1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Blue Screen stop 0x0000008E

Discussion in 'Windows XP' started by art3, Apr 27, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. art3

    art3 Thread Starter

    Joined:
    Apr 26, 2012
    Messages:
    7
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz, x86 Family 6 Model 15 Stepping 6
    Processor Count: 2
    RAM: 1021 Mb
    Graphics Card: NVIDIA GeForce 6200 TurboCache(TM), 1 Mb
    Hard Drives: C: Total - 147793 MB, Free - 32957 MB; E: Total - 953867 MB, Free - 793144 MB; G: Total - 147793 MB, Free - 76904 MB; K: Total - 147793 MB, Free - 58058 MB;
    Motherboard: Dell Inc., 0WG864
    Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled

    I'm having a problem with BSOD with a stop of 0x0000008E followed by iastor.sys. I have room on by disk, ran a scan for malware and I'm at a loss as what to do next. I can't run anything after Windows starts up so have to go to safe mode. Checked around the forum and doesn't seem to be anything like my problem. Could anyone help? Attached is Minidump
     

    Attached Files:

  2. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    17,066
    Hi and welcome.
    Minidump check.
    PROCESS_NAME: wmiprvse.exe.
    Windows Management Instrumentation.

    This service is linked to Windows firewall and with Windows Update etc etc.

    Iastor.sys is used as a storage file for accessing the drivers>hardware and software of RAID devices etc

    Is your Pc up to date with all the latest Windows updates?
    Have you tried System Restore from safe mode or Last Known Good Configuration?
    Your Anti-virus program is not one that we would recommend here but, have you scanned your Pc in safe mode?

    System Restore.
    Click Start - All Programs - Accessories - System Tools - System Restore.

    http://pcsupport.about.com/od/findbyerrormessage/a/stop0x0000008e.htm
     
  3. art3

    art3 Thread Starter

    Joined:
    Apr 26, 2012
    Messages:
    7
    I'm up to date on windows, tried several restore to different dates and ran a chkdsk with no change in results. Have to continue to run in safe mode as windows will start up and run some of my startup items prior to crashing.
     
  4. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    17,066
    Try - Start > Run > Type.
    msconfig

    In the Start Up Tab - untick all entries apart from your Anti-virus program.
    Apply - Ok - Reboot.
    See if it will start in normal mode.

    Have you scanned your Pc for viruses in safe mode?
     
  5. art3

    art3 Thread Starter

    Joined:
    Apr 26, 2012
    Messages:
    7
    Yes, I've ran maleware and virus test programs with negative results.

    I tried several of the options in msconfig with bad results until I deselected the 'startup menu programs and running under selective startup and rebooted. When the Windows started a message appeared in the Systen Configuration Utility screen and I clicked the box 'don't show this message or launch, etc,etc'.

    Then Windows started without the blue screen error, indicating to me, something in the startup programs is setting it off.

    I found out that you can't deselect startup programs and run in normal mode as it automatically selects all of the startup programs.

    I guess I'll have to play with the startup programs until I hit the one that's causing the error. I'm working with two screens and it seems to be acting differently now as I can't take a page to the second screen so will try to figure that out first.

    I'm not closing this thread yet as I still can't run in the normal mode.

    Any other suggestions will ne appreciated. Thanks
     
  6. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    17,066
    As you say some installed program or related driver is causing the blue screen.
    If you can note down the start up list and post it here, we can help you identify what it is.

    Most Xp Pc's that I have used end up starting in Selective Mode.
    Normal mode as you know loads all device drivers and services which is the default setting for most computers.

    Under Selective Startup - Tick the box to Load system services and Load startup items, this will have the same effect as using Normal mode.
    Make sure you click Apply to save all changes.
     
  7. art3

    art3 Thread Starter

    Joined:
    Apr 26, 2012
    Messages:
    7
    Attached is my start up list that are checked.
     

    Attached Files:

  8. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    17,066
    Norton is all you need to run at start up - all other entries can be disabled.
    Also unplug the printer and anything else connected by a USB port - printer drivers are likely to be the cause.
     
  9. art3

    art3 Thread Starter

    Joined:
    Apr 26, 2012
    Messages:
    7
    First off, many thanks for your help. I disconnected all usb hardware and still received the same error if all start up programs were run under normal mode. I pinned down that the Datamn...1.exe causes the BSOD error. I haven't researched that file yet. Do you know what it does?

    I do have strange things happening with my computer. I ran chkdsk and while running, it showed all kind of errors and I came to the conclusion that it corrected them. The system seemed to run OK after that. I've run Maleware and virus programs and they don't seem to pickup any problem. Do you recommend any maleware software? I've run MS essentials and it doesn't pickup anything.
     
  10. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    17,066
    You are no longer using - Antivirus: PC Cleaner Pro?
    MS Essentials is good - MalwareBytes - Superantispyware, updated and scan your Pc once a week will cover any threats.
    See my signature below.

    What is the complete spelling of - Datamn...1.exe?
    Data Manager can be related to Malware.
     
  11. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    17,066
    Post a Hjt log - we should be able to see if it is running on your system.

    Hijack this 2.04
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  12. art3

    art3 Thread Starter

    Joined:
    Apr 26, 2012
    Messages:
    7
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:51:53 PM, on 5/1/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    C:\WINDOWS\system32\NILaunch.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Multimedia Card Reader\ShwiconXP.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\PROGRA~1\Miclone\SIMPLE~1\SBC.EXE
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\WINDOWS\system32\java.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Process Lasso\processlasso.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Arthur Bern\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\FRU\Remind32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\Program Files\IncrediMail\Bin\ImApp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Process Lasso\processgovernor.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IncrediMail\Bin\IncMail.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\PROGRA~1\MIA08B~1\imgcomp.exe
    C:\Documents and Settings\Arthur Bern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Arthur Bern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Arthur Bern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Arthur Bern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Toolbar BHO - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - (no file)
    O2 - BHO: Search Assistant BHO - {60e91567-ef8a-4520-bce2-83aba5256799} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
    O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL
    O2 - BHO: FCTBPos00Pos - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll
    O2 - BHO: Suddenlink Toolbar - {A057A204-BACC-4D26-D298-35EFC2A62DD7} - C:\PROGRA~1\SUDDEN~1\SUDDEN~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O3 - Toolbar: Suddenlink Toolbar - {A057A204-BACC-4D26-D298-35EFC2A62DD7} - C:\PROGRA~1\SUDDEN~1\SUDDEN~1.DLL
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O3 - Toolbar: AddThis Toolbar - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll
    O3 - Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
    O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
    O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
    O3 - Toolbar: Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - (no file)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus C86 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P32 "EPSON Stylus C86 Series (Copy 1)" /O6 "USB002" /M "Stylus C86"
    O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86"
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [ShowiconXP] C:\Program Files\Multimedia Card Reader\ShwiconXP.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [SBC] C:\PROGRA~1\Miclone\SIMPLE~1\SBC.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ProcessLassoManagementConsole] "C:\Program Files\Process Lasso\processlasso.exe"
    O4 - HKCU\..\Run: [ProcessGovernor] "C:\Program Files\Process Lasso\processgovernor.exe"
    O4 - HKCU\..\Run: [EPSON Stylus Photo R260 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\WINDOWS\TEMP\E_S125.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [EPSON Stylus Photo R260 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\WINDOWS\TEMP\E_S18A.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Staples Easy Button] "C:\Program Files\Staples Easy Button\EasyButton.exe" /BOOT
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Arthur Bern\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-1006\..\Run: [ProcessLassoManagementConsole] "C:\Program Files\Process Lasso\processlasso.exe" (User '?')
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-1006\..\Run: [ProcessGovernor] "C:\Program Files\Process Lasso\processgovernor.exe" (User '?')
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-1006\..\Run: [EPSON Stylus Photo R260 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\WINDOWS\TEMP\E_S125.tmp" /EF "HKCU" (User '?')
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-1006\..\Run: [EPSON Stylus Photo R260 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\WINDOWS\TEMP\E_S18A.tmp" /EF "HKCU" (User '?')
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-1006\..\Run: [Staples Easy Button] "C:\Program Files\Staples Easy Button\EasyButton.exe" /BOOT (User '?')
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-1006\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c (User '?')
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-1006\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '?')
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-1006\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User '?')
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-1006\..\Run: [Google Update] "C:\Documents and Settings\Arthur Bern\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-1008\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
    O4 - HKUS\S-1-5-21-3467700298-3169302405-3704103506-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - S-1-5-21-3467700298-3169302405-3704103506-1006 Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\FRU\Remind32.exe (User '?')
    O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\FRU\Remind32.exe
    O8 - Extra context menu item: &Search - http://tbedits.couponalert.com/one-...6331-D34A-4D5A-8397-08B868778030&n=2011120122
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229021854392
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} (ActiveWebParts Illustration Viewer) - http://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
    O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Roxio File Backup Service (CEEBC40A-FDED-4C59-B354-939132350B01) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe
    O23 - Service: Coupon AlertService (CouponAlert_2pService) - Unknown owner - C:\PROGRA~1\COUPON~2\bar\1.bin\2pbarsvc.exe (file missing)
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9b7d733da3f44) (gupdate1c9b7d733da3f44) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: Maxtor Scheduler2 Service (MaxSch2Svc) - Maxtor - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

