1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help please =( HJT log

Discussion in 'Virus & Other Malware Removal' started by canupleasehelpme, Nov 5, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. canupleasehelpme

    canupleasehelpme Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    56
    my gf's pc is messed up. here is a HJT log for her pc i just did it

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 2:34:51 PM, on 11/5/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\vvgeowbv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\Documents and Settings\All Users\Desktop\Spyware Adware Remover\HiJackThis_v2.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
    O1 - Hosts: 194.54.90.238 google.com
    O1 - Hosts: 194.54.90.238 google.ca
    O1 - Hosts: 194.54.90.238 www.google.com
    O1 - Hosts: 194.54.90.238 search.yahoo.com
    O1 - Hosts: 194.54.90.238 search.msn.com
    O1 - Hosts: 194.54.90.238 search.live.com
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {1443D5E6-F92E-DA36-0BBA-0744992443D0} - C:\Program Files\Azugknma\lmqgopbm.dll
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: Explorer Helper - {696A82AF-3AD8-5A16-A1CA-32A59A63A863} - C:\WINDOWS\system\bremct32.dll
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: C:\WINDOWS\system32\Dhgthfg.dll - {B5AC49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\Dhgthfg.dll
    O2 - BHO: C:\WINDOWS\system32\S7dsf4g.dll - {B5AF0562-94F3-42BD-F434-2604812C297D} - C:\WINDOWS\system32\S7dsf4g.dll
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {cb27822a-1dd1-11b2-88ab-d5ad0e2987dc} - C:\WINDOWS\zahqzgfy.dll
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O2 - BHO: CBho Class - {F369DA09-FADE-44CB-987F-E2E0DEF51BCA} - C:\WINDOWS\system32\pgd.dll
    O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~2\BEARSH~1\MediaBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
    O4 - HKLM\..\Run: [mebekufo] C:\Program Files\WindowsUpdate\mebekufo77798.exe
    O4 - HKLM\..\Run: [CheckWinPerf] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\iowjwkem.exe
    O4 - HKLM\..\Run: [wdynmteb] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\wdynmteb.dll"
    O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\_svchost.exe
    O4 - HKLM\..\Run: [f94mggfhfghodftdf] C:\WINDOWS\TEMP\winlogan.exe
    O4 - HKLM\..\Run: [mtspafin] rundll32.exe "C:\Program Files\hofgbyhu\vgdslkru.dll",Init
    O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
    O4 - HKLM\..\Run: [otqfcdgz] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otqfcdgz.dll"
    O4 - HKLM\..\Run: [mbqqdhxr] C:\Program Files\Tetoyxxw\mbqqdhxr.exe
    O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [f94mggfhfghodftdf] C:\WINDOWS\TEMP\winlogan.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Windows Rescue System] C:\WINDOWS\TEMP\winsto.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [f94mggfhfghodftdf] C:\WINDOWS\TEMP\winlogan.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: Gewibcr - C:\WINDOWS\SYSTEM32\Gewibcr.dll
    O21 - SSODL: ePSQrU - {5403312E-FEA9-9B84-DFF4-B3BC73979B69} - C:\WINDOWS\system32\hmeq.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: sdf4dr4gfdgeetj - {B5AC49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\Dhgthfg.dll
    O22 - SharedTaskScheduler: JGhjddf9dtj - {B5AF0562-94F3-42BD-F434-2604812C297D} - C:\WINDOWS\system32\S7dsf4g.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Microsoft Internet Explorer - Unknown owner - C:\WINDOWS\system32\_svchost.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

    --
    End of file - 10282 bytes
     
  2. canupleasehelpme

    canupleasehelpme Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    56
    just got a combofix log. i have to run both on safe mode networking instead of normal mode.
     

    Attached Files:

  3. canupleasehelpme

    canupleasehelpme Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    56
    bump for help
     
  4. canupleasehelpme

    canupleasehelpme Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    56
    help me please???
     
  5. canupleasehelpme

    canupleasehelpme Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    56
  6. canupleasehelpme

    canupleasehelpme Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    56
    can anyone help me with this log???????????????????????????????????
     
  7. canupleasehelpme

    canupleasehelpme Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    56
    i really really need someone to help me with this!!!
     
  8. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    You sent me a private message. I will reply here. Why is there no virus program running? And does she use P2P programs, like ares, bearshare, limewire, etc.?
     
  9. canupleasehelpme

    canupleasehelpme Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    56
    shes uses bearshare. as far as the virus programs i dont really know. just when u turn the computer on it gets to the desktop screen and there are no icons and a solid blue bar on the bottom.
     
  10. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    I'd suggest that she uninstall bearshare.....it's a p2p STEALING program, to download stuff illegally, and usually results in the problems that she is now having.

    I'll see if I can find someone to help......I myself frown upon self inflicted injuries, but, someone may have another suggestion than mine....format c: and start all over.
     
  11. canupleasehelpme

    canupleasehelpme Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    56
    so theres nothing wrong in my HJT or combo logs?
     
  12. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Yes, you DO have problems. Did you uninstall bearshare? If so, post another Hijack This and perhaps someone can assist.
     
  13. canupleasehelpme

    canupleasehelpme Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    56
    i deleted bearshare

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:03:20 AM, on 11/17/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\All Users\Desktop\Spyware Adware Remover\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: Explorer Helper - {696A82AF-3AD8-5A16-A1CA-32A59A63A863} - C:\WINDOWS\system\bremct32.dll
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mbqqdhxr] C:\Program Files\Tetoyxxw\mbqqdhxr.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Xfav] "C:\Program Files\Common Files\?ymantec\m?iexec.exe"
    O4 - HKCU\..\Run: [Ywbnth] "C:\Program Files\??mbols\?hkntfs.exe"
    O4 - HKCU\..\Run: [Zpgb] "C:\Documents and Settings\Compaq_Owner\Application Data\F?nts\e?plorer.exe"
    O4 - HKCU\..\Run: [Nhvwlej] "C:\Program Files\Common Files\?racle\r?gsvr32.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
    O4 - HKCU\..\Run: [ISMModule8] "C:\Program Files\ISM\ISMModule8.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: Gewibcr - C:\WINDOWS\SYSTEM32\Gewibcr.dll
    O21 - SSODL: ePSQrU - {5403312E-FEA9-9B84-DFF4-B3BC73979B69} - C:\WINDOWS\system32\hmeq.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\rtenecu.html

    --
    End of file - 7074 bytes
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,245
    Are you not able to boot into Windows normal mode?
     
  15. canupleasehelpme

    canupleasehelpme Thread Starter

    Joined:
    Aug 23, 2007
    Messages:
    56
    when i do all i get is my desktop background and a solid blue bar on the bottom of the screen. no icons or anything. also, ctrl alt del does nothing.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/648213

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice