Boot to Blank Blue Screen

pcproblems · 09-19-2009, 10:25 PM

When Booting up, I see the windows emblem, then boot to a blank blue screen. One or two times I booted to my desktop, but then could not start any programs. I can boot in safe mode with no issues at all. I was unable to do the required scans in regular mode due to being unable to boot up properly, therefore my scans were performed in safe mode.

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by All Powerful Oz at 23:42:11.03 on Sat 09/19/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.1290 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\All Powerful Oz\Desktop\AntiVfixfiles\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Skytel] Skytel.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\allpow~1\appdata\roaming\mozilla\firefox\profiles\ja3sopsz.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-3-6 20384]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-19 114768]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-19 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-19 53328]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-7-9 26104]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-6-4 1153368]
S2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-3-6 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]

=============== Created Last 30 ================

2009-09-19 22:08 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-19 21:57 <DIR> --d----- c:\program files\Free Window Registry Repair
2009-09-16 22:20 <DIR> --d----- c:\program files\Trend Micro
2009-09-10 21:04 336 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-09-10 19:08 12,488 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-09-10 19:01 <DIR> --d----- c:\programdata\SITEguard
2009-09-10 19:01 <DIR> --d----- c:\progra~2\SITEguard
2009-09-10 19:00 <DIR> --d----- c:\program files\common files\iS3
2009-09-10 19:00 <DIR> --d----- c:\programdata\STOPzilla!
2009-09-10 19:00 <DIR> --d----- c:\progra~2\STOPzilla!
2009-09-09 16:24 <DIR> --d----- c:\users\all powerful oz\Backup
2009-09-08 20:14 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-09-08 19:46 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-08 00:57 37,440 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-09-08 00:57 91,200 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-09-08 00:57 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-09-08 00:50 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-09-07 01:34 <DIR> --d----- c:\users\allpow~1\appdata\roaming\HpUpdate
2009-09-07 01:33 <DIR> --d----- c:\windows\Hewlett-Packard
2009-09-05 20:11 307,088 a------- c:\windows\system32\Eraser.dll
2009-09-05 20:11 83,344 a------- c:\windows\system32\Erasext.dll
2009-09-05 20:11 73,104 a------- c:\windows\system32\Eraserl.exe
2009-09-05 20:11 <DIR> --d----- c:\program files\Eraser
2009-09-05 18:03 <DIR> --d----- c:\users\allpow~1\appdata\roaming\Xfire
2009-09-05 18:03 <DIR> --d----- c:\programdata\Xfire
2009-09-05 18:03 <DIR> --d----- c:\progra~2\Xfire
2009-09-05 18:03 <DIR> --d----- c:\program files\Xfire
2009-09-04 11:19 129,840 a------- c:\users\allpow~1\appdata\roaming\GDIPFONTCACHEV1.DAT
2009-09-03 14:07 41,872 a------- c:\windows\system32\xfcodec.dll
2009-09-03 11:17 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-03 11:17 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-26 14:00 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-08-26 13:05 2,048 a------- c:\windows\system32\tzres.dll

==================== Find3M ====================

2009-09-08 19:42 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-08 19:42 51,200 a------- c:\windows\inf\infpub.dat
2009-09-08 19:40 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-14 12:27 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:48 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-06 18:37 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 09:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 08:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 08:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 08:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 08:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-13 14:31 348,160 a------- c:\windows\system32\msvcr71.dll
2009-07-11 15:01 513,536 a------- c:\windows\system32\wlansvc.dll
2009-07-11 15:01 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 15:01 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 15:01 65,024 a------- c:\windows\system32\wlanapi.dll
2009-07-11 13:03 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-07-08 18:53 129,784 -------- c:\windows\system32\pxafs.dll
2009-06-06 00:19 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:42:38.56 ===============

pcproblems · 09-24-2009, 09:30 AM

Bump, Please.

And thanks

pcproblems · 10-01-2009, 11:24 AM

Bump Please,

Thanks in advance.

Ried · 10-05-2009, 09:25 AM

Hello pcproblems,

Did any of your onboard tools alert you to any malware? Did they enact any removals or quarantines?

Download rsit.exe and save it to your desktop.

Double click on RSIT.exe to run it.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

If you do not see the info.txt you can find it in the C:\rsit folder. Please attach that .txt

09-24-2009, 09:30 AM	#2 (permalink)
pcproblems Registered User Join Date: Sep 2009 Posts: 3 OS: vista	Re: Boot to Blank Blue Screen Bump, Please. And thanks

10-01-2009, 11:24 AM	#3 (permalink)
pcproblems Registered User Join Date: Sep 2009 Posts: 3 OS: vista	Re: Boot to Blank Blue Screen Bump Please, Thanks in advance.

10-05-2009, 09:25 AM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,007 OS: WinXP and Vista	Re: Boot to Blank Blue Screen Hello pcproblems, Did any of your onboard tools alert you to any malware? Did they enact any removals or quarantines? Download rsit.exe and save it to your desktop. Double click on RSIT.exe to run it. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) If you do not see the info.txt you can find it in the C:\rsit folder. Please attach that .txt __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."