Blue Screen Of Death/Boots oinly in Debugging mode

View previous topic View next topic Go down

Blue Screen Of Death/Boots oinly in Debugging mode

Post by ubzrvnT on 30th March 2010, 9:31 am

Hi, my computer will only boot in debugging mode for Windows XP. I've tried everything i know, even repairing boot sector. I get blue screen every time. Here is my HJT log. Please help me! Smile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:00 AM, on 3/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\winlogon.scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = D:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6583 bytes

ubzrvnT
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-03-30
OS OS : Windows XP
Points Points : 24578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by Belahzur on 30th March 2010, 10:12 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by ubzrvnT on 31st March 2010, 9:41 pm

Thank you. I'm at work, I will post my logs when I get home.

ubzrvnT
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-03-30
OS OS : Windows XP
Points Points : 24578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by ubzrvnT on 1st April 2010, 12:55 am

OTL logfile created on: 3/31/2010 5:53:06 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = D:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 1.08 Gb Free Space | 1.45% Space Free | Partition Type: NTFS
Drive D: | 127.99 Gb Total Space | 6.70 Gb Free Space | 5.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNNY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/31 17:52:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2009/11/13 02:47:01 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/01 11:34:48 | 002,326,528 | ---- | M] () -- D:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/03 13:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/08/03 13:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2003/10/05 23:57:32 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE


========== Modules (SafeList) ==========

MOD - [2010/03/31 17:52:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2008/12/26 01:08:00 | 001,507,328 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/12/26 01:08:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2003/10/05 23:57:50 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/03/04 22:43:23 | 002,462,256 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3648.dll -- (Akamai)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2009/01/03 04:21:23 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/12/26 01:08:00 | 006,301,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/12/04 19:04:12 | 000,093,024 | ---- | M] (LOUD Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MackieAudio.sys -- (MackieAudio)
DRV - [2008/09/08 14:04:46 | 000,093,232 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2008/04/13 11:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 11:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/12/28 16:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/03/05 00:06:32 | 000,022,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAC607.sys -- (MAC607)
DRV - [2007/03/04 23:21:06 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Xbox.sys -- (XBox)
DRV - [2005/11/02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/11/18 19:13:54 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/11/04 23:26:02 | 000,645,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/10/21 02:26:08 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/10/21 02:23:44 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/10/13 20:17:56 | 000,332,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/10/13 02:42:12 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/10/07 19:09:10 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/10/07 19:08:12 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/10/07 19:06:50 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 00:07:46 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/22 21:31:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/30 02:26:08 | 000,000,000 | ---D | M]

[2009/12/24 17:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/12/24 17:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/30 02:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jpbm0c73.default\extensions
[2009/09/07 19:03:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jpbm0c73.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/01 00:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jpbm0c73.default\extensions\personas@christopher.beard
[2009/01/03 04:23:08 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jpbm0c73.default\searchplugins\daemon-search.xml
[2010/03/30 02:27:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2001/08/18 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = D:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/03 00:54:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/11/05 14:13:04 | 000,010,083 | ---- | M] () - D:\auto tune.nzb -- [ NTFS ]
O32 - AutoRun File - [2008/06/06 22:28:22 | 000,053,248 | ---- | M] ( Interactive Educational Systems) - D:\AutoTimedClickDemo.exe -- [ NTFS ]
O33 - MountPoints2\{951f049d-8cf6-11de-8da7-0002b3bdcf98}\Shell\TranscodeVideo_PlayDVDMovieOnArrival\command - "" = C:\Program Files\Nero\Nero8\Nero Recode\Recode.exe -- [2007/08/04 11:40:08 | 013,559,080 | ---- | M] (Nero AG)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/30 02:25:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/30 02:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\JavaRa
[2010/03/30 02:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/30 02:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 02:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/03/30 02:22:16 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/30 02:22:15 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 02:22:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 02:22:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/30 01:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/03/30 01:52:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/03/30 01:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/03/30 01:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/03/30 01:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nuance
[2010/03/30 01:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/03/30 01:37:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/03/29 19:30:37 | 000,000,000 | ---D | C] -- C:\boot
[2010/03/29 13:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2010/03/20 17:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2010/03/11 19:23:55 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/03/11 19:23:55 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/03/10 17:37:25 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2009/06/19 13:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/04/30 04:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/21 11:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/01/15 16:32:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2009/01/15 02:18:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/01/03 02:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/01/03 01:01:39 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009/01/03 00:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/01/03 00:53:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/30 02:48:36 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/30 02:26:08 | 000,001,593 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/30 02:21:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/30 02:21:51 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 02:21:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 02:21:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/30 02:21:51 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/30 02:14:49 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\JavaRa.zip
[2010/03/30 01:59:34 | 000,000,533 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/30 01:59:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/30 01:59:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/30 01:59:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/30 01:59:12 | 004,932,776 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-20021102}.CDF
[2010/03/30 01:59:09 | 000,201,593 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/30 01:58:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/30 01:58:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/30 01:56:35 | 009,568,256 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/30 01:56:34 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/03/30 01:56:34 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/03/30 01:56:34 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/03/30 01:56:34 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/03/30 01:56:34 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/03/30 01:56:34 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/03/30 01:56:34 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-20021102}.dat
[2010/03/30 01:56:34 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-20021102}.dat
[2010/03/29 23:48:43 | 000,567,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/29 22:00:34 | 000,433,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/29 22:00:34 | 000,067,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/29 19:30:25 | 000,154,408 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\NTLDR.zip
[2010/03/26 13:22:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/25 17:00:16 | 000,520,192 | ---- | M] () -- C:\WINDOWS\default.bak
[2010/03/25 04:40:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/20 17:46:56 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FL Studio 9.lnk
[2010/03/16 13:56:06 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/04 19:21:34 | 005,813,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tilll The Sun Goes Down.mp3
[2010/03/02 09:02:22 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/30 02:26:08 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/30 02:14:48 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\JavaRa.zip
[2010/03/29 19:30:24 | 000,154,408 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\NTLDR.zip
[2010/03/20 17:46:56 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FL Studio 9.lnk
[2010/03/06 02:28:55 | 005,813,856 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tilll The Sun Goes Down.mp3
[2009/11/05 01:28:03 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nbinst.ini
[2009/08/22 21:03:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\iFT8D91.dll
[2009/08/22 21:03:06 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Xbox.sys
[2009/08/22 21:03:06 | 000,022,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAC607.sys
[2009/08/22 21:03:05 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\Hidhlp.dll
[2009/05/27 16:11:39 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2009/04/30 04:12:19 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/30 04:12:18 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/30 04:12:17 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/30 04:12:16 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/30 04:12:16 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/28 20:05:59 | 000,171,608 | ---- | C] () -- C:\WINDOWS\System32\MackieAudioProp.dll
[2009/01/28 20:05:59 | 000,116,824 | ---- | C] () -- C:\WINDOWS\System32\MackieAsio.dll
[2009/01/15 16:33:03 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
[2009/01/15 16:32:53 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
[2009/01/15 16:32:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2009/01/15 16:32:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2009/01/15 16:32:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2009/01/03 05:01:49 | 000,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/03 01:41:22 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/03 01:11:09 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/03 01:03:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/01/03 01:03:35 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/01/03 01:02:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/03 01:02:00 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2009/01/03 01:02:00 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/01/03 01:01:48 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2009/01/03 01:01:48 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 09:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 09:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/10/07 14:33:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/07 14:33:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/07 14:33:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/10/07 14:33:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 14:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/01/11 19:43:03 | 000,002,356 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 1308 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Lw6TPc41xb2NGYzqE9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 1228 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:QowePtT8XdcQWwrrei8q0qwRMvZ
@Alternate Data Stream - 1211 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:CHNINRzCXTFSayv3hK
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

ubzrvnT
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-03-30
OS OS : Windows XP
Points Points : 24578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by ubzrvnT on 1st April 2010, 12:55 am

OTL Extras logfile created on: 3/31/2010 5:53:06 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = D:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 1.08 Gb Free Space | 1.45% Space Free | Partition Type: NTFS
Drive D: | 127.99 Gb Total Space | 6.70 Gb Free Space | 5.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNNY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"2599:TCP" = 2599:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Program Files\LimeWire\LimeWire.exe" = D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"D:\Program Files\SopCast\adv\SopAdver.exe" = D:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- ([You must be registered and logged in to see this link.]
"D:\Program Files\SopCast\SopCast.exe" = D:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- ([You must be registered and logged in to see this link.]
"D:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = D:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player -- (StreamTorrent)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{29A3095C-5B8F-403A-BE88-DD6847233EFC}" = Encode360 2.03
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{479F8C12-576B-4A58-AB78-4B70F7012AA8}" = DIRECTV2PC Playback Advisor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{66F49D6A-E999-4DB0-ADB6-EE546806E340}" = Antares Auto-Tune Evo VST
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.0.96
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}" = Nero 8
"{8DD659B5-052B-5528-BF67-8B0818E90C54}" = DIRECTV SUPERCAST
"{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}" = ALi USB2.0 Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"Adobe AIR" = Adobe AIR
"Adobe Audition 2.0" = Adobe Audition 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIM_6" = AIM 6
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"Cakewalk Rapture_is1" = Rapture 1.0
"Collab" = Collab
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1" = DIRECTV SUPERCAST
"CopyTrans Suite" = CopyTrans Suite (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DIVXAudioCompressor4.02" = DivX ;-) Audio Compressor 4.02
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FL Studio 8" = FL Studio 8
"FL Studio 9" = FL Studio 9
"FT8D91" = PS/GC/BOX To PC CONVERTOR
"GrabIt_is1" = GrabIt 1.7.1 Beta (build 960)
"Hardcore" = Hardcore
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IL Autogun" = IL Autogun
"IL Download Manager" = IL Download Manager
"Image Line Morphine v1.1 VSTi" = Image Line Morphine v1.1 VSTi
"Image Line PoiZone v1.1 VSTi" = Image Line PoiZone v1.1 VSTi
"Image Line ToxicIII v1.41 VSTi" = Image Line ToxicIII v1.41 VSTi
"InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}" = DIRECTV2PC Playback Advisor
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Full)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire 5.4.6
"Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments Akoustik Piano" = Native Instruments Akoustik Piano
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Elektrik Piano 1.5" = Native Instruments Elektrik Piano 1.5
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Kontakt 3" = Native Instruments Kontakt 3
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Pro-53" = Native Instruments Pro-53
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Oddity" = GForce - Oddity
"Par-N-Rar" = Par-N-Rar 1.3
"PoiZone" = PoiZone
"reFX Slayer Demo 2.6.0_is1" = reFX Slayer Demo 2.6.0
"Rob Papen Albino 3" = Rob Papen Albino 3
"Sakura" = Sakura
"Sawer" = Sawer
"SopCast" = SopCast 3.2.4
"SSL LMC-1" = SSL LMC-1 v1.0
"SSL X-ORCISM" = SSL X-ORCISM v1.1
"Steam App 218" = Source SDK Base - Orange Box
"StreamTorrent 1.0" = StreamTorrent 1.0
"Sylenth1_is1" = Sylenth1 v2.0
"SysInfo" = Creative System Information
"Toxic Biohazard" = Toxic Biohazard
"Vember Audio SURGE" = Vember Audio SURGE
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"yEnc32" = yEnc32 (remove only)
"z3ta+_x86_is1" = rgc:audio z3ta+ 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/28/2010 5:08:05 PM | Computer Name = JOHNNY | Source = Google Update | ID = 20
Description =

Error - 3/30/2010 12:59:49 AM | Computer Name = YOUR-X60CPKUAMZ | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/30/2010 12:59:49 AM | Computer Name = YOUR-X60CPKUAMZ | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will
not be returned. Error code returned is in data DWORD 0.

Error - 3/30/2010 1:00:31 AM | Computer Name = YOUR-X60CPKUAMZ | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 2280, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 3/30/2010 1:00:31 AM | Computer Name = YOUR-X60CPKUAMZ | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 3/30/2010 1:00:34 AM | Computer Name = YOUR-X60CPKUAMZ | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 2280, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 3/30/2010 3:06:05 AM | Computer Name = JOHNNY | Source = Google Update | ID = 20
Description =

Error - 3/30/2010 3:19:09 AM | Computer Name = JOHNNY | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01c19360.

Error - 3/30/2010 3:19:09 AM | Computer Name = JOHNNY | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.45.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x10078a40.

Error - 3/30/2010 5:15:09 AM | Computer Name = JOHNNY | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

[ System Events ]
Error - 3/31/2010 10:54:19 AM | Computer Name = JOHNNY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MADIX56-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EE1DB1F-435C-4C6. The master browser is stopping or an election is
being forced.

Error - 3/31/2010 11:54:22 AM | Computer Name = JOHNNY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MADIX56-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EE1DB1F-435C-4C6. The master browser is stopping or an election is
being forced.

Error - 3/31/2010 12:54:25 PM | Computer Name = JOHNNY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MADIX56-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EE1DB1F-435C-4C6. The master browser is stopping or an election is
being forced.

Error - 3/31/2010 1:54:28 PM | Computer Name = JOHNNY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MADIX56-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EE1DB1F-435C-4C6. The master browser is stopping or an election is
being forced.

Error - 3/31/2010 2:54:33 PM | Computer Name = JOHNNY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MADIX56-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EE1DB1F-435C-4C6. The master browser is stopping or an election is
being forced.

Error - 3/31/2010 4:06:29 PM | Computer Name = JOHNNY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MADIX56-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EE1DB1F-435C-4C6. The master browser is stopping or an election is
being forced.

Error - 3/31/2010 5:18:26 PM | Computer Name = JOHNNY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MADIX56-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EE1DB1F-435C-4C6. The master browser is stopping or an election is
being forced.

Error - 3/31/2010 6:30:26 PM | Computer Name = JOHNNY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MADIX56-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EE1DB1F-435C-4C6. The master browser is stopping or an election is
being forced.

Error - 3/31/2010 7:30:32 PM | Computer Name = JOHNNY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MADIX56-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EE1DB1F-435C-4C6. The master browser is stopping or an election is
being forced.

Error - 3/31/2010 8:30:37 PM | Computer Name = JOHNNY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MADIX56-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EE1DB1F-435C-4C6. The master browser is stopping or an election is
being forced.


< End of report >

ubzrvnT
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-03-30
OS OS : Windows XP
Points Points : 24578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by ubzrvnT on 1st April 2010, 3:08 pm

bump

ubzrvnT
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-03-30
OS OS : Windows XP
Points Points : 24578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by Belahzur on 1st April 2010, 11:12 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by ubzrvnT on 2nd April 2010, 2:05 am

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 3944

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/1/2010 6:25:03 PM
mbam-log-2010-04-01 (18-25-03).txt

Scan type: Quick scan
Objects scanned: 132778
Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wsaupdater.exe (Trojan.Agent) -> Quarantined and deleted successfully.

ubzrvnT
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-03-30
OS OS : Windows XP
Points Points : 24578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by ubzrvnT on 3rd April 2010, 9:27 pm

bump

ubzrvnT
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-03-30
OS OS : Windows XP
Points Points : 24578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by Belahzur on 3rd April 2010, 9:52 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    BitTorrent
    DNA
    LimeWire 5.4.6

Still having problems?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by ubzrvnT on 4th April 2010, 5:42 pm

Yeah, it's still booting to XP Splash screen then crashing. I can only boot windows in Debugging mode. I did everything you asked, and uninstalled the following programs.

ubzrvnT
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-03-30
OS OS : Windows XP
Points Points : 24578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by Belahzur on 4th April 2010, 10:51 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by ubzrvnT on 6th April 2010, 2:02 am

ComboFix 10-04-05.01 - Administrator 04/05/2010 18:23:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1725 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\inst.exe
c:\windows\system32\setup.ini
c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-02 07:07 . 2010-04-02 07:07 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6cd4e786-n\msvcp71.dll
2010-04-02 07:07 . 2010-04-02 07:07 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6cd4e786-n\jmc.dll
2010-04-02 07:07 . 2010-04-02 07:07 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6cd4e786-n\msvcr71.dll
2010-04-02 07:07 . 2010-04-02 07:07 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6d70033b-n\decora-sse.dll
2010-04-02 07:07 . 2010-04-02 07:07 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6d70033b-n\decora-d3d.dll
2010-04-02 01:12 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-02 01:12 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-30 09:23 . 2010-03-30 09:23 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 09:22 . 2010-03-30 09:22 -------- d-----w- c:\program files\Sun
2010-03-30 08:52 . 2010-03-30 08:58 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-30 08:43 . 2010-03-30 08:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Scansoft
2010-03-30 08:39 . 2010-03-30 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-03-30 08:38 . 2010-03-30 08:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nuance
2010-03-30 08:37 . 2010-03-30 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2010-03-30 08:37 . 2010-03-30 08:47 -------- d-----w- c:\windows\speech
2010-03-30 02:35 . 2010-03-30 02:35 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-30 02:30 . 2010-03-30 02:34 -------- d-----w- C:\boot
2010-03-29 20:42 . 2010-03-30 05:02 -------- d-----w- c:\windows\tmp
2010-03-28 01:16 . 2010-03-28 01:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-28 01:11 . 2010-03-28 01:11 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2010-03-21 00:46 . 2010-03-21 00:46 -------- d-----w- c:\program files\Image-Line
2010-03-12 02:23 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-03-12 02:23 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-03-11 00:37 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 01:36 . 2010-01-25 04:57 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-06 01:35 . 2009-01-03 08:06 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-20021102}.dat
2010-04-06 01:35 . 2009-01-03 08:06 384 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-20021102}.dat
2010-04-04 17:05 . 2009-01-03 12:08 -------- d-----w- c:\program files\DNA
2010-04-03 22:31 . 2009-09-22 08:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-04-01 01:30 . 2009-08-17 20:17 -------- d-----w- c:\program files\Native Instruments
2010-03-30 09:48 . 2001-08-18 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-30 09:26 . 2009-01-03 12:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-30 09:21 . 2009-01-21 07:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-30 09:18 . 2009-03-11 05:45 -------- d-----w- c:\program files\Java
2010-03-30 08:59 . 2009-04-21 18:26 -------- d-----w- c:\program files\Google
2010-03-30 08:47 . 2009-08-19 22:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-30 08:38 . 2009-01-03 07:59 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-30 07:06 . 2009-01-03 11:23 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-30 07:00 . 2009-04-30 11:39 -------- d-----w- c:\program files\Lavasoft
2010-03-30 07:00 . 2009-04-30 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-30 05:00 . 2010-03-30 05:00 1606 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-01 00:59 . 2010-03-01 00:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Synthesia
2010-02-25 06:24 . 2001-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-13 07:37 . 2010-02-13 07:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2010-02-13 07:33 . 2010-02-13 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-13 07:33 . 2010-02-13 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-02-13 07:33 . 2010-02-13 07:31 -------- d-----w- c:\program files\Yahoo!
2010-02-10 03:01 . 2010-02-09 15:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Move Networks
2010-02-09 15:38 . 2010-02-09 15:38 127903 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\uninstall.exe
2010-02-09 15:37 . 2009-05-27 23:29 4183416 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071502000008.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"nwiz"="nwiz.exe" [2008-12-26 1657376]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - d:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2008-10-21 17:09 50472 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 23:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 23:11 342312 ----a-w- d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 23:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate1c9c2aeb9f479c9"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"d:\\Program Files\\SopCast\\SopCast.exe"=
"d:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/18/2001 5:00 AM 14336]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 2:13 PM 38144]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [1/3/2009 1:01 AM 15840]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/4/2009 7:06 PM 24652]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 MAC607;MAC607 Filter;c:\windows\system32\drivers\MAC607.sys [8/22/2009 9:03 PM 22144]
S3 MackieAudio;Mackie Audio Driver;c:\windows\system32\drivers\MackieAudio.sys [1/28/2009 8:05 PM 93024]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 4:02 PM 287232]
S3 XBox;XBox Filter;c:\windows\system32\drivers\Xbox.sys [8/22/2009 9:03 PM 22528]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2009 4:21 AM 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jpbm0c73.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Collab - c:\program files\Image-Line\Collab\uninstall.exe
AddRemove-HijackThis - c:\documents and settings\Administrator\My Documents\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-05 18:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1606980848-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,c2,d0,ec,58,41,6a,4f,a4,b6,0e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,c2,d0,ec,58,41,6a,4f,a4,b6,0e,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\||A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2010-04-05 18:45:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-06 01:45

Pre-Run: 769,179,648 bytes free
Post-Run: 4,701,650,944 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 37035D8E66B4CC567D6687DCA0506E20

ubzrvnT
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-03-30
OS OS : Windows XP
Points Points : 24578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by Belahzur on 6th April 2010, 5:21 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by ubzrvnT on 12th April 2010, 1:31 am

its running great. Thank you very much for all your help Smile

ubzrvnT
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-03-30
OS OS : Windows XP
Points Points : 24578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue Screen Of Death/Boots oinly in Debugging mode

Post by Belahzur on 12th April 2010, 8:37 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum