Author Topic: Random crashes (Read 1235 times)

dirtybagtwb · « **on:** April 08, 2011, 01:49:24 AM »

just recently my PC started crashing for no apparent reason i dont get a blue screen of death the monitor just goes black and i have to press the reset button,please help!!i have submitted a hijack this log,any help u may have would be welcome.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:54 PM, on 4/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\GCI Security Guard\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Adobe\2\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\GCI Security Guard\Anti-Virus\fsgk32st.exe
C:\Program Files\GCI Security Guard\Common\FSMA32.EXE
C:\Program Files\GCI Security Guard\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\GCI Security Guard\Common\FSHDLL32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\GCI Security Guard\FWES\Program\fsdfwd.exe
C:\Program Files\GCI Security Guard\Anti-Virus\fssm32.exe
C:\Program Files\GCI Security Guard\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\GCI Security Guard\NRS\iescript\baselitmus.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\GCI Security Guard\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\GCI Security Guard\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\GCI Security Guard\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MagicTuneLauncher] C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GammaTray.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\2\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\GCI Security Guard\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\GCI Security Guard\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\GCI Security Guard\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\GCI Security Guard\ORSP Client\fsorsp.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7525 bytes

guestolo · « **Reply #1 on:** April 09, 2011, 12:08:15 PM »

Nothing jumping out at me, can you do the following please
Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click on OTL.exe to run it
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

dirtybagtwb · « **Reply #2 on:** April 09, 2011, 05:42:19 PM »

[quote name='guestolo' date='09 April 2011 - 09:08 AM' timestamp='1302368895' post='477869']
Nothing jumping out at me, can you do the following please
Download [color="#ff0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click on OTL.exe to run it
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

[/quote]

ok, i ran OLT like u askedand here are the logs u requested,please let me know if there is any other info i can provide and thank u for the help.

OTL logfile created on: 4/9/2011 2:36:40 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\Dirtbag\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 38.28 Gb Free Space | 24.96% Space Free | Partition Type: NTFS
Drive F: | 3.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: NEMESIS | User Name: Dirtbag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color="#e56717"]========== Processes (SafeList) ==========[/color]

PRC - [2011/04/09 14:35:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dirtbag\My Documents\Downloads\OTL.exe
PRC - [2011/04/04 19:02:26 | 000,484,520 | ---- | M] (F-Secure Corporation) -- C:\Program Files\GCI Security Guard\Anti-Virus\fsav32.exe
PRC - [2011/02/02 04:55:42 | 000,918,184 | ---- | M] (F-Secure Corporation) -- C:\Program Files\GCI Security Guard\Anti-Virus\fssm32.exe
PRC - [2011/02/02 04:55:41 | 000,508,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\GCI Security Guard\Anti-Virus\fsgk32.exe
PRC - [2010/12/20 17:15:23 | 000,063,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files\GCI Security Guard\ORSP Client\fsorsp.exe
PRC - [2010/11/24 11:18:24 | 002,877,440 | ---- | M] (SEC) -- C:\Program Files\MagicTune Premium\MagicTune.exe
PRC - [2010/11/19 18:51:08 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/04/27 19:02:52 | 002,938,552 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/11/18 08:08:32 | 000,201,128 | ---- | M] (F-Secure Corporation) -- C:\Program Files\GCI Security Guard\Common\FSM32.EXE
PRC - [2009/11/18 08:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) -- C:\Program Files\GCI Security Guard\Common\FSMA32.EXE
PRC - [2009/11/18 08:08:32 | 000,090,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files\GCI Security Guard\Common\FSHDLL32.EXE
PRC - [2009/11/18 08:07:30 | 000,524,712 | ---- | M] (F-Secure Corporation) -- C:\Program Files\GCI Security Guard\FWES\program\fsdfwd.exe
PRC - [2009/11/18 08:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files\GCI Security Guard\Anti-Virus\fsgk32st.exe
PRC - [2009/10/05 16:36:46 | 000,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\GammaTray.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\2\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/25 07:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/06/25 07:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 07:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[color="#e56717"]========== Modules (SafeList) ==========[/color]

MOD - [2011/04/09 14:35:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dirtbag\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/11/18 08:08:18 | 000,332,200 | ---- | M] (F-Secure Corporation) -- c:\Program Files\GCI Security Guard\HIPS\fshook32.dll

[color="#e56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (NeroRegInCDSrv)
SRV - [2010/12/20 17:15:23 | 000,063,992 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\GCI Security Guard\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/04/11 17:26:21 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/18 08:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\GCI Security Guard\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/11/18 08:07:30 | 000,524,712 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\GCI Security Guard\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/11/18 08:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\GCI Security Guard\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\2\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2007/06/25 07:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

[color="#e56717"]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/11/29 18:27:40 | 000,130,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\GCI Security Guard\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010/04/22 14:33:36 | 000,014,336 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2009/11/18 08:08:18 | 000,069,928 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\GCI Security Guard\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/11/18 08:07:30 | 000,081,864 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/11/18 08:06:22 | 000,041,640 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\GCI Security Guard\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/11/18 08:06:22 | 000,027,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\GCI Security Guard\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/06/25 07:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 07:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 07:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/12/06 09:12:08 | 001,355,456 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3)
DRV - [2005/01/31 18:20:50 | 000,071,040 | R--- | M] (Linksys, A Division of Cisco Systems, Inc ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EG1032xp.sys -- (RTL8023xp)
DRV - [2004/10/08 04:01:47 | 000,097,857 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3114r.sys -- (si3114r)
DRV - [2004/08/12 18:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 06:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

[color="#e56717"]========== Standard Registry (SafeList) ==========[/color]

[color="#e56717"]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color="#e56717"]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\GCI Security Guard\NRS\[email protected] [2011/03/28 17:15:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/19 18:51:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 17:41:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 17:41:16 | 000,000,000 | ---D | M]

[2010/06/02 23:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dirtbag\Application Data\Mozilla\Extensions
[2011/04/09 14:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dirtbag\Application Data\Mozilla\Firefox\Profiles\mmmijh9r.default\extensions
[2010/06/07 17:58:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dirtbag\Application Data\Mozilla\Firefox\Profiles\mmmijh9r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/09 14:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/18 17:54:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 19:13:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/08 18:11:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/27 11:18:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/11/19 18:51:26 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/03/28 17:15:03 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES\GCI SECURITY GUARD\NRS\[email protected]
[2010/04/26 21:40:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/10/08 04:01:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\GCI Security Guard\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\GCI Security Guard\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\GCI Security Guard\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MagicTuneLauncher] C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GammaTray.lnk = C:\Program Files\MagicTune Premium\GammaTray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\GCI Security Guard\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.165.131.12 209.165.131.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dirtbag\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dirtbag\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/16 17:33:44 | 004,522,038 | ---- | M] () - F:\Autograph - Turn Up The Radio.mp3 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color="#e56717"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/04/07 23:03:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dirtbag\Start Menu\Programs\Administrative Tools
[2011/04/07 22:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dirtbag\Start Menu\Programs\HiJackThis
[2011/04/02 14:39:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2011/04/02 14:39:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2011/04/02 14:39:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2011/04/02 14:39:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2011/04/02 14:39:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2011/04/02 14:39:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2011/04/02 14:39:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2011/04/02 14:39:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2011/04/02 14:39:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2011/04/02 14:39:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2011/04/02 14:39:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2011/04/02 14:39:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2011/04/02 14:27:39 | 000,102,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\IMEKR70.IME
[2011/04/02 14:27:37 | 000,014,336 | ---- | C] (Samsung Electronics, Inc. ) -- C:\WINDOWS\System32\drivers\MTiCtwl.sys
[2011/04/02 14:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\MagicTune Premium
[2011/04/02 14:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\MonitorDriver
[2011/04/02 14:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dirtbag\Application Data\InstallShield
[2011/03/31 23:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dirtbag\Application Data\runic games
[2011/03/31 23:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Torchlight
[2011/03/31 23:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Runic Games
[2011/03/31 23:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Runic
[2011/03/29 17:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Snowglobe
[2011/03/29 17:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Snowglobe
[2011/03/27 16:41:59 | 000,000,000 | ---D | C] -- C:\Samsung
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color="#e56717"]========== Files - Modified Within 30 Days ==========[/color]

[2011/04/09 14:36:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1659004503-839522115-1003.job
[2011/04/09 14:36:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1659004503-839522115-1003.job
[2011/04/09 14:19:57 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/09 14:19:45 | 000,276,448 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/04/09 14:19:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/09 00:04:01 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2011/04/07 22:51:46 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Dirtbag\Desktop\HiJackThis.lnk
[2011/04/02 14:27:48 | 000,001,399 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GammaTray.lnk
[2011/04/02 14:27:48 | 000,001,393 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\MagicTune .lnk
[2011/03/29 18:26:16 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Second Life Viewer 2.lnk
[2011/03/29 17:59:06 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Snowglobe.lnk
[2011/03/29 17:57:42 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Dirtbag\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/22 22:15:47 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Phoenix Viewer.lnk
[2011/03/17 22:16:45 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/03/17 18:46:05 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/15 21:27:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/13 21:09:30 | 000,448,252 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 21:09:30 | 000,074,304 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color="#e56717"]========== Files Created - No Company Name ==========[/color]

[2011/04/07 22:42:13 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Dirtbag\Desktop\HiJackThis.lnk
[2011/04/02 14:27:48 | 000,001,399 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GammaTray.lnk
[2011/04/02 14:27:48 | 000,001,393 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\MagicTune .lnk
[2011/03/29 17:59:06 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Snowglobe.lnk
[2010/08/11 00:30:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/07/26 23:14:39 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/03 22:55:33 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Dirtbag\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 23:12:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/07 14:30:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/29 16:32:13 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\grwinsthlp.exe
[2010/04/28 21:33:38 | 000,006,896 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/04/28 21:33:38 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/04/28 21:33:27 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/04/28 21:09:37 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/04/28 20:42:55 | 000,130,492 | ---- | C] () -- C:\WINDOWS\HPHins13.dat
[2010/04/28 20:42:54 | 000,002,977 | ---- | C] () -- C:\WINDOWS\hphmdl13.dat
[2010/04/28 18:46:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\OpenCL.dll
[2010/04/28 18:46:01 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/27 22:09:16 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Dirtbag\Local Settings\Application Data\fusioncache.dat
[2010/04/26 20:17:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/04/26 19:42:30 | 000,000,464 | ---- | C] () -- C:\WINDOWS\CMUDA3.ini
[2010/04/26 19:22:29 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/26 19:16:04 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/04/26 19:11:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/26 19:04:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/26 10:49:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/26 10:44:13 | 000,099,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/22 16:46:49 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.exe
[2009/09/22 16:46:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL
[2008/11/04 12:35:36 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/10/08 04:01:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/10/08 04:01:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/10/08 04:01:47 | 000,448,252 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/08 04:01:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/10/08 04:01:47 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/10/08 04:01:47 | 000,074,304 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/08 04:01:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/10/08 04:01:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/10/08 04:01:47 | 000,004,666 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/08 04:01:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/08 04:01:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/08 04:01:47 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/08 04:01:47 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

OTL Extras logfile created on: 4/9/2011 2:36:40 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\Dirtbag\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 38.28 Gb Free Space | 24.96% Space Free | Partition Type: NTFS
Drive F: | 3.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: NEMESIS | User Name: Dirtbag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58632:TCP" = 58632:TCP:*:Enabled:Pando Media Booster
"58632:UDP" = 58632:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"58632:TCP" = 58632:TCP:*:Enabled:Pando Media Booster
"58632:UDP" = 58632:UDP:*:Enabled:Pando Media Booster
"443:TCP" = 443:TCP:*:Enabled:second life port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Adobe\2\Elements Organizer 8.0\Photoshop Elements 8.0.exe" = C:\Program Files\Adobe\2\Elements Organizer 8.0\Photoshop Elements 8.0.exe:*:Enabled:Adobe Photoshop Elements 8.0 -- (Adobe Systems Incorporated)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{190C7419-C254-408e-81F8-BE11FCD72A1F}" = dj_sf_software
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.5.2.977
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47499FAF-B116-4b14-B07F-DB2C3087A06C}" = D4200_Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58535A90-1788-44f5-80BB-CFF62D9CE6D5}" = HP Deskjet 8.0 Software
"{6391F69F-8443-472D-A0D7-1C8C33FE1033}" = Nero 7 Essentials
"{69F962F7-3761-4704-9E4B-24FF10F77111}" = MagicTune Premium
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79D78DC9-96A2-426e-B705-A1EE9536D18B}" = D4200
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7E154EF-D5EC-4da4-9D00-43B85967B120}" = dj_sf_ProductContext
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7736EE8-AFCE-4735-BBE3-652CDFBBFCA8}_is1" = Imprudence Viewer 1.3.0 RC2
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{F327A8F7-00C6-4491-9782-1DFFBB0594A2}" = dj_sf_software_req
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.11.00.812
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Bone Town" = Bone Town
"C-Media PCI Sound" = Xtreme Sound PCI
"F-Secure Product 430" = GCI Security Guard
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"RealPlayer 12.0" = RealPlayer
"Runic Games Torchlight" = Torchlight
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Snowglobe" = Snowglobe (remove only)
"Warzone 2100" = Warzone 2100
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/19/2011 5:36:27 AM | Computer Name = NEMESIS | Source = Application Hang | ID = 1002
Description = Hanging application PhotoshopElementsEditor.exe, version 8.0.0.0,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/19/2011 5:36:28 AM | Computer Name = NEMESIS | Source = Application Hang | ID = 1002
Description = Hanging application PhotoshopElementsEditor.exe, version 8.0.0.0,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/2/2011 6:38:15 PM | Computer Name = NEMESIS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2011 12:39:21 AM | Computer Name = NEMESIS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2011 12:53:50 AM | Computer Name = NEMESIS | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2011-04-03 20:53:50-08:00 NEMESIS NEMESIS\Dirtbag F-Secure
Anti-Virus Crash detected.

Error - 4/4/2011 12:55:04 AM | Computer Name = NEMESIS | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/8/2011 3:25:45 AM | Computer Name = NEMESIS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000056'
while processing the file 'msrd2x40.dll.new' on the volume 'HarddiskVolume1'.
It has stopped monitoring the volume.

Error - 4/8/2011 11:45:20 AM | Computer Name = NEMESIS | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2

Error - 4/8/2011 11:45:21 AM | Computer Name = NEMESIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Si3114r5

Error - 4/8/2011 10:54:59 PM | Computer Name = NEMESIS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 4/8/2011 10:54:59 PM | Computer Name = NEMESIS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 4/8/2011 10:54:59 PM | Computer Name = NEMESIS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 4/9/2011 3:21:52 AM | Computer Name = NEMESIS | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2

Error - 4/9/2011 3:21:54 AM | Computer Name = NEMESIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Si3114r5

Error - 4/9/2011 6:19:55 PM | Computer Name = NEMESIS | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2

Error - 4/9/2011 6:19:56 PM | Computer Name = NEMESIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Si3114r5

< End of report >

guestolo · « **Reply #3 on:** April 09, 2011, 07:45:36 PM »

This is possibly a Video card or power supply issue, hard to pinpoint
Is the inside of the computer clear of dust?

Besides the monitor going black, does it appear that the computer is running properly?

dirtybagtwb · « **Reply #4 on:** April 09, 2011, 08:23:02 PM »

[quote name='guestolo' date='09 April 2011 - 04:45 PM' timestamp='1302396336' post='477878']
This is possibly a Video card or power supply issue, hard to pinpoint
Is the inside of the computer clear of dust?

Besides the monitor going black, does it appear that the computer is running properly?
[/quote]
s
i thought at first perhaps a driver issue but i think i have updated just about everything i could and i keep my tower very clean and for the age of it seems to be running well.My PC is going on about 4-5 years old,i had it made from Cyberpower out of California,u being a PC guru im sure u have heard of them and its very upgradeable and except for a few minor issue`s has been a great PC.is there someway to test the powersupply?without taking it out of my tower?i wish i could give u a better timeframe as to when it started and since it started i did go buy a new Samsung Syncmaster SA350 thinking it was my monitor but it still continues.

guestolo · « **Reply #5 on:** April 09, 2011, 08:54:25 PM »

What types of addin cards do you have on this computer
Eg.. Network card, Video card, etc.....

dirtybagtwb · « **Reply #6 on:** April 09, 2011, 09:13:32 PM »

[quote name='guestolo' date='09 April 2011 - 05:54 PM' timestamp='1302400465' post='477882']
What types of addin cards do you have on this computer
Eg.. Network card, Video card, etc.....
[/quote]

well... it had a built -in sound-card and i replaced it with a Diamond Xtreme sound 5.1 16 bit.it also has a 1 gig BFG tech video card.and a Linksys 10/100/1000gigabite network card and i added 2 gigs of optima memory DDR PC 3200 400/333/266.just FYI it has a A8N-SLI motherboard.it has a few other Network cards that are built-in`s,a 1394 Net adapter,Nvidia nForce 10/100/1000 these are of course disabled,and if it helps at all a AMD Athlon 64x2 dual core 4200+ 2.21 Ghz.please let me know if u need more info and ill do my best to get it for u.

guestolo · « **Reply #7 on:** April 09, 2011, 09:29:41 PM »

Your the builder, do you remember when the problem started?
I know you can't remember the timeframe, but think hard, what was the last piece of hardware you installed before the problem started?

In addition:
Can you go to the following link
http://www.virustotal.com/

Scan this file please
C:\WINDOWS\System32\grwinsthlp.exe
Is it safe?

dirtybagtwb · « **Reply #8 on:** April 09, 2011, 09:56:12 PM »

[quote name='guestolo' date='09 April 2011 - 06:29 PM' timestamp='1302402581' post='477884']
Your the builder, do you remember when the problem started?
I know you can't remember the timeframe, but think hard, what was the last piece of hardware you installed before the problem started?

In addition:
Can you go to the following link
http://www.virustotal.com/

Scan this file please
C:\WINDOWS\System32\grwinsthlp.exe
Is it safe?
[/quote]
most of the hardware i listed was installed over a year ago at the least without a problem til just recently,but the last thing i installed was the Network card.this may not be relevant but i play Second life and use a 3rd party viewer called Phoenix most of the problems seem to arise right after i upgraded to the newest viewer.here is the info i requested,i hope i have gotten u the correct info.

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: 2b409f5ea90cbdaf38f4a96e1a3073fb
Submission date: 2011-04-10 02:21:46 (UTC)
Current status: finished
Result: 4 /41 (9.8%)
VT Community

not reviewed
Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.04.10.00 2011.04.09 - AntiVir 7.11.6.19 2011.04.08 - Antiy-AVL 2.0.3.7 2011.04.09 - Avast 4.8.1351.0 2011.04.09 - Avast5 5.0.677.0 2011.04.09 - AVG 10.0.0.1190 2011.04.09 - BitDefender 7.2 2011.04.10 - CAT-QuickHeal 11.00 2011.04.09 Spyware.Agent (Not a Virus) ClamAV 0.97.0.0 2011.04.10 - Commtouch 5.2.11.5 2011.04.06 - Comodo 8285 2011.04.10 - DrWeb 5.0.2.03300 2011.04.10 - eSafe 7.0.17.0 2011.04.07 Win32.SpywareAgent eTrust-Vet 36.1.8261 2011.04.08 - F-Prot 4.6.2.117 2011.04.10 - F-Secure 9.0.16440.0 2011.04.10 - Fortinet 4.2.254.0 2011.04.09 - GData 22 2011.04.10 - Ikarus T3.1.1.103.0 2011.04.09 - Jiangmin 13.0.900 2011.04.09 - K7AntiVirus 9.96.4347 2011.04.09 - Kaspersky 7.0.0.125 2011.04.10 - McAfee 5.400.0.1158 2011.04.10 - McAfee-GW-Edition 2010.1C 2011.04.09 - Microsoft 1.6702 2011.04.10 Spyware:Win32/Agent NOD32 6029 2011.04.10 - Norman 6.07.07 2011.04.09 - Panda 10.0.3.5 2011.04.09 - PCTools 7.0.3.5 2011.04.07 - Prevx 3.0 2011.04.10 Medium Risk Malware Rising 23.52.05.05 2011.04.09 - Sophos 4.64.0 2011.04.09 - SUPERAntiSpyware 4.40.0.1006 2011.04.07 - Symantec 20101.3.2.89 2011.04.10 - TheHacker 6.7.0.1.171 2011.04.10 - TrendMicro 9.200.0.1012 2011.04.09 - TrendMicro-HouseCall 9.200.0.1012 2011.04.10 - VBA32 3.12.14.3 2011.04.08 - VIPRE 8973 2011.04.10 - ViRobot 2011.4.9.4402 2011.04.09 - VirusBuster 13.6.296.2 2011.04.09 - Additional information Show all MD5 : 2b409f5ea90cbdaf38f4a96e1a3073fb SHA1 : 06528c9adb53bbcd102f61c01457ceb29b7b821d SHA256: 13ff974945685c35650aae69943d936531fe94a53444a32be15b64c664d84702 ssdeep: 384:iI4+V8qw6WrEm6FO8XtxzE78lRy7VXuahoE5:FV8qwfrEmyXLojrho File size : 16896 bytes First seen: 2006-05-29 23:01:46 Last seen : 2011-04-10 02:21:46 Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit TrID:
Win32 Executable Borland Delphi 5 (61.3%)
Win32 Executable Borland Delphi 3 (35.6%)
Win32 Executable Generic (1.1%)
Win32 Dynamic Link Library (generic) (1.0%)
Win16/32 Executable Delphi generic (0.2%) sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: - PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x3CB0
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14C (Intel I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0x2D40, 0x2E00, 6.42, 6351bd14aefd4343c842c75623726595
DATA, 0x4000, 0xB8, 0x200, 1.77, d134ba55dc5c1b9b7530122f6ab13cb0
BSS, 0x5000, 0x4D5, 0x0, 0.0, d41d8cd98f00b204e9800998ecf8427e
.idata, 0x6000, 0x52C, 0x600, 3.91, 3f76032253ccc025bbd918561a17e2da
.tls, 0x7000, 0x8, 0x0, 0.0, d41d8cd98f00b204e9800998ecf8427e
.rdata, 0x8000, 0x18, 0x200, 0.2, 2641881b56ebdb70138f247bbeff9137
.reloc, 0x9000, 0x334, 0x400, 5.75, 7d23fd0c65a77fc2c2ecfb11fa0c4d04
.rsrc, 0xA000, 0x200, 0x200, 2.0, cc85ac698a46555dbb9815b6169d306c

[[ 4 import(s) ]]
advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, lstrlenA, lstrcpynA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
oleaut32.dll: VariantClear
user32.dll: GetKeyboardType, MessageBoxA, CharNextA
Prevx Info:
http://info.prevx.co...001A600DC0139A8 CWSandbox:
http://research.sunb...8f4a96e1a3073fb ExifTool:
-

guestolo · « **Reply #9 on:** April 09, 2011, 10:27:16 PM »

It's hard to read the results, either way, can you send that file to the recycle bin, leave it there for a bit
May be coincidence, but your original problem, I found on the net others related to conflicting network card, again, may be coincidence
Does your network card have a Green light on the back of the computer?

If so, the next time your computer monitor goes black and unresponsive, can you look to see if the light is on in the back
If there is no light, you may want to uninstall the card from Device manager, shut down the computer
remove the card, hook your Internet to your onboard connection

See if the problem remains

dirtybagtwb · « **Reply #10 on:** April 09, 2011, 11:56:19 PM »

[quote name='guestolo' date='09 April 2011 - 07:27 PM' timestamp='1302406036' post='477886']
It's hard to read the results, either way, can you send that file to the recycle bin, leave it there for a bit
May be coincidence, but your original problem, I found on the net others related to conflicting network card, again, may be coincidence
Does your network card have a Green light on the back of the computer?

If so, the next time your computer monitor goes black and unresponsive, can you look to see if the light is on in the back
If there is no light, you may want to uninstall the card from Device manager, shut down the computer
remove the card, hook your Internet to your onboard connection

See if the problem remains
[/quote]

sorry about that ,i was having a few issue`s with posting the results.it doesnt have a green light but it does have a orange light and come to think of it i only have trouble when i am playing an online game but i will keep an eye on it.thank u for at least trying to help,if it becomes an issue again ill try your suggestion.

dirtybagtwb · « **Reply #11 on:** April 11, 2011, 03:22:45 PM »

[quote name='dirtybagtwb' date='09 April 2011 - 08:56 PM' timestamp='1302411379' post='477887']
sorry about that ,i was having a few issue`s with posting the results.it doesnt have a green light but it does have a orange light and come to think of it i only have trouble when i am playing an online game but i will keep an eye on it.thank u for at least trying to help,if it becomes an issue again ill try your suggestion.
[/quote]

Hey Guestolo u will never guess what i figured out.....after completely updating all of my drivers.. prosseccesors and everything motherboard and trying your removing the net card too my PC was still generating random crashes,i was curious and opened the case to make sure it wasn't dusty and it wasn't i normally do a pretty good job of keeping the insides of my tower clean of dust even with 5 cooling fans ,but i was blowing it out again and noticed the cooling fan on my BFG 9500 graphics card wasn't working so i removed the card to see if some dust had gotten under it and stopped its rotation and found that my fan wasn't working at all...i think that's the issue my PC is having and doing some research found out that BFG is out of business and of course not honoring their warranties.things like this make we want to get a Xbox,anyway i just thought u should know and thank u for the help.

TheTechGuide Forum

News:

Author Topic: Random crashes (Read 1235 times)

dirtybagtwb

Random crashes

guestolo

Random crashes

dirtybagtwb

Random crashes

guestolo

Random crashes

dirtybagtwb

Random crashes

guestolo

Random crashes

dirtybagtwb

Random crashes

guestolo

Random crashes

dirtybagtwb

Random crashes

guestolo

Random crashes

dirtybagtwb

Random crashes

dirtybagtwb

Random crashes