to put the "Crash" zip file on a flash drive but tried to save it twice and it is not transferring to the flash? although it states "Complete", the counter at the top of the window states "0% of Crash.zip from forums.techguys.org completed"

I go to the flash and it doesnt show it there???


----------



## JSntgRvr (Jul 1, 2003)

jpopescu said:


> I need to put the "Crash" zip file on a flash drive but tried to save it twice and it is not transferring to the flash? although it states "Complete", the counter at the top of the window states "0% of Crash.zip from forums.techguys.org completed"
> 
> I go to the flash and it doesnt show it there???


Download the file to a working computer. Extract the file, then copy it to the flash drive. Once in the flash drive, you can delete the file from the working computer and use the flash drive to transfer it to the troubled computer.

Run OTL.


----------



## jpopescu (May 18, 2005)

was able to get crash this time, just ran it on the other computer
OTL is scanning.....in the "Getting folder structure" now......

Will copy/paste the two files when I get them

thanks


----------



## jpopescu (May 18, 2005)

ok, finished what you instructed to do.....this time ALL of it went as expected!

the two files are attached
What is OTL?

thanks


----------



## JSntgRvr (Jul 1, 2003)

Please double-click *OTL.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
*Copy the lines in the quote below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:OTL
@Alternate Data Stream - 4870 bytes -> C:\WINDOWS\excl.bin:yusyew
@Alternate Data Stream - 4870 bytes -> C:\WINDOWS\ecfg.bin:nasfes
@Alternate Data Stream - 4870 bytes -> C:\WINDOWS\ecfg.bin:kpxuwg
@Alternate Data Stream - 4870 bytes -> C:\WINDOWS\clock.avi:hjkteo
@Alternate Data Stream - 4870 bytes -> C:\WINDOWS\{8C6BC840-5495-488B-A33D-3BC5F815C3FA}.dat:tkgjmw
@Alternate Data Stream - 4870 bytes -> C:\WINDOWS\_DEFAULT.PIF:suezxe
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\orun32.ini:nxvbda
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\FeatherTexture.bmp:qvkmyy
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\eReg.dat:fbkkyu
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\eReg.dat:dqhzqr
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\{8C6BC840-5495-488B-A33D-3BC5F815C3FA}.dat:dkqopg
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\DELL.BMP:gxdmfa
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\Thumbs.db:juhayj
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\Blue Lace 16.bmp:wizobm
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\{8C6BC840-5495-488B-A33D-3BC5F815C3FA}.dat:ajnest

:files
C:\Documents and Settings\John  W.  Popescu\Local Settings\Application Data\vpjnsmfdb
C:\Documents and Settings\John  W.  Popescu\Desktop\security software 2010
C:\Documents and Settings\John  W.  Popescu\Local Settings\Application Data\uxsflwtes
C:\WINDOWS\javacm32.dll
C:\WINDOWS\System32\ntmz.dll
C:\WINDOWS\iprt.dll
C:\WINDOWS\System32\crtq32.dll
C:\WINDOWS\appma32.dll
C:\WINDOWS\System32\sdkww.dll
C:\WINDOWS\ippj.dll
C:\WINDOWS\d3id32.dll
C:\WINDOWS\System32\ipjr.dll
C:\WINDOWS\System32\d3hs32.dll
C:\WINDOWS\apibf.dll
C:\WINDOWS\appgm.dll
C:\WINDOWS\orun32.ini
C:\WINDOWS\addlm.dll
C:\WINDOWS\sysfi.dll
C:\WINDOWS\ipdd32.dll
C:\WINDOWS\appbp.dll
C:\WINDOWS\System32\d3tk.dll
C:\WINDOWS\apidq32.dll
C:\WINDOWS\System32\javalx.dll
C:\WINDOWS\javafd.dll
C:\WINDOWS\sysja32.dll
C:\WINDOWS\d3oh32.dll
C:\WINDOWS\System32\winzb32.dll
C:\WINDOWS\System32\ieyi32.dll
C:\WINDOWS\mfchi.dll
C:\WINDOWS\System32\javanr.dll
C:\WINDOWS\nettl32.dll
C:\WINDOWS\Graffiti5.2Pin.ini
C:\WINDOWS\hpqEmlSz.INI
C:\WINDOWS\iPlayer.INI
C:\WINDOWS\iedd.dll
C:\WINDOWS\PestPatrol5.INI
C:\WINDOWS\System32\apios32.dll
C:\WINDOWS\mfcty32.dll
C:\WINDOWS\iexw32.dll
C:\WINDOWS\atlls.dll
C:\WINDOWS\ntct32.dll
C:\WINDOWS\System32\iedn.dll
C:\WINDOWS\System32\msav.dll
C:\WINDOWS\System32\d3wa.dll
C:\WINDOWS\System32\sysdd.dll
C:\WINDOWS\System32\netbi32.dll
C:\WINDOWS\iezk.dll
C:\WINDOWS\System32\msvq.dll
C:\WINDOWS\System32\ieqy.dll
C:\WINDOWS\ipjq32.dll
C:\WINDOWS\ODBC.INI
C:\WINDOWS\System32\crql.dll
C:\WINDOWS\iput.dll
C:\WINDOWS\System32\d3oc32.dll
C:\WINDOWS\winej.dll
C:\WINDOWS\MSREGUSR.INI
C:\WINDOWS\addez.dll
C:\WINDOWS\System32\winzg32.dll
C:\WINDOWS\iedg32.dll
C:\WINDOWS\addhw32.dll
C:\WINDOWS\System32\javaec32.dll
C:\WINDOWS\System32\javaux32.dll
C:\WINDOWS\sdkzr32.dll
C:\WINDOWS\msoffice.ini
C:\WINDOWS\System32\cruf32.dll
C:\WINDOWS\System32\sysab.dll
C:\WINDOWS\System32\mfcru32.dll
C:\WINDOWS\System32\msto.dll
C:\WINDOWS\ntwh.dll
C:\WINDOWS\atloc.dll
C:\WINDOWS\System32\d3qp32.dll
C:\WINDOWS\System32\appkj.dll
C:\WINDOWS\System32\mssa.dll
C:\WINDOWS\iebb32.dll
C:\WINDOWS\System32\crtn.dll
C:\WINDOWS\d3bp32.dll
C:\WINDOWS\mswx32.dll
C:\WINDOWS\System32\javaok32.dll
C:\WINDOWS\apipq.dll
C:\WINDOWS\javarh.dll
C:\WINDOWS\wintc32.dll
C:\WINDOWS\System32\crur.dll
C:\WINDOWS\System32\winkj32.dll
C:\WINDOWS\System32\javaav.dll
C:\WINDOWS\System32\sysfe32.dll
C:\WINDOWS\crfb32.dll
C:\WINDOWS\javase.dll
C:\WINDOWS\atldk32.dll

:Commands
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
```

 Return to OTL, right click in the *"Custom Scans/Fixes"* window and choose *Paste*.
Click the red *Run Fix* button.
The computer will restart
A report will be produced and saved in the *C:\_OTL\MovedFiles* folder. Open that report and post its contents in a reply.

Run OTL once again as follows:


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change *Drivers* to *All*
Change *Standard Registry* to *All*
Under *File Scans*, change *File age* to *30*

Under the Custom Scan box paste this in

*
/md5start
svchost.exe
/md5stop
*​
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt* (first run only). These are saved in the same location as OTL.
Please post the contents of these files in your next reply.


----------



## JSntgRvr (Jul 1, 2003)

Something else I need you to do.

Download *Win32kDiag.exe* from any of the following links to your desktop:

http://ad13.geekstogo.com/Win32kDiag.exe
http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe
http://rootrepeal.psikotick.com/Win32kDiag.exe

Run it, it will create a file "Win32kDiag.txt" on the desktop. Post its report in a reply.


----------



## jpopescu (May 18, 2005)

copy and pasted, pressed the red RUN FIX button, completed the scan and asked to reboot....I pressed ok and the computer seems as if it is stuck again in the "Saving your settings". Reason I think it is stuck is that the line that moves from left to right quickly showing it is "saving" are not moving......

should I press and hold the power button to shut it down, wait and press again, booting up in Safe mode again and then move forward from this point in the instructions?


----------



## jpopescu (May 18, 2005)

had no other option then to press and hold the power button and shut down in this manner. started up again in a few minutes and in Safe mode (as I dont know if I could get to normal desktop yet) and am continuing from the point where I left off....will post shortly


----------



## jpopescu (May 18, 2005)

attached are the requested files


----------



## jpopescu (May 18, 2005)

almost forgot this one............


----------



## jpopescu (May 18, 2005)

please let me know when you are done for the day as I know it is later where you are then here....thanks


----------



## jpopescu (May 18, 2005)

perhaps you have retired for the night, I was in Safe mode this entire time doing everything and when I went to shut it down, once again it got "Stuck" on the "saving your settings"....had to press and hold the power button to shut down again

thanks for your assistance,will catch up with you tomorrow


----------



## JSntgRvr (Jul 1, 2003)

What would happen if you boot in Normal Mode?


----------



## JSntgRvr (Jul 1, 2003)

Give this a try for the "saving your settings" lockdown:

*User Profile Hive Cleanup Service*


----------



## jpopescu (May 18, 2005)

last night had to press and hold the power button to shut down as it got stuck on the "Saving your settings"......read you post on "What would happen if you boot up in Normal mode"......tried this first thing this morning, I recieved a blue screen with the notation of :

NO_MORE_IRP_STACK_LOCATIONS

I assume that I should do the Hive cleanup service thing next in Safe mode?


----------



## JSntgRvr (Jul 1, 2003)

jpopescu said:


> last night had to press and hold the power button to shut down as it got stuck on the "Saving your settings"......read you post on "What would happen if you boot up in Normal mode"......tried this first thing this morning, I recieved a blue screen with the notation of :
> 
> NO_MORE_IRP_STACK_LOCATIONS
> 
> I assume that I should do the Hive cleanup service thing next in Safe mode?


Yes, please. Also, remove all Antivirus and Firewalls installed in the computer, including Antispyware, Adaware, Windows Defender, ....etc.. Only Windows firewall should be pesent. In most ocassions it can be done in Safe mode. Once done, restart in Normal mode and let me know the outcome.

Since there was a crash, check if there is a minidump file available in the C:\Windows\minidump folder.


----------



## jpopescu (May 18, 2005)

I have Norton 360, are you saying to remove/unistall this complete program?
would I be able to uninstall in Safe mode and then reinstall later?

will install cleanup
will check minidump for files


----------



## JSntgRvr (Jul 1, 2003)

You should remove it for now. We need to identify the problem you are experiencing booting in Normal Mode. After we have identified the issue, then it can be reinstalled. I will let you know.


----------



## jpopescu (May 18, 2005)

ok, had some problems.....

first, there were no folders/files in the Windows Minidump folder. there was however a bunch of new folders listed under Windows, they were in a "Blue" font...when I cliked on one of them there were then 3 files in most all of these folders and one of them was always titled "Spuninst". dont know if that means anything but noticed it this time.

The Hive clean up would not install. I recieved a message of "The system administrator has set policies to prevent this installation". Please keep in mind that I cant log in as Administrator as I do not recall the password from years ago when I installed.

finally, I am not sure IF I have anything else installed or running that I might need to uninstall other then Norton 360. I will attempt to uninstall this now.

will await your next instruction


----------



## jpopescu (May 18, 2005)

uninstalled Norton, thought about this in the middle of the uninstall but was wondering if you would of wanted to view the files or list of virus caught....too late I guess.

anyhow, at the end of the uninstall came a point were it stated to complete the uninstall you must reboot, cliked to complete and figured to simply let it reboot in normal mode, it did shut down and then I recieved a completely black screen with a blinking cursor in the upper left corner......been stuck there so far. assuming I will need to press/hold the power button and boot in Safe mode again

will await your direction


----------



## jpopescu (May 18, 2005)

well, that black screen with the blinking cursor apparently went away while I was on the phone.....on the screen was select your OS you would like to start with.....Recovery console or Windows XP. I selected Windows XP and my sign in came up for normal start up, I put my password in and there came my desktop IN NORMAL MODE loading, this is still coming up but I wanted to let you know this asap for your next instuctruction

Please advise


----------



## jpopescu (May 18, 2005)

please let me know what to do next as the prior moderator(s) stated there were many other issues to deal with after the main one was gone. I would like to also stop a vast majority of the programs that are starting upon start up that I dont even use to speed up the start up and performance

thanks


----------



## JSntgRvr (Jul 1, 2003)

Are you able to get an internet connection in this computer? if you do, please follow these steps:


Obtain an Internet Connection. This program must download a tool to check files' signatures.
Then go to Start -> Run, copy and paste the following command in the run Box (including the quotation marks) and Click OK
*"%Userprofile%\Desktop\maxlook.exe" -sig*​
It will produce *looklog.txt* in the C:\ folder.
Please post the results here.

Run OTL as follows:

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change *Drivers* to *All*
Change *Standard Registry* to *All*
Under *File Scans*, change *File age* to *30*

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt* (first run only). These are saved in the same location as OTL.
Please post the contents of these files in your next reply.


----------



## jpopescu (May 18, 2005)

yes, had an internet connection and it went to the site fast....that was nice in itself.

posting from the computer with the issue, attached are the file you requested

will await the next steps


----------



## JSntgRvr (Jul 1, 2003)

All seems clear.

Go to Start -> Run, copy and paste the following command in the run Box (including the quotation marks) and Click OK

*"%Userprofile%\Desktop\maxlook.exe" -cleanup*​







Please download Malwarebytes' Anti-Malware from *Here*.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*


----------



## jpopescu (May 18, 2005)

any idea how long the mbam will take as I need to step out and dont know IF I have to be around the computer to restart immediately as noted? is it an issue IF I dont restart immediately?


----------



## jpopescu (May 18, 2005)

there was one file infected....called "Backdoor.bot" it was removed, the file is below
Please tell me the next thing(s) to do
thanks

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4094

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/12/2010 5:27:27 PM
mbam-log-2010-05-12 (17-27-27).txt

Scan type: Quick scan
Objects scanned: 145143
Time elapsed: 7 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{fb1e6550-26c4-d08c-63dc-c39b64cc44be} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## JSntgRvr (Jul 1, 2003)

Lets scan for remnants. This scan will take sometime to complete.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under *Upgrading Java*, to download and install the latest version.


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs 
Archives
Mail databases*

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.
 Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.

*Upgrading Java* :

Download the latest version of *Java SE Runtime Environment (JRE)JRE 6 Update 20 *.
Click the JDK 6 Update 20 (JDK or JRE) "*Download JRE*" button to the right.
Select your Platform, Register and check the box that says: "*I agree to the Java SE Runtime Environment 6 License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation ( jre-6u20-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the * jre-6u20-windows-i586.exe* and select "Run as an Administrator.")


----------



## jpopescu (May 18, 2005)

I wanted to let you know that I am preparing for a job interview in which I am leaving later today and will not be around all day tomorrow to work on this.....

since this scan will take a long time I am thinking of doing this on Saturday after I do all the research I can now do for this job....

Other things that I have observed that I wanted you to know about include:

My tray in the lower right corner is NOT filled up with much of anything??? prior there were a lot of things there....only now is my outlook and Microsoft Activesync (which it states is not connected that I would like to rid myself of if possible) 

when I bring up my IE browser, it opens a window stating "internet explorer is not your default browser would you like to make it your default browser?" will take your guide on this as I can just select it to be my default or check the box so this doesnt come up again...

when I open up Outlook, (using Word as my editor) I am (and was prior) getting a window that states "The file contains macros with an expired or revoked signature. Since you are running under high security level, these macros will be disabled" I also recieved like 3 different windows pertaining to this when I opened up a word doc last night??

How long will the Kaspersky scan take? as I can attempt to run this perhaps today before I leave?

thanks for all your assistance to get me my desktop and working system back!!!


----------



## JSntgRvr (Jul 1, 2003)

We will take care of that on Saturday. Good luck on the interview.


----------



## jpopescu (May 18, 2005)

will run the Kasp scan now


----------



## JSntgRvr (Jul 1, 2003)

:up:


----------



## jpopescu (May 18, 2005)

I see that I just recieved the "updates" from Kasp and not the actual scan.....then had to do the JAVA update....before I do this I needed to find out from you IF I will need a password to run as Administrater" as I dont remember my Administrator password??

Please advise, then I will do the Java update (I should have the latest version though as I do this update whenever it shows up in the lower right tray) first

Then the Kasp scan


----------



## JSntgRvr (Jul 1, 2003)

You are already logged as an administrator.



> Computer Name: OFFICE
> Current User Name: John W. Popescu
> *Logged in as Administrator.*
> 
> ...


----------



## jpopescu (May 18, 2005)

Kasp scan is running. 5% done


----------



## JSntgRvr (Jul 1, 2003)

It takes a while.


----------



## jpopescu (May 18, 2005)

92% done

196 k files
37 threats
595 infected objects
1 suspicious object 

So far


----------



## JSntgRvr (Jul 1, 2003)

Eventually will give us the entire picture. It is one of the best online scanners available,


----------



## jpopescu (May 18, 2005)

5 hrs 32 minutes!

perhaps the once activated Norton captured most of them?

Reminder that Norton was Uninstalled per your recommendation earlier...


----------



## JSntgRvr (Jul 1, 2003)

Hi, *jpopescu* 

You will need to run the Norton Removal Tool before reinstalling.


Download the *Norton Removal Tool *for your version of Windows.
Save the file to the Windows desktop. 
On the Windows desktop, double-click the Norton Removal tool icon. 
Follow the on-screen instructions. 
Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

That should remove its quarantined.


 Please double-click *OTL.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
*Copy the lines in the quote below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:files
C:\Documents and Settings\John  W.  Popescu\My Documents\Downloaded\Spyware program to delete them
C:\HelpAsst_backup
```

 Return to OTL, right click in the *"Custom Scans/Fixes"* window and choose *Paste*.
Click the red *Run Fix* button.
The computer will restart
A report will be produced and saved in the *C:\_OTL\MovedFiles* folder. Open that report and post its contents in a reply.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

*Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.*

*Follow these steps to uninstall Combofix.*

 Rename Combofix to Uninstall and click on it. That should remove the application.
Launch *OTL* and click on the *Cleanup* button. Follow the prompts.

Manually remove any tool left.

*How is the computer doing?*


----------



## jpopescu (May 18, 2005)

Attached is the file that came up after the reboot from OTL....

I am at this step now (listed in quotes below) but have a few questions....

"Reset and Re-enable your System Restore to remove bad files that have been backed up ...."

when I removed the Norton a screen came up to "reinstall" Norton.....I did NOT do this as you didnt say to do this at this time.....was this correct?

at this point the next step you state to log on with full administrator right....I am not sure IF I can as I mentioned before I forgot that password.....but, you previously told me that I logged on as the Administrator so it might work

I will await to hear back before continuing from the line in quotes above

btw, computer does seem to be working fine....still slow but no where near what it was prior....maybe now just because an OLD system I really should boot out the door ...but need a job first!!!


----------



## jpopescu (May 18, 2005)

did I forget the log? attached this time


----------



## jpopescu (May 18, 2005)

the file doesnt want to upload it is 2 mb

oh, also, from this point.....where and how do I "Reset and re-enable my system restore"???


----------



## jpopescu (May 18, 2005)

tried zipping it


----------



## JSntgRvr (Jul 1, 2003)

> You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


Is the *System Restore* tab missing when you follow the steps?


----------



## jpopescu (May 18, 2005)

Got thru the restore on then off part......

Then renamed the combo fix to combofix1, then double clicked it and it asked if I wanted to update to a newer version....I said no and it then began to run? Right now the blue screen for combo fix is preparing a report?


----------



## jpopescu (May 18, 2005)

FYI. I moved all of the programs we used then were finished with into a folder on my desktop called security 2010 ......... Including combo fix.......does this Haveanything to do with the combo fix running right now???

What exactly do you mean byc " manual" removal of the other programs?


----------



## jpopescu (May 18, 2005)

attached in the log that Combofix spit out after it ran....

this was after I renamed Combofix to "Combofix1", then double cliked it....when I did it asked to I want to download the latest version, I cliked "no" and then it just continued to run.....

I did not move to the OTL part of the email as I thought you would want this done first??

will wait to hear from you on next step(s)


----------



## JSntgRvr (Jul 1, 2003)

jpopescu said:


> Got thru the restore on then off part......
> 
> Then renamed the combo fix to combofix1, then double clicked it and it asked if I wanted to update to a newer version....I said no and it then began to run? Right now the blue screen for combo fix is preparing a report?


Must rename Combofix *Uninstall* rather than Combofix1, and click on it. It will uninstall itself.



> What exactly do you mean byc " manual" removal of the other programs?


Anything left, right click on the application and select *Delete*.

=====================

Is there anything you haven't done from my last indications?


----------



## jpopescu (May 18, 2005)

ok, completed the combofix uninstall, then the OTL cleanup......then there still were a lot of tools and programs from throughout this process that remained.....I right cliked them, then deleted......everything is gone with exception of the JAVA update "....I586" program, do I delete this too?

I am now going to reboot, if you dont hear anything back from me the computer seems to be working well with the exception of a few things like:

I still get windows opening about the Word editor I use for Outlook when I open Outlook.....

Window about "Internet Explorer is not my default browser, would I like to set it to be...."

I still have not reinstalled Norton 360.....should I do so simply with the install disk, any special settings you recommend?
_____________________________________________________________-

What should I or could I be doing to keep this computer running smoothly until I get a new job (hopefully hear some GREAT news tomorrow as the interview went well on Friday) ???

will wait to hear back from you

Thanks


----------



## jpopescu (May 18, 2005)

oh, forgot to state that I did everything in post #119 completed


----------



## JSntgRvr (Jul 1, 2003)

.


> everything is gone with exception of the JAVA update "....I586" program, do I delete this too?


Yes it can be deleted



> I still have not reinstalled Norton 360.....should I do so simply with the install disk, any special settings you recommend?


Must run the Automatic Removal tool I recommended, and leave the settings as they appear as default.



> I still get windows opening about the Word editor I use for Outlook when I open Outlook.....


I wont be able to help you here. Not an Outlook user.



> Window about "Internet Explorer is not my default browser, would I like to set it to be...."



Open Internet Explorer
Click the Tools button, and then click Internet Options.
Click the Programs tab, and then click Make default.
Click OK, and then close Internet Explorer.
Internet Explorer is now the default web browser.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

*Spybot Search & Destroy *- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

*AdAware* - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

*Windows Updates* - It is *very important* to make sure that both Internet Explorer and Windows are kept current with *the latest critical security patches* from Microsoft. To do this just start *Internet Explorer* and select *Tools > Windows Update*, and follow the online instructions from there.

*Google Toolbar* - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

*Trillian* or *Miranda-IM* - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

*ERUNT* (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read * this article * by *Miekiemoes*.

Best wishes!


----------



## jpopescu (May 18, 2005)

I will have to go get the Norton auto removal again as I deleted it

once I have it, since it was already deleted should I do the same steps and thus it will lead me to the installation? I am not sure if I understand how to get Norton360 back on the computer??


----------



## JSntgRvr (Jul 1, 2003)

Once is completely removed, insert the installation CD and follow the prompts. Accept all recommended settings.


----------



## jpopescu (May 18, 2005)

Ok, installed the Norton and it went fine.....

I am assuming that the computer is then somewhat clean and ready to go then?

on the programs you recommended.....how often should I be running them?
do they run in the background and thus slow down the computer?

also, in the lower right system tray ....I dont quite have much of anything there anymore...basically, only Norton now whereas in the past I had many things, is this a result of the cleaning and things running in the background?

when I used to press "Ctrl, Alt, Delete" I used to get a ton of programs running.....now, there are less but there still are some things in there I am not sure what they are?? should we take a look at them or am I good to go?

Thanks for all your help and taking this bull by the horns when a system reinstall was being thought of.......


----------



## JSntgRvr (Jul 1, 2003)

You only run the recommended programs when you feel something may be wrong. According to the first Hijackthis log, there were nothing in that corner. What would you like to see?


----------



## jpopescu (May 18, 2005)

oh, nothing I would "like" to see......just wondering as many more things seemed to load up in that corner.

should I be running all those programs when something seems wrong? not sure which ones to run for which issues? 


are we basically good to go then?

Thanks for all your assistance on this, really really helped out

there is another computer in the kitchen that is really slow, not nearly as slow as this one got hit with stuff but can you take a look at that one at this time? what should I download and post?


----------



## JSntgRvr (Jul 1, 2003)

Yes, I believe you are ready.

For the missing clock right click your Taskbar, choose Properties, under the Taskbar tab checkmark "Show the clock", click Apply/OK.

For the sound icon:

Open the Control panel
Open the "Sounds and Audio Devices" icon.
Verify the "Place volume icon in the taskbar" checkbox is checked. If this option is not available or is grayed out, skip to the next section of this document.
If you were able to check this box, click ok and close out of this window and the Control Panel.
Double-click the sound icon in the Systray and verify that all the sound volumes are mid-way or higher.

Be safe!


----------



## jpopescu (May 18, 2005)

Thanks for all your help with this, it was a journey!

any chance I could get assistance with the other computer directly from you?
Just let me know what log to post

Thanks again


----------



## JSntgRvr (Jul 1, 2003)

jpopescu said:


> Thanks for all your help with this, it was a journey!
> 
> any chance I could get assistance with the other computer directly from you?
> Just let me know what log to post
> ...


Sure.

Give me a brief description of the problem and post a *Hijackthis* log from this computer.


----------



## jpopescu (May 18, 2005)

do you have a specific site to get HiJack this from as "This" computer had it on it but that computer does not and I wouldnt want to get it from a bad site...


----------



## JSntgRvr (Jul 1, 2003)

Sorry for the delay, but my broadband is down.








*Click here* to download *HJTInstall.exe*

Save *HJTInstall.exe* to your desktop.
Doubleclick on the *HJTInstall.exe* icon on your desktop.
By default it will install to *C:\Program Files\Trend Micro\HijackThis* . 
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


----------



## jpopescu (May 18, 2005)

computer is an older one, maybe just need to update it but upon pressing the power button it takes an extremely long time to boot up ....once we get the desktop screen there still sounds like there is a lot going on as for the CPU noise....I always tell my wife to wait at least 5-7 minutes on this computer prior to doing anthing as it seems to then operate better......any manner to stop some of the things in start up that we just dont use?

she primarily used this computer for email and internet access......not too much of anything else (that I know of) with this PC

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:36 AM, on 05/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goerie.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hgtv.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R3 - URLSearchHook: (no name) - _{765E6B09-6832-4738-BDBE-25F226BA2AB0} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 216.65.115.190 search.msn.com
O1 - Hosts: 66.40.21.73 auto.search.msn.com
O1 - Hosts: 66.40.21.73 auto.search.msn.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRA~1\E-BOOK~1\FLIPAL~1.0\FpLaunch.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2646205B-878C-11D1-B07C-0000C040BCDB} (NSIEMisc Class) - file://D:\autorun\x86\bin\nskey.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127065560526
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81251516-2F41-49E3-82C6-4A99251DEF94}: NameServer = 4.2.2.2,4.2.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8279 bytes


----------



## JSntgRvr (Jul 1, 2003)

There is no sign of malware in that log. Lets do some housekeeping.

Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*.
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.








Please download Malwarebytes' Anti-Malware from *Here*.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*

Download *OTL* to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change *Drivers* to *All*
Change *Standard Registry* to *All*
Under *File Scans*, change *File age* to *30*

Under the Custom Scan box paste this in

*netsvcs
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
*

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt* (first run only). These are saved in the same location as OTL.
Please post the contents of these files in your next reply.


----------



## jpopescu (May 18, 2005)

down to the OTL at this point, log from Mbam is below

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4134

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/23/2010 2:55:50 PM
mbam-log-2010-05-23 (14-55-50).txt

Scan type: Quick scan
Objects scanned: 126274
Time elapsed: 10 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{67194eee-329a-46a7-aeba-2d1a71e1913a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9388907f-82f5-434d-a941-bb802c6dd7c1} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{ad7fafb0-16d6-40c3-af27-585d6e6453fd} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Comet (Adware.Comet) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Comet\MCC_Install.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ieaccess2.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.


----------



## jpopescu (May 18, 2005)

here at the OTL files

maybe the computer is just old, and slow...............


----------



## JSntgRvr (Jul 1, 2003)

Remove these programs:

"Napster v2.0 BETA 9" = Napster v2.0 BETA 9
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player

The amount of RAM memory should be improved. Running Norton will deplete most of it.

There seem no other problems with this computer. *How is it feeling?*


----------



## jpopescu (May 18, 2005)

when trying to remove the NAPSTER program I get a window that states " The file does not exist or is not a valid uninstallation log file . C:\Program files\Napster\uninstal.log" (yes, only one "l" in the "uninstal" word)

Viewpoint manager and player were both removed.....

Perhaps this computer is just too old to keep up with stuff of today? We know we need some new ones just need a darn job!!!

computer seems to be running ok, just slow.....

On another note, I think I have a wireless "G" on this computer to get to the internet .....what is the latest/greatest wireless network to get IF I get another router (with new computers later)?


----------



## jpopescu (May 18, 2005)

your broadband must be down again??

Something came up this morning when I was trying to download some pictures from our camera on COMPUTER #1 that we went thru fixing......normally, when I plug in the camera to the computer a program opens and asks what I want to do.....this time, nothing opened up. I turned the camera on/off a couple of times but still nothing opened up to allow me to transfer pictures to the computer?? did we shut something off from recognizing when something like a camera gets plugged into the computer? I will now look for a manner to get the pictures into the computer


----------



## JSntgRvr (Jul 1, 2003)

My connection is 1kb/sec, which is worst than dial-up.

In regard to the* wireless network*, I am the wrong guy to ask. Open a new topic in the networking forum. I am sure someone in the forum will be able to answer your question.

Concerning the autorun, lets try this fix:

Download the enclosed folder. Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, *Regfix.reg* . Once extracted, open the folder and double click on the *Regfix.reg* file and select *Yes* when prompted to merge it into the registry.

Restart and test.


----------



## jpopescu (May 18, 2005)

were are you able to look at the files generated from Computer #2 and draw any conclusions to potentilally picking up speed?
or is it just an old computer....?


----------



## JSntgRvr (Jul 1, 2003)

jpopescu said:


> were are you able to look at the files generated from Computer #2 and draw any conclusions to potentilally picking up speed?
> or is it just an old computer....?


All you can do is some maintenance and remove programs you no longer use. That will increase the empty space in the hard drive and windows become faster:

Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficiently. Hopefully going through these steps will solve the problems you are having with the pc being slow:

Perform the following steps to make sure that your Windows XP installation has DMA enabled for IDE devices:

Under DEVICE MANAGER, open IDE ATA/ATAPI CONTROLLERS. 
On the PRIMARY and SECONDARY IDE CHANNELS, open up their PROPERTIES display.
In PROPERTIES click on the ADVANCED SETTINGS tab.
Make sure that TRANSFER MODES is set to DMA IF AVAILABLE. and not PIO.
If any changes were made, reboot your computer.

*Disk Cleanup:*

Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*.
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

*Defrag your HD:*

http://artsweb.bham.ac.uk/artsit/Info/Guides/GoodPractice/defrag-win2kxp.htm

*Run chkdsk:*

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

*Remove unnecessary startups*

This should be done through the System Configuration Utility. Go to Start > Run and type in *msconfig*.
Click OK or hit the Enter key.

Click on the "*Startup*" tab and remove the check by the items that you have determined are unnecessary. Click "*Apply*" then "*Close*"

You will be prompted to restart. Go ahead and restart.

Upon restart you will be confronted with a dialogue box warning about running in selective startup. Just ignore that message and put a check in the box by "*Don't show me this message or launch the System Configuration Utility when Windows starts*" and click "OK". You will not be bothered by the message again.

Keep in mind that some entries will be re-enabled in the startups each time you use that particular program. Therefore, you will have to find the option in that programs preferences that says something like "*Load with Windows*" or "*Run when Windows Starts*" and disable that option.

Go here for info on msconfig:

*Pacs Portal*

You can look up the startups at the following links to help determine what is needed and what is not:

*BleepingComputer* 
*Answers That Work* 
*Windows Startup*


----------



## jpopescu (May 18, 2005)

back to computer #1.....I noticed that I lost having to enter my password when starting Outlook to get my emails.....I believe this occurred AFTER doing that running of the Registary program you provided..at least I think so.

how is it that I can regain having to enter a password to begin outlook each time?


----------



## JSntgRvr (Jul 1, 2003)

jpopescu said:


> back to computer #1.....I noticed that I lost having to enter my password when starting Outlook to get my emails.....I believe this occurred AFTER doing that running of the Registary program you provided..at least I think so.
> 
> how is it that I can regain having to enter a password to begin outlook each time?


The registry fix has nothing to do with outlook. It only reset the autoruns in the computer. Try to reset your password.


----------



## jpopescu (May 18, 2005)

will try this right after posting this....

another issue popped up this morning that I can seem to get rid of as well...pertains to the Wireless HP printer in which I tried to open up the "Solution Center" to scan some documents and a window opened looking for a file....I cliked thru it but it was not found...then I tried to cancel it but continually am getting a window that wont close something to the effect of "GPBaseService2".......I imagine the only way to get rid of this is to reboot.

But, I assume I will have the same issue arise when I go to scan a doc again?
do I now need to reinstall the printer software?


----------



## JSntgRvr (Jul 1, 2003)

Uninstall the printer software completely and restart your PC. Then install it again.


----------



## jpopescu (May 18, 2005)

been a long week, just back home now as I had emergency gall bladder surgery....will address tomorrow


----------



## JSntgRvr (Jul 1, 2003)

Sorry to hear. Get well soon!


----------



## jpopescu (May 18, 2005)

ok, finally back....feeling better
the printer issue was resolved wtih your suggestion....now, going back to the other items will check


----------



## JSntgRvr (Jul 1, 2003)

Glad to see you back!


----------

