|
| ||
| Blue Screen of Death when booting into Safe Mode Hi, I'm getting a BSOD when I try to boot into Safe Mode :/ The reason I've been trying to boot into Safe Mode is because I want to delete and replace some fonts with a newer version of them, and I can't do so in normal Windows because my access to them is constantly denied (even though I'm fairly sure they're not in use by any process). I suspect it's a leftover remnant of the previous big spyware infection I had with Vundo/Virtuamonde trojan, as I remember also having a BSOD problem then... The stop code is 0x0000007B (0xF78AF528, 0xC0000034, 0x00000000, 0x00000000) if that helps. Here is my HJT log. Any help is really appreciated :D Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:43 AM, on 10/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\PS Tray Factory\PSTrayFactory.EXE C:\Program Files\Google\Update\1.1.17.0\GoogleUpdate.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Taskix\Taskix32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ThreatFire\TFTray.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Volumouse\volumouse.exe C:\Program Files\Quicknote\Quicknote.exe C:\Program Files\3RVX\3RVX.exe C:\WINDOWS\system32\gdi++\gditray.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Samurize\Client.exe C:\Program Files\Samurize\Client.exe C:\Program Files\Samurize\Client.exe C:\Program Files\Samurize\Client.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\ProcessTamer\ProcessTamerTray.exe C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe C:\Program Files\AutoHotkey\AutoHotkey.exe D:\Apps\ObjectBar\ObjectBar.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe D:\Apps\Swept Away\Swept Away.exe D:\Apps\texter.exe D:\Y'z Shadow\YzShadow.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ThreatFire\TFService.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Apps\Miranda IM\miranda32.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Documents and Settings\Cuifen\My Documents\_junkdrawer\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\cidaemon.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ?? O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Update Class - {ADD57508-1A52-4FAA-A7B3-A3ADE8FAEFEC} - C:\Program Files\Google\Update\1.1.17.0\GoopdateBho.dll O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\program files\FindeXer\FindeXer.dll O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing) O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Apps\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe" O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /start O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg O4 - HKCU\..\Run: [Quicknote] "C:\Program Files\Quicknote\Quicknote.exe" O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU\..\Run: [3RVX.exe] C:\Program Files\3RVX\3RVX.exe O4 - HKCU\..\Run: [GDI++] C:\\WINDOWS\\system32\\gdi++\\gditray.exe -on O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: Client Ram Bar.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: Client Todo.txt.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: Client Weather.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: gditray.lnk = C:\WINDOWS\system32\gdi++\gditray.exe O4 - Startup: Instance Manager Group Default Instance Group.lnk = C:\Program Files\Samurize\InstanceManager.exe O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe O4 - Startup: RKLauncher.exe.lnk = C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe O4 - Startup: scripts.ahk.lnk = C:\Documents and Settings\Cuifen\My Documents\_docs\scripts.ahk O4 - Startup: Stardock ObjectBar.lnk = D:\Apps\ObjectBar\ObjectBar.exe O4 - Startup: Swept Away.lnk = D:\Apps\Swept Away\Swept Away.exe O4 - Startup: Texter.lnk = D:\Apps\texter.exe O4 - Startup: YzShadow.lnk = D:\Y'z Shadow\YzShadow.exe O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/ O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/.../GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file) O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: interceptor.dll,wbsys.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL O22 - SharedTaskScheduler: OLE Object - {D9E0368F-201B-46CF-AA60-B9C513E67847} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Update\1.1.17.0\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe -- End of file - 11155 bytes |
| ||
| Re: Blue Screen of Death when booting into Safe Mode Hi Rerun Hijack this and remove the following entries: C:\WINDOWS\system32\gdi++\gditray.exe C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe D:\Apps\ObjectBar\ObjectBar.exe D:\Y'z Shadow\YzShadow.exe O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Update Class - {ADD57508-1A52-4FAA-A7B3-A3ADE8FAEFEC} - C:\Program Files\Google\Update\1.1.17.0\GoopdateBho.dll O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing) O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing) O4 - HKCU\..\Run: [3RVX.exe] C:\Program Files\3RVX\3RVX.exe O4 - HKCU..Run: [GDI++] C:\WINDOWS\system32\gdi++\gditray.exe -on O4 - Startup: gditray.lnk = C:\WINDOWS\system32\gdi++\gditray.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file) O22 - SharedTaskScheduler: OLE Object - {D9E0368F-201B-46CF-AA60-B9C513E67847} - (no file) Once removed reboot. :) |
| ||
| Re: Blue Screen of Death when booting into Safe Mode Hi, Thank you very much for your reply! Before I do anything, I have a few questions actually. Some of the things you pointed out I should delete are actually programs where I know exactly what they are and trust completely. These are: C:\WINDOWS\system32\gdi++\gditray.exe C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe D:\Apps\ObjectBar\ObjectBar.exe D:\Y'z Shadow\YzShadow.exe O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing) O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing) O4 - HKCU\..\Run: [3RVX.exe] C:\Program Files\3RVX\3RVX.exe O4 - HKCU..Run: [GDI++] C:\WINDOWS\system32\gdi++\gditray.exe -on O4 - Startup: gditray.lnk = C:\WINDOWS\system32\gdi++\gditray.exe I'm just wondering if it's really necessary to delete these entries, as I do rely quite a bit on all these programs and I'm not sure if deleting these entries in HJT will break them completely. Thanks :) |
| ||
| Re: Blue Screen of Death when booting into Safe Mode The entries are programs that have kow spyware embeded in them. D:\Y'z Shadow\YzShadow.exe is the most dangerous out of them all. http://www.pcreview.co.uk/startup/YzShadow.exe.php The items marked for deletion are all known programs that infect your PC. You can carry on using them, but I wouldn't recommend it. And if possible, try and find a legitimate replacement for them. |
| ||
| Re: Blue Screen of Death when booting into Safe Mode Hi, Thanks for your help so far! Unfortunately I'm still getting the BSOD when I try Safe Mode :/ Is there anything else you can recommend that I do? My new HJT log is below: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:24 AM, on 12/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\Program Files\Google\Update\1.1.17.0\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PS Tray Factory\PSTrayFactory.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Google\Update\1.1.17.0\GoogleUpdate.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ThreatFire\TFService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Taskix\Taskix32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\ThreatFire\TFTray.exe C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Volumouse\volumouse.exe C:\Program Files\Quicknote\Quicknote.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Samurize\Client.exe C:\Program Files\Samurize\Client.exe C:\Program Files\Samurize\Client.exe C:\Program Files\Samurize\Client.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ProcessTamer\ProcessTamerTray.exe C:\Program Files\AutoHotkey\AutoHotkey.exe D:\Apps\Swept Away\Swept Away.exe D:\Apps\texter.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Cuifen\My Documents\_junkdrawer\HiJackThis.exe C:\WINDOWS\system32\wuauclt.exe D:\Apps\Miranda IM\miranda32.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ?? O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\program files\FindeXer\FindeXer.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Apps\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe" O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /start O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg O4 - HKCU\..\Run: [Quicknote] "C:\Program Files\Quicknote\Quicknote.exe" O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: Client Ram Bar.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: Client Todo.txt.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: Client Weather.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: Instance Manager Group Default Instance Group.lnk = C:\Program Files\Samurize\InstanceManager.exe O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe O4 - Startup: scripts.ahk.lnk = C:\Documents and Settings\Cuifen\My Documents\_docs\scripts.ahk O4 - Startup: Swept Away.lnk = D:\Apps\Swept Away\Swept Away.exe O4 - Startup: Texter.lnk = D:\Apps\texter.exe O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/ O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/.../GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A9A6F4C4-4876-4000-8028-ADDB5815479D}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file) O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: ,wbsys.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Update\1.1.17.0\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe -- End of file - 9952 bytes |
| ||
| Re: Blue Screen of Death when booting into Safe Mode Interesting, delphine. When you start your machine quite early on in the loading of Windows a program called Ntldr is in control; one of its last functions is to read in kernel files and the SYSTEM reg hive to see which drivers should be loaded. Pressing F8 to choose Safe Mode at this point results in a different registry key being used to specify a reduced set of drivers. Now it so happens that the error code you are receiving is caused by a missing or bad hardware driver which is related to your your hd or IDE controllers, or a PCI bus driver [commonly called the chipset drivers..]. What that means is that when the system tries to change up a gear in its mode of accessing the hd, it just cannot. So it reports that the boot device is missing... You obviously have those drivers because you can operate in Normal mode okay?, it must be that the reg key for the list of Safe Mode drivers is incorrect. Ways around that: If the problem does not date back too far you may be able to pick up a restore point that will solve it. Or you could get an old copy of the SYSTEM hive from Windows\repair using the recovery console [tedious]. Or you could update the drivers in Device Manager - catch is, I am not certain if trying this last will rewrite the necessary safe mode reg key [I am sure it will, I just dunno... but I do know it won't hurt to try] So... did restoring work? If not... go to Device Manager [go Start, run, paste in control sysdm.cpl,,2 -and Enter]. -in Device Manager expand IDE ATA/ATAPI controllers, select your Primary IDE Controller, right click it and select Update Driver. -you may choose to download a driver from Updates or take one from your hardware installation cd or floppy... -restart... say how you get on. |
| ||
| Device Driver Corrupted This is what I found from http://support.microsoft.com/kb/324103: "Device Driver Issues You may receive a "Stop 0x0000007B" error message in the following scenarios: A device driver that the computer boot controller needs is not configured to start during the startup process. A device driver that the computer boot controller needs is corrupted. Information in the Windows XP registry (information related to how the device drivers load during startup) is corrupted." You are going to have to update or uninstall your drivers in order to fix your problem. Go to the manufactures site or use Driver Robot to update your drivers |
| All times are GMT -4. The time now is 8:21 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC