Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BLUE SCREEN [CLOSED]

Started by ROGER64 , Jan 27 2008 05:29 AM

  • This topic is locked This topic is locked

#1
ROGER64
Posted 27 January 2008 - 05:29 AM

ROGER64

    New Member

  • Member
  • Pip
  • 7 posts
WHEN I TURN ON MY COMPUTER IT STARTS UP NORMAL THEN WHEN IT GETS TO THE DESKTOP IT STARTS TO BLINK TO A BLUE SCREEN WHEN MY PROGRAMS LOAD IT BLINKS BACK AND FORTH TO BLUE SCREEN THEN BACK TO DESKTOP UNILL ALL OF MY STARTUP PROGRAMS LOADED THEN IT GO'S RIGHT TO A BLUE SCREEN AND STAYS THERE...THEY I TRIED TO GO INTO SAFE MODE WHEN I DID THAT IT WENT TO A BLACK SCREEN AND HAS THE SAFE MODE WORDS IN ALL 4 CORNERS CAN ANYONE HELP ME..
  • 0

Advertisements

#2
Rorschach112
Posted 27 January 2008 - 03:38 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You need to run this tool from Normal or Safe Mode

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
ROGER64
Posted 28 January 2008 - 12:47 PM

ROGER64

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
i uninstalled cd creator and avg creator pro... i went into event viewer under app the winlogon says imapi cd-burning com service entered the stop state...any idea
  • 0

#4
Rorschach112
Posted 28 January 2008 - 02:08 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Follow the steps in my previous post
  • 0

#5
ROGER64
Posted 29 January 2008 - 05:32 AM

ROGER64

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
here is my deckards system scanner report anything wrong...



Deckard's System Scanner v20071014.68
Run by joe on 2008-01-28 17:12:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-01-28 22:12:54 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-01-28 00:36:23 UTC - RP2 - Installed Backup Dell-Installed Programs
1: 2008-01-27 22:47:46 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as joe.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:56 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
I:\dss.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\joe.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5E85C971-F9E7-4F4D-A059-14FA00220C7A} - C:\WINDOWS\system32\khfefeb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {B25FB4B6-8BC5-4F2A-876B-12615D0DE500} - C:\WINDOWS\system32\jkklm.dll
O20 - Winlogon Notify: khfefeb - C:\WINDOWS\SYSTEM32\khfefeb.dll

--
End of file - 1603 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080127-170003-130 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
backup-20080127-170003-219 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
backup-20080127-170003-244 O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
backup-20080127-170003-316 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
backup-20080127-170003-401 O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
backup-20080127-170003-418 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
backup-20080127-170003-468 O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
backup-20080127-170003-507 O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
backup-20080127-170003-546 O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
backup-20080127-170003-561 O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
backup-20080127-170003-642 O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec....000049.000000b9
backup-20080127-170003-649 O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
backup-20080127-170003-729 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20080127-170003-739 O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
backup-20080127-170003-753 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20080127-170003-759 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
backup-20080127-170003-764 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
backup-20080127-170003-767 O4 - HKLM\..\Run: [QuickTime Task] "F:\quick\quicktime pro and keygen\QTTask.exe" -atboottime
backup-20080127-170003-816 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
backup-20080127-170003-847 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
backup-20080127-170003-917 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
backup-20080127-170003-920 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
backup-20080127-170003-944 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20080127-170003-952 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
backup-20080127-170004-368 O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
backup-20080127-170004-689 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
backup-20080127-170004-745 O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
backup-20080127-170005-103 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
backup-20080127-170005-323 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
backup-20080127-170005-397 O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
backup-20080127-170006-694 O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
backup-20080127-170007-638 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
backup-20080127-170008-183 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094364674844
backup-20080127-170008-451 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198873078693
backup-20080127-170009-379 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20080127-170009-631 O17 - HKLM\System\CCS\Services\Tcpip\..\{1035D0A4-E17C-4375-95EA-3DB5CD877506}: NameServer = 68.94.156.1,68.94.157.1
backup-20080127-170009-749 O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
backup-20080127-170009-959 O16 - DPF: {99252AF5-C8A6-9028-8D6B-993FACB5EACA} - http://performanceop...e_Installer.cab
backup-20080127-170009-992 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 HPZid4122 - c:\windows\system32\drivers\hpzid4122.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 ousbehci (OrangeWare USB Enhanced Host Controller Service) - c:\windows\system32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 ousb2hub (OrangeWare USB 2.0 Root Hub Support) - c:\windows\system32\drivers\ousb2hub.sys <Not Verified; OrangeWare Corporation; USB 2.0 Hub Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 MR97310_USB_DUAL_CAMERA (CIF Dual-Mode Camera) - c:\windows\system32\drivers\mr97310c.sys <Not Verified; Mars Semiconductor Corp.; USB Dual-Mode Camera>
S3 RioS30 (RioS30S driver) - c:\windows\system32\drivers\rios30.sys <Not Verified; SonicBlue Inc.; RioS30.sys>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" (file missing)
S4 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_30138086&REV_01\4&22656C78&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_30138086&REV_01\4&22656C78&0&40F0
Service: E100B

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&F29DB88&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&F29DB88&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-01-28 17:00:08 444 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-01-26 09:55:01 358 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2008-01-21 11:48:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-28 and 2008-01-28 -----------------------------

2008-01-28 17:11:35 0 d-------- C:\!KillBox
2008-01-27 19:36:30 0 d-------- C:\Program Files\Dell
2008-01-27 16:57:56 0 d-------- C:\Program Files\Trend Micro
2008-01-27 13:49:12 0 dr-h----- C:\Documents and Settings\joe\Recent
2008-01-26 15:45:02 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-26 15:45:02 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-26 15:45:02 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-26 15:45:02 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-26 15:45:02 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-26 15:45:02 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-26 15:45:02 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-26 15:45:02 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-26 15:45:02 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-26 15:45:02 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-26 15:45:02 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-26 15:45:02 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-26 15:45:02 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-26 15:45:02 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-26 15:44:11 0 d-------- C:\WINDOWS\CSC
2008-01-26 13:05:33 665 --ahs---- C:\WINDOWS\system32\mlkkj.ini2
2008-01-26 13:05:25 331776 -----n--- C:\WINDOWS\system32\jkklm.dll
2008-01-26 13:02:28 36864 --a------ C:\WINDOWS\system32\qomkihe.dll
2008-01-26 13:01:31 86144 --a------ C:\WINDOWS\system32\drivers\HPZid4122.sys
2008-01-26 13:01:20 36864 --a------ C:\WINDOWS\system32\gebaayy.dll
2008-01-26 13:00:13 36864 --a------ C:\WINDOWS\system32\khfefeb.dll
2008-01-20 16:59:41 0 d-------- C:\Documents and Settings\joe\Application Data\GetRightToGo
2008-01-18 17:27:52 0 d-------- C:\Documents and Settings\joe\Application Data\Viewpoint
2008-01-18 08:17:21 0 d-------- C:\Program Files\AOL Search
2008-01-16 17:15:58 0 d-------- C:\Program Files\Nero
2008-01-16 16:21:40 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-01-15 16:07:59 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-01-13 06:05:57 0 d-------- C:\Program Files\Performanceoptimizer (Free)
2008-01-10 19:44:58 0 d-------- C:\Documents and Settings\joe\Application Data\ImgBurn
2008-01-01 09:02:18 0 d-------- C:\Documents and Settings\joe\Application Data\U3
2007-12-30 14:03:51 0 d-------- C:\ConverterOutput
2007-12-30 14:03:41 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-12-30 14:03:41 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-12-30 14:03:41 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-12-30 14:03:41 34820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-12-30 14:03:40 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-12-30 14:03:40 14909 --a------ C:\WINDOWS\system32\A_reg.reg
2007-12-30 14:03:37 0 d-------- C:\Program Files\Cucusoft
2007-12-29 03:19:17 0 d-------- C:\Program Files\MSXML 6.0
2007-12-28 17:13:25 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-12-28 17:12:29 0 d-------- C:\Program Files\Zune
2007-12-28 16:58:52 0 d-------- C:\Program Files\DIFX
2007-12-28 16:58:45 0 d-------- C:\Program Files\Common Files\ComponentOne


-- Find3M Report ---------------------------------------------------------------

2008-01-27 17:22:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-27 15:20:11 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-27 13:44:01 0 d-------- C:\Program Files\Common Files\AOL
2008-01-27 13:24:39 0 d-------- C:\Program Files\AIM
2008-01-27 13:24:23 0 d-------- C:\Documents and Settings\joe\Application Data\Aim
2008-01-26 13:09:54 0 d-------- C:\Documents and Settings\joe\Application Data\uTorrent
2008-01-24 19:26:27 0 d-------- C:\Documents and Settings\joe\Application Data\Vso
2008-01-24 19:25:50 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-20 14:35:11 0 d-------- C:\Documents and Settings\joe\Application Data\Adobe
2008-01-17 20:32:44 0 d-------- C:\Program Files\AOD
2008-01-17 18:17:54 0 d-------- C:\Documents and Settings\joe\Application Data\Ahead
2008-01-01 09:57:09 0 d-------- C:\Program Files\SlySoft
2008-01-01 09:52:37 0 d-------- C:\Program Files\DVDFab Platinum 3
2007-12-28 16:58:45 0 d-------- C:\Program Files\Common Files
2007-12-26 17:11:57 0 d-------- C:\Documents and Settings\joe\Application Data\TomTom
2007-12-26 17:11:00 0 d-------- C:\Program Files\TomTom HOME 2
2007-12-26 17:09:45 0 d-------- C:\Documents and Settings\joe\Application Data\InstallShield
2007-12-04 05:38:24 0 d-------- C:\Program Files\XoftSpySE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E85C971-F9E7-4F4D-A059-14FA00220C7A}]
01/26/2008 01:00 PM 36864 --a------ C:\WINDOWS\system32\khfefeb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B25FB4B6-8BC5-4F2A-876B-12615D0DE500}]
01/26/2008 01:05 PM 331776 --------- C:\WINDOWS\system32\jkklm.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5E85C971-F9E7-4F4D-A059-14FA00220C7A}"= C:\WINDOWS\system32\khfefeb.dll [01/26/2008 01:00 PM 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfefeb]
khfefeb.dll 01/26/2008 01:00 PM 36864 C:\WINDOWS\system32\khfefeb.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkklm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1783677b-d333-11db-96c3-00400534666a}]
AutoRun\command- I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e37117fb-af41-11dc-9752-00400534666a}]
AutoRun\command- J:\InstallTomTomHOME.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28976088-E684-339B-0206-050403020505}]
C:\WINDOWS\msnx.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 search.kazaa.com
127.0.0.1 update.111222.cn
127.0.0.1 msg.ppstream.com


-- End of Deckard's System Scanner: finished at 2008-01-28 17:16:14 ------------
  • 0

#6
Rorschach112
Posted 29 January 2008 - 08:09 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#7
Rorschach112
Posted 03 February 2008 - 11:08 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP