Solved

Can anyone elaborate on what type of service MCSTRM is....

Posted on 2004-09-07
31
15,455 Views
Last Modified: 2013-12-03
Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7000
Date:            9/6/2004
Time:            7:29:03 PM
User:            N/A
Computer:      
Description:
The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I have not been able to find any info this service.  
My computer will reboot on occasion when I insert a disk into either one of my optical drives (lite on dvd-rw and a pioneer dvd-rom).  Spyware sweep clean (Spysweeper) and virus scan is clean (norton 2004)  I ran Registry mechanic and it was also clean.  

Hijack report:
Logfile of HijackThis v1.97.7
Scan saved at 5:45:16 PM, on 9/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092957777287
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20d3d0cae4a3e811c300/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38201.2751041667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Also I have OEM XP with SP2 installed.  I plan to download boot disks from allbootdisk.com, is it necessary to copy this to floppy or can i burn to cd?
Interestingly, a google of MCSTRM links to several porn sites.  a clue?

Sorry about the disjointedness of this question and please tell me if you need anymore info
Thanks,
Mike
0
Comment
Question by:mikecsaszar
  • 17
  • 10
  • 2
  • +2
31 Comments
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 250 total points
ID: 12001782
Hello mikecsaszar =)

Well ur LOG looks pretty much ok, but im not sure abt this process....

C:\WINDOWS\runservice.exe >> http://www.2-spyware.com/file-runservice-exe.html

and get rid of this line......

O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe >> http://www.2-spyware.com/file-bmupdate-exe.html

and abt that service,,,, yes indeed its unknown thing and weird thing =\

tell me when u goto Start>Run>msconfig>Services
can u see here any such service listed ??
on in Start>Run>regedit> when u search for MCSTRM, anything comes out ??
0
 
LVL 4

Expert Comment

by:Evarest
ID: 12001806
I never heard from MCSTRM. Try searching for the program on your HDD (use basic search from win explorer).

If you find it, try renaming it from MCSTRM.exe to MCSTRM.exe1 or something like that. As I don't know it, i guess it's not that critical for your system. If your system starts behaving oddly after a reboot, it might be wise to rename it back to the original filename.

If it's still in use, terminate it by using CTRL+ALT+DEL.

Also, run MSConfig.exe from Start|Run. Under the Tab Startup search for MCSTRM and uncheck that line. It now won't be restarted with windows.

You might also search your services for occurencies of MCSTRM. Do this by going to Start|Run and type services.msc. Then search the list for MCSTRM. If it's in the list, right-click the entry and choose Properties. Choose as startup type Disabled.

Hope this helps,
Evarest

0
 
LVL 6

Accepted Solution

by:
davexnet earned 250 total points
ID: 12001915
Enter services.msc from the RUN box.  Navigate to this service and right click it.
Set startup type to disable.

This error indicates the file related to MCSTRM is missing, but there is still an entry in the registry
under the services section that's looking for it.

Disabling it will take care of it.

Dave
0
 

Author Comment

by:mikecsaszar
ID: 12002218
Thanks for the replies.

1. Cant find MSTRM using  MSconfig or services.msc nor in a windows search.
2. I will try to induce the error or restart and give a new hijack.

thanks
0
 

Author Comment

by:mikecsaszar
ID: 12002287
Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7000
Date:            9/7/2004
Time:            7:25:28 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I put a random cd into my lite on dvdrw drive and cause a reboot.  my recovery settings for automatic restart is unchecked.
I restarted and the windows loaded and then restart itself to a save dump.  I rebooted to last good config.

here is the bug check
Event Type:      Information
Event Source:      Save Dump
Event Category:      None
Event ID:      1001
Date:            9/7/2004
Time:            7:25:03 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000024 (0x001902fe, 0xf7d00d4c, 0xf7d00a48, 0xf3260d42). A dump was saved in: C:\WINDOWS\Minidump\Mini090704-02.dmp.  

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

This tends to happen when a load a disc from either optical drive.

Hijack file-
Logfile of HijackThis v1.97.7
Scan saved at 7:35:46 PM, on 9/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092957777287
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20d3d0cae4a3e811c300/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38201.2751041667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

What now?  btw what is the best way to get rid of runservice.exe
0
 

Author Comment

by:mikecsaszar
ID: 12002323
also autoplay for both drives are set to ask me to choose an action.

but wait here are a couple more error messages that happened while typing this-
Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7034
Date:            9/7/2004
Time:            7:41:05 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
The LicCtrl Service service terminated unexpectedly.  It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


AND


Event Type:      Error
Event Source:      Application Hang
Event Category:      None
Event ID:      1001
Date:            9/7/2004
Time:            7:41:29 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
Fault bucket 127043675.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20   Bucket:
0008: 31 32 37 30 34 33 36 37   12704367
0010: 35 0d 0a                  5..    


Event Type:      Error
Event Source:      Application Hang
Event Category:      (101)
Event ID:      1002
Date:            9/7/2004
Time:            7:41:18 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
Hanging application explorer.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 65 78 70 6c 6f 72     explor
0018: 65 72 2e 65 78 65 20 36   er.exe 6
0020: 2e 30 2e 32 39 30 30 2e   .0.2900.
0028: 32 31 38 30 20 69 6e 20   2180 in
0030: 68 75 6e 67 61 70 70 20   hungapp
0038: 30 2e 30 2e 30 2e 30 20   0.0.0.0
0040: 61 74 20 6f 66 66 73 65   at offse
0048: 74 20 30 30 30 30 30 30   t 000000
0050: 30 30                     00      


and

Event Type:      Error
Event Source:      Application Error
Event Category:      None
Event ID:      1001
Date:            9/7/2004
Time:            7:40:24 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
Fault bucket 00733296.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20   Bucket:
0008: 30 30 37 33 33 32 39 36   00733296
0010: 0d 0a                     ..      


and

Event Type:      Error
Event Source:      Application Error
Event Category:      (100)
Event ID:      1000
Date:            9/7/2004
Time:            7:40:04 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 64 72 77   ure  drw
0018: 74 73 6e 33 32 2e 65 78   tsn32.ex
0020: 65 20 35 2e 31 2e 32 36   e 5.1.26
0028: 30 30 2e 30 20 69 6e 20   00.0 in
0030: 64 62 67 68 65 6c 70 2e   dbghelp.
0038: 64 6c 6c 20 35 2e 31 2e   dll 5.1.
0040: 32 36 30 30 2e 32 31 38   2600.218
0048: 30 20 61 74 20 6f 66 66   0 at off
0050: 73 65 74 20 30 30 30 31   set 0001
0058: 32 39 35 64               295d    


These logs really mean nothing to me.  What else can I give you to help?
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12002347
>> The LicCtrl Service service terminated unexpectedly.  It has done this 1 time(s).

this is this process >> C:\WINDOWS\runservice.exe >> http://www.2-spyware.com/file-runservice-exe.html
if u cannot find this service in msconfig or servies, then u can try renaming this runservice.exe to something else in C:\Windows

restart and check now ??
0
 

Author Comment

by:mikecsaszar
ID: 12002501
ogfile of HijackThis v1.97.7
Scan saved at 8:19:32 PM, on 9/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092957777287
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20d3d0cae4a3e811c300/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38201.2751041667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Here is a better timeline of events:

Anytime I restart I get the BSOD along with the the messages:

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7000
Date:            9/7/2004
Time:            8:17:02 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

AND

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7000
Date:            9/7/2004
Time:            8:17:02 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
The LicCtrl Service service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.  

AND  Something like this  

Event Type:      Information
Event Source:      Save Dump
Event Category:      None
Event ID:      1001
Date:            9/7/2004
Time:            8:16:44 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000024 (0x001902fe, 0xf7d2cd4c, 0xf7d2ca48, 0xf2b1cd42). A dump was saved in: C:\WINDOWS\Minidump\Mini090704-04.dmp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I retrieved these logs after a reboot (f8) to last good config.  THe  hijack file above is the most recent after the reboot.  Of note-  everytime I go into last good config.  windows re-recognize my optical drives as new hardware  (liteon dvdrw recently installed and pioneer dvd rom.)  the drives are in the secondary controller and master/ slave respectively.  This is the same as the original config with the oem cd rw that I replace.  

This is fun!

When a boot is done into the last good config, does this refer only to the registry??

I think I should up the point totally on this one.







0
 

Author Comment

by:mikecsaszar
ID: 12002537
I found the MCSTRM file in the registry.  I am not sure what the info listed means but here it is-

Key Name:          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCSTRM
Class Name:        <NO CLASS>
Last Write Time:   9/7/2004 - 8:15 PM
Value 0
  Name:            Type
  Type:            REG_DWORD
  Data:            0x1

Value 1
  Name:            Start
  Type:            REG_DWORD
  Data:            0x2

Value 2
  Name:            ErrorControl
  Type:            REG_DWORD
  Data:            0x1

Value 3
  Name:            DisplayName
  Type:            REG_SZ
  Data:            MCSTRM

Value 4
  Name:            Group
  Type:            REG_SZ
  Data:            MCSTRM


Key Name:          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCSTRM\Security
Class Name:        <NO CLASS>
Last Write Time:   8/19/2004 - 6:36 PM
Value 0
  Name:            Security
  Type:            REG_BINARY
  Data:            
00000000   01 00 14 80 90 00 00 00 - 9c 00 00 00 14 00 00 00  ................
00000010   30 00 00 00 02 00 1c 00 - 01 00 00 00 02 80 14 00  0...............
00000020   ff 01 0f 00 01 01 00 00 - 00 00 00 01 00 00 00 00  ÿ...............
00000030   02 00 60 00 04 00 00 00 - 00 00 14 00 fd 01 02 00  ..`.........ý...
00000040   01 01 00 00 00 00 00 05 - 12 00 00 00 00 00 18 00  ................
00000050   ff 01 0f 00 01 02 00 00 - 00 00 00 05 20 00 00 00  ÿ........... ...
00000060   20 02 00 00 00 00 14 00 - 8d 01 02 00 01 01 00 00   ...............
00000070   00 00 00 05 0b 00 00 00 - 00 00 18 00 fd 01 02 00  ............ý...
00000080   01 02 00 00 00 00 00 05 - 20 00 00 00 23 02 00 00  ........ ...#...
00000090   01 01 00 00 00 00 00 05 - 12 00 00 00 01 01 00 00  ................
000000a0   00 00 00 05 12 00 00 00 -                          ........


Key Name:          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCSTRM\Enum
Class Name:        <NO CLASS>
Last Write Time:   9/7/2004 - 8:16 PM
Value 0
  Name:            0
  Type:            REG_SZ
  Data:            Root\LEGACY_MCSTRM\0000

Value 1
  Name:            Count
  Type:            REG_DWORD
  Data:            0x1

Value 2
  Name:            NextInstance
  Type:            REG_DWORD
  Data:            0x1

Value 3
  Name:            INITSTARTFAILED
  Type:            REG_DWORD
  Data:            0x1

0
 
LVL 6

Expert Comment

by:davexnet
ID: 12003531
It must be a non-plug and play service or driver.
Open the device manager.  Select View/show hidden devices.
Look at the non-plug and play drivers.
Click the item in question/disable.

Also, you can just delete the key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCSTRM

Dave

0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12005125
>> I found the MCSTRM file in the registry.

ofcourse,,,, backup this key\folder and then delete it..... coz first of all its unknown service, second this is not found on ur system, third its creating problems, so there is no need of it to present in the services registry folder !!

infact, i will say to remove this LicCtrl Service also from registry.... its that process runservice.exe which is not required by u, and this is failing also..... so remove these both !!
0
 

Author Comment

by:mikecsaszar
ID: 12006197
I will try these fixes and update after work.  thanks
0
 

Author Comment

by:mikecsaszar
ID: 12006887
Driver : MCSTRM
Description : RealNetworks Virtual Path Manager®
Version : 5.0.2195.7
Company : RealNetworks, Inc.

Off  of yahoo.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12007650
now what is this RealNetworks Virtual Path Manager :-?
Real.com has nothing related to it on its site.... neither Google came up with anything =\
0
 

Author Comment

by:mikecsaszar
ID: 12007970
I did install and uninstall realplayer a few weeks ago to try the 49 cent downloads.   the realplayer library wasn't  easy to use and crashed a lot  so i uninstalled it.  Perhaps it is a remnant of real service, maybe radiopass?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12007995
hmmmmm radio pass... i dont use it, i have the free real player and that can be the reason i dont have such service ??
0
 

Author Comment

by:mikecsaszar
ID: 12008093
Maybe it's a driver to support the ipod management?? wild guess.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12008525
hmmmmmmmm, btw just tell me one thing,,,,, are u abel to boot from the CD without this rebooting problem ??
or when u boot into safemode, and insert a CD or DVD, same thing happens there also ??
0
 

Author Comment

by:mikecsaszar
ID: 12008602

"when u boot into safemode, and insert a CD or DVD, same thing happens there also ??"

I haven't tried to create the problem in safe mood yet.  But I will tonight.

"are u abel to boot from the CD without this rebooting problem ??"

not sure what you mean by this.


I emailed tech support a real concerning MCSTRM, hopefully they will reply this year.

So tonight i plan to back up and delete the registries for MCSRTM and liccrtl

I will run chkdsk on both my hard drives to check for errors.

I will download bootdisks for xp sp2 (I have nothing to boot from besides whats on the hard drive).

I will update again,  any other suggestions?
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12008717
>> not sure what you mean by this.

coz i was thinking, if it wud be a firmware or motherboard compatibility problem, u wud be unable to boot from the bootable cds..... coz as soon as it tries to access the CD, it shud restart or freeze ur system.... right :-?
0
 

Author Comment

by:mikecsaszar
ID: 12012192
UPDATE----

1. backed up MCSTRM and licctrl registry entries and delete in normal windows.
2. Found MCSTRM in hidden device manager non plug and play- uninstalled it in normal windows.

rebooted to windows and had the same problem as before - BSOD with MCSTRM and Licctrl error messages.
I rebooted into safe mode  and logged on as admin.  Computer stated admin file could not be find and logged me in as default user.  I could not delete MCSTRM or Licctrl in this safe mode profile-  error message was something like "cannot not delete files-error in deleting"

So.. i rebooted to safemode under my user name without a problem.  MCSTRM and Licctrl dont exist in this profile.  I tried disc in both optical drives and both worked fine without  any problems.  so here i sit.

hijack of safemode currently-

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Lavalys\EVEREST Home Edition\everest.bin
C:\WINDOWS\regedit.exe
D:\Documents and Settings\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092957777287
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20d3d0cae4a3e811c300/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38201.2751041667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Here is a everest profile:

--------[ EVEREST Home Edition (c) 2003, 2004 Lavalys, Inc. ]-----------------------------------------------------------

    Version                                           EVEREST v1.10.106
    Homepage                                          http://www.lavalys.com/
    Report Type                                       Report Wizard
    Computer                                          MIKE-B7RKAHSS5S
    Generator                                         Mike
    Operating System                                  Microsoft Windows XP Home Edition 5.1.2600 (WinXP Retail)
    Date                                              2004-09-08
    Time                                              19:37


--------[ Summary ]-----------------------------------------------------------------------------------------------------

    Computer:
      Operating System                                  Microsoft Windows XP Home Edition
      OS Service Pack                                   Service Pack 2
      Internet Explorer                                 6.0.2900.2180
      DirectX                                           4.09.00.0904 (DirectX 9.0)
      Computer Name                                     MIKE-B7RKAHSS5S
      User Name                                         Mike

    Motherboard:
      CPU Type                                          Intel Pentium 4, 1500 MHz
      Motherboard Name                                  Unknown
      Motherboard Chipset                               Intel Brookdale i845
      System Memory                                     768 MB
      BIOS Type                                         Award Medallion (08/28/01)
      Communication Port                                Communications Port (COM1)
      Communication Port                                Communications Port (COM2)
      Communication Port                                ECP Printer Port (LPT1)

    Display:
      Video Adapter                                     nVIDIA GeForce FX 5600
      3D Accelerator                                    nVIDIA GeForce FX 5600

    Multimedia:
      Audio Adapter                                     Creative Audigy Platinum Sound Card

    Storage:
      IDE Controller                                    Intel(r) 82801BA Bus Master IDE Controller
      Floppy Drive                                      Floppy disk drive
      Disk Drive                                        ST380011A  (80 GB, 7200 RPM, Ultra-ATA/100)
      Disk Drive                                        Maxtor 4D040H2  (40 GB, 5400 RPM, Ultra-ATA/100)
      Optical Drive                                     LITE-ON DVDRW SOHW-812S
      Optical Drive                                     PIONEER DVD-ROM DVD-116  (16x/40x DVD-ROM)
      SMART Hard Disks Status                           OK

    Partitions:
      C: (NTFS)                                         34558 MB (16118 MB free)
      D: (NTFS)                                         76316 MB (54302 MB free)

    Input:
      Keyboard                                          Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
      Mouse                                             PS/2 Compatible Mouse

    Network:
      Network Adapter                                   Intel(R) PRO/100 VE Network Connection  (24.217.149.115)

    Peripherals:
      USB1 Controller                                   Intel 82801BA(M) ICH2X/M - USB Controller 1 [C-0]
      USB1 Controller                                   Intel 82801BA(M) ICH2X/M - USB Controller 2 [C-0]
      USB Device                                        Generic USB Hub
      USB Device                                        USB Printing Support
      USB Device                                        Visioneer 87XX/89XX USB Scanner


--------[ Debug - PCI ]-------------------------------------------------------------------------------------------------

    B00 D1F F02:  Intel 82801BA(M) ICH2X/M - USB Controller 1 [C-0]
                 
      Offset 00:  86 80 42 24  00 00 00 00  12 00 03 0C  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  43 10 28 80
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

    B00 D1F F04:  Intel 82801BA(M) ICH2X/M - USB Controller 2 [C-0]
                 
      Offset 00:  86 80 44 24  00 00 00 00  12 00 03 0C  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  43 10 28 80
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

    B01 D00 F00:  nVIDIA GeForce FX 5600 Video Adapter
                 
      Offset 00:  DE 10 12 03  00 00 00 00  A1 00 00 03  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

    B00 D1F F01:  Intel 82801BA ICH2X/M - ATA-100 IDE Controller [C-0]
                 
      Offset 00:  86 80 4B 24  00 00 00 00  12 00 01 01  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  43 10 28 80
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

    B02 D0A F00:  Creative Audigy Platinum Sound Card
                 
      Offset 00:  02 11 04 00  00 00 00 00  03 00 80 04  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  02 11 51 00
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

    B02 D0A F01:  Creative Audigy Game Port
                 
      Offset 00:  02 11 03 70  00 00 00 00  03 00 80 04  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  02 11 40 00
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

    B02 D08 F00:  Intel PRO/100 VE Network Connection
                 
      Offset 00:  86 80 49 24  00 00 00 00  03 00 00 02  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  86 80 13 30
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

    B00 D1F F00:  Intel 82801BA ICH2X/M - LPC Bridge [C-0]
                 
      Offset 00:  86 80 40 24  00 00 00 00  12 00 00 08  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

    B00 D01 F00:  Intel 82845 AGP Controller [A-3]
                 
      Offset 00:  86 80 31 1A  00 00 00 00  03 00 00 08  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

    B00 D00 F00:  Intel 82845 Memory Controller Hub [A-3]
                 
      Offset 00:  86 80 30 1A  00 00 00 00  03 00 00 08  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

    B00 D1E F00:  Intel 82801BA I/O Controller Hub 2X/M (ICH2X/M) [C-0]
                 
      Offset 00:  86 80 4E 24  00 00 00 00  12 00 00 08  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

    B02 D0B F00:  Texas Instruments TSB43AB23 1394A-2000 OHCI PHY/Link-Layer Controller
                 
      Offset 00:  4C 10 24 80  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

    B02 D09 F00:  Texas Instruments OHCI Compliant FireWire Controller
                 
      Offset 00:  4C 10 20 80  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  35 12 20 80
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

    B02 D0A F02:  Creative Audigy IEEE1394 Firewire Controller
                 
      Offset 00:  02 11 01 40  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 10:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 20:  00 00 00 00  00 00 00 00  00 00 00 00  02 11 10 00
      Offset 30:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 40:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 50:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 60:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 70:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 80:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset 90:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset A0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset B0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset C0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset D0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset E0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
      Offset F0:  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00


--------[ Debug - Video BIOS ]------------------------------------------------------------------------------------------

    C000:0000  U.~.K7400.L.w.VIDEO ....,.@...IBM VGA Compatible......z.04/04/03
    C000:0040  .................u......_@@`..@........."....u..|.PMIDl.o.......
    C000:0080  .....3...........NV..'..x8 1.................D.P..O...?.?#G.F.F
    C000:00C0  ..'..p.........2...`...0W...q.r.r.r.r.r.r2.>.............r.B....
    C000:0100  .....G.b.R.....................q0.7.=..s....(#..end bmp.....h.O.
    C000:0140  ...G...........S.k..............................U...}...........
    C000:0180  ....................0u..z........n........@...n,...........n....
    C000:01C0  ........r.............0u......n,.......4...n........P...z.......
    C000:0200  .n............k.r.....................k.rq..PCIR............~...
    C000:0240  ....GeForce FX 5600 BIOS........................................
    C000:0280  .....................Version 4.31.20.38.00 ...Copyright (C) 1996
    C000:02C0  -2003 NVIDIA Corp...............................................
    C000:0300  ....NV31 Board - p141nz  ..............Chip Rev   ..............
    C000:0340  ......1.......7.......A...I.f.L.....a......oe.D...............n.
    C000:0380  ....q...>.t.....).x...9.#.f`....q................u..fa.?u....f`3
    C000:03C0  ....fa....C.*....F.......u.........8...t......2.....t..Q........


--------[ Debug - Unknown ]---------------------------------------------------------------------------------------------

    Motherboard     08/28/2001-I845 -P4B-LA


------------------------------------------------------------------------------------------------------------------------

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
ANything else I can give you???

thanks, mike


Let me know if i can give any more info to you.
0
 

Author Comment

by:mikecsaszar
ID: 12012241
Another Question-

Should I delete all instances of MCSTRM and Licctrl from the registry???
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12012579
ok i cannot see tha runservice.exe process now,,,,, and if this problem is not happening in safemode, means in Normal mode there must be those services active, and are causing this......
yes u can delete all instances of MCSTRM and Licctrl from the registry, but dont forget to backup them first for precuations :)
0
 

Author Comment

by:mikecsaszar
ID: 12022730
I am still at a loss....

I have cleaned the registry of all instances of MCSTRM and Licctlr




Key Name:          HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit
Class Name:        <NO CLASS>
Last Write Time:   9/8/2004 - 7:17 PM
Value 0
  Name:            View
  Type:            REG_BINARY
  Data:            
00000000   2c 00 00 00 00 00 00 00 - 01 00 00 00 ff ff ff ff  ,...........ÿÿÿÿ
00000010   ff ff ff ff ff ff ff ff - ff ff ff ff 42 00 00 00  ÿÿÿÿÿÿÿÿÿÿÿÿB...
00000020   42 00 00 00 9a 02 00 00 - dd 01 00 00 d8 00 00 00  B.......Ý...Ø...
00000030   78 00 00 00 78 00 00 00 - 20 01 00 00 01 00 00 00  x...x... .......


Value 1
  Name:            FindFlags
  Type:            REG_DWORD
  Data:            0xe

Value 2
  Name:            LastKey
  Type:            REG_SZ
  Data:            My Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCSTRM


Key Name:          HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites
Class Name:        <NO CLASS>
Last Write Time:   9/8/2004 - 7:13 PM

and


Key Name:          HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*
Class Name:        <NO CLASS>
Last Write Time:   9/8/2004 - 7:15 PM
Value 0
  Name:            a
  Type:            REG_SZ
  Data:            C:\Documents and Settings\Administrator.MIKE-B7RKAHSS5S\My Documents\mcstrm.reg

Value 1
  Name:            MRUList
  Type:            REG_SZ
  Data:            ba

Value 2
  Name:            b
  Type:            REG_SZ
  Data:            C:\Documents and Settings\Administrator.MIKE-B7RKAHSS5S\My Documents\licctrl.reg


and several others where mcstrm an lictrl are mentioned in data strings.  I not sure about dumping these.


I reboot and a still get dumped back to bsod after windows load up.  the last to error messages associated mention licctrl only, however.

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7000
Date:            9/9/2004
Time:            7:04:36 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
The LicCtrl Service service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


I also received a response from real network tech support directing me to delete certain files in windows assc. with real player, which i did.   interestingly I found a regkey that was strange and deleted it as well (it contained mention of runservice, mcstrm, and the -.dll files real told me to delete.  here is that key-


[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant]
"InstallDir"="C:\\WINDOWS\\srchasst\\"
"Actor"="c:\\windows\\srchasst\\chars\\rover.acs"
"UsageCount"=dword:0000000a

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru]

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="Sete3260.dll"
"001"="Rnuninst.exe"
"002"="Rmoc3260.dl"
"003"="Prefscpl.cpl"
"004"="Pnen3260.dll"
"005"="Pndx5016.dll"
"006"="Pndx5032.dll"
"007"="runservice"
"008"="mcstrm"
"009"="WDM"

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5604]

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips]

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl]

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa0]
"TimesResisted"=dword:00000000
"TimesDisplayed"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa1]
"TimesResisted"=dword:00000000
"TimesDisplayed"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa2]
"TimesResisted"=dword:00000000
"TimesDisplayed"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa4]
"TimesResisted"=dword:00000000
"TimesDisplayed"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa5]
"TimesResisted"=dword:00000000
"TimesDisplayed"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa6]
"TimesResisted"=dword:00000000
"TimesDisplayed"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa8]
"TimesResisted"=dword:00000000
"TimesDisplayed"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\fa9]
"TimesResisted"=dword:00000000
"TimesDisplayed"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\Tips\SrchAssCtl\faa]
"TimesResisted"=dword:00000000
"TimesDisplayed"=dword:00000000

any more suggestions anyone???  My wife is starting to think I'm having a internet affair now.



0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12022768
ok before going into mroe depth,,,, try an easy step first.....
create a new user and then login with it
check if same BSOD problem is happening or not ??
0
 

Author Comment

by:mikecsaszar
ID: 12022852
thanks, i will try.

btw- i have elicence control folder in my control panel and it is empty-- signifcant???

also, here is the last error message i got after bsod

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7001
Date:            9/9/2004
Time:            7:38:36 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
The SAVScan service depends on the SAVRT service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
thanks again.
0
 

Author Comment

by:mikecsaszar
ID: 12022943
i created a new user in safe mode (correct?) and tried to logon normal windows. The user was there but
windows said it cannot find the file for the user.  it logged me into windows as the default account and presto
bsod with this error:
Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7001
Date:            9/9/2004
Time:            8:03:03 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
The SAVScan service depends on the SAVRT service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



and


Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7026
Date:            9/9/2004
Time:            8:03:03 PM
User:            N/A
Computer:      MIKE-B7RKAHSS5S
Description:
The following boot-start or system-start driver(s) failed to load:
ATMhelpr
Fips
Processor
SAVRT
SAVRTPEL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.as



of note- all safe modes are functional-- even the safemode for directory service whatever that is

also-

Licctrol is listed in the services (start up disabled)-  the path to executable is C:\WINDOWS\runservice.exe, which does not exist..




0
 

Author Comment

by:mikecsaszar
ID: 12022979
those error previously appeared related to norton av 2004

recommend re-install of norton?
0
 

Author Comment

by:mikecsaszar
ID: 12023144
Ok whatever i did worked.  I don't know what happened.  I rebooted into last good config then imediately restarted.  Maybe this is what i should have done all along.  So far everything is good.  I can load disc into either drive without any problems.  any suggestions at this point to make sure i will stay good?

Anyway thanks to Sheharyaar and Daveexnet.  I learned a lot about how to troubleshoot and not to fear the registry monster so much.  
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12026525
wowwwww.... see the length of this thread.... and see the Final solution..... why windows cannot behave like a gentleman =\

lol.. anywayzzzzzz im gald that finally u are back with ur system and happy that registry monster has gone from ur house ;-)
Cheers ^_^
0
 

Expert Comment

by:nemmex
ID: 21452409
I know that this thread has already been answered. However, I wanted to add some information here anyways so that people will know how to solve the problems that Realplayer and Rhapsody have on Windows Vista.

First, I wanted to clarify for everyone that the mcstrm.sys file is put in the system32/drivers folder by Realplayer. It is a required file for Rhapsody to work.

The problem with the file location is actually in the registry. In order to stop getting errors in your system log about the file being not a valid Win32 application or the path being invalid, you must:

1. Run regedit
2. Go to HKLM > SYSTEM > ControlSet001 > Services > MCSTRM (or you can search for mcstrm in the registry until you get to a key that contains a ImagePath string value
3. Change the ImagePath value to this EXACTLY: System32\DRIVERS\mcstrm.sys

- This should be the location where mcstrm is installed. If this doesn't work the first time, delete the file mcstrm.sys from C:\Windows\System32\drivers and then reinstall Real and Rhapsody.They will work fine. Even on Vista Home Edition.

Ben Sigman
Rent-A-Geek
rentageekla.com
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Most of the time we are in fix when all of sudden our systems behave weirdly.  Such problems cost time and effort... so it's best to take some preventive actions so that we can avoid such issues or overcome such problems more easily. Preventive M…
If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now