    --
    End of file - 22849 bytes


    I don't know why PC Cleaner Pro showed up as I had uninstalled it literally right after I had installed it. I tried updating MS Essentials this AM and seemed to be running for a lond time so canceled it. I uninstalled the old version and tried to reinstall to know avail. As I said, there are some peculiar things happening.

    Attached is the full name of DataMN in the startup menu. Interesting, there's no such file where it said it would be. That's probably one of my problems but why it's in my atartup menu is beyond me.
     

    Attached Files:

  13. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    17,066
    That is some Hjt log and will take some work cleaning up your Pc.
    Remove these entries using Hjt log.
    Close all browsers that you may be using - including this one.

    Start Hjt log - click Scan.
    Once the page has opened - put a Tick mark against these entries and click Fix.

    O2 - BHO: Toolbar BHO - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - (no file)

    O2 - BHO: Search Assistant BHO - {60e91567-ef8a-4520-bce2-83aba5256799} - (no file)

    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll

    O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL

    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)

    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

    O20 - AppInit_DLLs: C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL


    Close Hjt log.
    Restart your Pc.
     
  14. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    17,066
    Download either Avast or Avira.
    Avast! Free Antivirus.
    http://www.avast.com/free-antivirus-download

    Avira Free Antivirus
    http://www.avira.com/en/avira-free-antivirus
    Only one AV needed of course.

    Update - then run a scan - remove all that it finds.

    ----

    Download.
    MalwareBytes and SuperAntiSpyware to your desktop.
    Download the Free versions of both programs.

    MalwareBytes

    SuperAntiSpyware

    Once they are downloaded to your desktop.
    Close all open browser windows.

    MalwareBytes
    Click on the Install icon - allow it to update during the install process.

    Start Malwarebytes Anti-Malware.
    Click on Scanner > then quick scan >then Scan.
    Any infections or problems will be highlighted in red.
    After the scan is finished - Click - Show Results.
    Check that all entries are selected.
    Click - Remove Selected.
    You may be prompted to restart to finish the removal process.
    If Yes - restart your Pc.

    Start Malwarebytes again.
    Click on the Logs Tab.
    Highlight the scan log entry.
    Click - Open.
    The scan log will appear in Notepad.
    Copy and paste it in your next post.

    SuperAntiSpyware
    Click on the install icon - allow it to update during the install process.
    Select the Quick Scan option.
    Click Scan your Computer.
    Any infections or problems will be highlighted in red.
    After the scan is finished.
    Click Continue.
    Check that everything is listed.
    Click Remove Threats.
    Click OK - then click Finish
    You may be prompted to restart to finish the removal process.
    If Yes - restart your Pc.

    Start SuperAntiSpyware again.
    Click View Scan Logs.
    Highlight the scan log entry.
    Click - View Selected Log.
    The scan log will appear in Notepad.
    Copy and paste in your next post.
     
  15. blues_harp28

    blues_harp28 Trusted Advisor

    Joined:
    Jan 9, 2005
    Messages:
    17,066
    I have to sign off for the night - will check back in the morning.

    Install an Anti-virus program - update and scan your Pc.
    Install Malwarebytes - Superantispyware - update - scan your Pc.

    Once done - post the log scans from Malwarebytes and Superantispyware.
    And also post a new Hjt log.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1050966