Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blue Screen Error Stop Code 0X0000008E


  • Please log in to reply

#46
sizzletime29

sizzletime29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I already uploaded that file for you in 3 seperate files. Just went in and loaded the zip files. it is real strange as after I zipped the file and cleared the box to send to microsoft, the file disappears. The one for the gmer error is still available to see but the other one is gone unless I go to safe mode. I searched for it before closing the box and found it, close out the box and it dissappears and no longer comes up in search results.

sent both zip files and sent the 3 files that were in the one folder yesterday so you may actually see the same folder twice, once as a zip file and once as 3 seperate files.

Let me know where you want to go from here, I actually think finding that folder is making some progress but as usual I might also be wrong.
  • 0

Advertisements


#47
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Do me a favor,Use the Windows Search Assistant and search All Files for dfrgntfs.exe

You shoud have atleast 2 copies,one in System32 and one in a backup folder somewhere.

Let me know how many you find.

Or,you can save all the text below to a blank notepad page,Save As "All Files" with the name find.bat and save it to your desktop.

dir \dfrgntfs.exe /a h /s > report.txt

Double click find.bat and wait for the dos window to close,report.txt should be on the desktop,post that report please.
  • 0

#48
sizzletime29

sizzletime29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Here is what I found using the desktop method. After search was over, out came bsod.

Volume in drive C has no label.
Volume Serial Number is 14A1-A1C8

Directory of C:\i386

08/04/2004 06:00 AM 104,960 dfrgntfs.exe
1 File(s) 104,960 bytes

Directory of C:\WINDOWS\system32

08/04/2004 06:00 AM 104,960 dfrgntfs.exe
1 File(s) 104,960 bytes
  • 0

#49
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,take and MOVE the dfrgntfs.exe file out of the system32 location and move it somewhere safe,like My Documents

Next,COPY the dfrgntfs.exe from the i386 folder and place a copy into the System32 folder.

Basically put-> Delete the dfrgntfs.exe file from system32 and replace it with a copy from i386

Dont delete the file from i386,thats your only good backup.

After all is completed,reboot the machine and let it load,browse,surf,search,whatever for atleast 30 minutes.

Next,run the Disc Cleanup tool first,then try a defrag and see what happens?

Interested to see if its just this file being corrupted.
  • 0

#50
sizzletime29

sizzletime29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Did all that, ran a disc cleanup that took almost 2 hours so had computer on for over 3 hours with no bsod.

As soon as the defrag started, bsod shows up.

Will let you know what happens this AM, been up for 24 hours so going to catch 3 hours of sleep.
  • 0

#51
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Back from mudland and ready for more,sent you a PM,let me know when your ready again.
  • 0

#52
sizzletime29

sizzletime29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Well with a dozen conference calls and a bunch of techs looking at the computer, I think most of this may be straightened out. I had to get the dell operating system cd for the computer, that took 4 days but once I got we went in and checked the harddrive. Even though doing tests on the hard drive showed no errors without using the disc, it showed errors with the disc. from that we did repair of the errors and now am running anything and everything to see if I can get another BSOD. So far I have tried defrag and it ran without any problem. Right now only problem I seem to have is getting the Add/remove program window to open up. that still will not open up unless I am in safe mode.

I am going to let run overnight and see if I wake up to a bsod like I have for last 3 plus weeks if I leave computer on. The MS techs believe that this was only way to fix problem. They said I may have had other problems associated with this but the hard drive blue screen error can only be fixed by using the repair tool of the operating system cd. It took about 3 hours for the disc to run and repair and right now all seems to be working except the add/remove window. If still worning in AM will have to work on that next.
  • 0

#53
sizzletime29

sizzletime29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Wake up to bsod, how fun is that. I also uploaded the latest files from that temp folder as requested. Seems I go 2 steps ahead and 4 steps back. I am going to ask Thu when the techs call again about the defrag tool removal.

Here is the scan

Deckard's System Scanner v20070423.42
Run by Brent on 2007-05-09 at 11:23:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Brent.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:23:17 AM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brent\Desktop\dss.exe
C:\HIJACK~1\Brent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hometab.bellsouth.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan....s/ascinstie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {A609CB6E-FEB5-47C3-966C-1B916842BD01} (Nlopflash Class) - http://poker.milbest...erCreations.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} (CountSpies.SpyCounter) - http://www.sunbelt-s.../CounterSpy.CAB
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


-- Files created between 2007-04-09 and 2007-05-09 -----------------------------

2007-05-08 13:31:53 0 d-------- C:\Program Files\Microsoft Easy Assist
2007-05-03 09:32:35 0 d-------- C:\Program Files\DynGate
2007-05-03 09:32:21 0 d-------- C:\Documents and Settings\Brent\temp
2007-05-03 09:32:04 0 d-------- C:\Program Files\TeamViewer
2007-05-02 16:39:59 0 d-------- C:\Documents and Settings\Brent\Application Data\AVG7
2007-05-02 16:39:44 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-05-02 16:39:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-04-29 00:22:22 0 d-------- C:\avenger
2007-04-28 15:41:51 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-04-28 11:25:28 0 d-------- C:\hijackthis
2007-04-27 07:09:15 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-04-26 15:24:00 0 d-------- C:\WINDOWS\system32\Panda Software
2007-04-25 15:00:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-04-25 12:15:35 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-04-25 12:14:30 0 d-------- C:\Program Files\MSECACHE
2007-04-25 09:37:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-04-25 09:23:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-04-25 09:22:14 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-04-25 09:22:13 0 d-------- C:\Documents and Settings\Brent\Application Data\SUPERAntiSpyware.com
2007-04-25 08:58:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-24 18:17:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\GTek
2007-04-24 17:46:10 0 d-------- C:\Program Files\DellConnect
2007-04-24 17:24:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-04-22 14:37:30 5120 --a------ C:\WINDOWS\system32\GTKCMO64.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics; 1, 0, 0, 7; 1, 0, 0, 7>
2007-04-22 14:37:30 5632 --a------ C:\WINDOWS\system32\GPCIEn64.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics; 2, 0, 0, 9; 2, 0, 0, 9>
2007-04-22 14:37:30 7168 --a------ C:\WINDOWS\system32\DLPT64.sys <Not Verified; Gteko Ltd.; QDiag; 1, 0, 0, 12; 1, 0, 0, 12>
2007-04-22 14:37:30 4608 --a------ C:\WINDOWS\system32\DDMI64.sys <Not Verified; Gteko Ltd.; DDMI; 1, 0, 0, 9; 1, 0, 0, 9>
2007-04-19 14:11:01 0 d-------- C:\Program Files\DellSupport
2007-04-19 14:04:37 0 d-------- C:\Program Files\WebCyberCoach
2007-04-19 00:17:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-04-19 00:17:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-04-19 00:17:07 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-04-19 00:17:07 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-04-19 00:17:07 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-04-19 00:17:07 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-04-19 00:17:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-04-19 00:17:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-04-19 00:17:07 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-04-19 00:17:06 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-04-19 00:17:06 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-04-19 00:17:06 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-04-19 00:17:06 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-04-19 00:17:06 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-04-19 00:17:06 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-04-19 00:17:06 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-04-19 00:17:06 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-04-19 00:17:05 974848 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2007-04-28 15:43:11 0 d-------- C:\Documents and Settings\Brent\Application Data\Lavasoft
2007-04-28 03:26:01 0 d-------- C:\Program Files\PartyGaming.net
2007-04-28 03:07:17 0 d-------- C:\Program Files\UBNet
2007-04-27 15:56:20 0 d-------- C:\Program Files\Greetings Workshop
2007-04-24 18:20:02 0 d-------- C:\Program Files\AIM Toolbar
2007-04-19 16:26:03 34638 --a------ C:\Documents and Settings\Brent\Application Data\wklnhst.dat
2007-04-19 14:13:03 0 d--h----- C:\Documents and Settings\Brent\Application Data\Gtek
2007-04-18 14:55:14 0 d-------- C:\Documents and Settings\Brent\Application Data\Viewpoint
2007-04-18 10:16:02 0 d-------- C:\Program Files\Java
2007-04-01 16:31:56 0 d-------- C:\Documents and Settings\Brent\Application Data\AdobeUM
2007-03-17 09:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.1.2600.3103; 5.1.2600.3103 (xpsp_sp2_gdr.070316-1309)>
2007-03-12 18:01:40 164 --a------ C:\install.dat
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.1.2600.3099; 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)>
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.1.2600.3099; 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)>
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.1.2600.3099; 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)>
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.1.2600.3099; 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SUPERAntiSpyware"="\"C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe\""
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ C:\Program Files\Ocean Aquarium 3D Deluxe\Active Desktop\Ocean_Aquarium_3D_Active_DT.html

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{12E03AEE-88D3-4183-AF58-F999B82F1AE2}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Status Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\Status Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Brother\\Brmfcmon\\BrMfcWnd.exe Brother MFC-210C /STARTUP"
"item"="Status Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Brent^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
"path"="C:\\Documents and Settings\\Brent\\Start Menu\\Programs\\Startup\\Greetings Workshop Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Greetings Workshop Reminders.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\GREETI~1\\GWREMIND.EXE "
"item"="Greetings Workshop Reminders"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CFD"
"hkey"="HKLM"
"command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="brctrcen"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe\" /autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tfswctrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxpers"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxpers.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IntelMEM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mskagent"
"hkey"="HKCU"
"command"="c:\\PROGRA~1\\mcafee\\SPAMKI~1\\mskagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pptd40nt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe\" SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BrStDvPt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Brother\\Brmfl04a\\BrStDvPt.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SiteAdv"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SiteAdvisor\\6028\\SiteAdv.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smax4pnp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSBkgdupdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hcenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Support.com\\BellSouth\\hcenter.exe\" /starthidden /tgcmdwrapper"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sgtray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-05-09 at 11:29:18 ---------

Edited by sizzletime29, 09 May 2007 - 09:43 AM.

  • 0

#54
sizzletime29

sizzletime29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
It appears I have DOWNLOADER.ConHook trojan that previous scans have somehow missed. Once we removed all the antispyware programs from computer we did an online scan with ewido.net and right after it picks up that downloader.conhook i get sent to a bsod so now working on getting rid of that trojan. Once rid of can work on BSOD problem again. The bsod code is conflicting drivers so once I get rid of this trojan will continue on as we have checked out each individual driver and every one works fine on its own.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP