mikecsaszar
asked on
Can anyone elaborate on what type of service MCSTRM is....
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/6/2004
Time: 7:29:03 PM
User: N/A
Computer:
Description:
The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I have not been able to find any info this service.
My computer will reboot on occasion when I insert a disk into either one of my optical drives (lite on dvd-rw and a pioneer dvd-rom). Spyware sweep clean (Spysweeper) and virus scan is clean (norton 2004) I ran Registry mechanic and it was also clean.
Hijack report:
Logfile of HijackThis v1.97.7
Scan saved at 5:45:16 PM, on 9/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bi n\jusched. exe
C:\WINDOWS\system32\dla\tf swctrl.exe
C:\WINDOWS\system32\CTHELP ER.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3 2.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ssofts rv.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.ex e
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\HijackThis.exe
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-0 0123456789 0} - C:\WINDOWS\system32\dla\tf swshx.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bi n\jusched. exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump rep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf swctrl.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpda te.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmse arch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmba cklinks.ht ml
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmca che.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmsi milar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmtr ans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.d ll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2 407B42F57C 9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092957777287
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0 050DA18DE7 1} (RdxIE Class) - http://software-dl.real.com/20d3d0cae4a3e811c300/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-4 7A8489BB47 F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38201.2751041667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Also I have OEM XP with SP2 installed. I plan to download boot disks from allbootdisk.com, is it necessary to copy this to floppy or can i burn to cd?
Interestingly, a google of MCSTRM links to several porn sites. a clue?
Sorry about the disjointedness of this question and please tell me if you need anymore info
Thanks,
Mike
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/6/2004
Time: 7:29:03 PM
User: N/A
Computer:
Description:
The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I have not been able to find any info this service.
My computer will reboot on occasion when I insert a disk into either one of my optical drives (lite on dvd-rw and a pioneer dvd-rom). Spyware sweep clean (Spysweeper) and virus scan is clean (norton 2004) I ran Registry mechanic and it was also clean.
Hijack report:
Logfile of HijackThis v1.97.7
Scan saved at 5:45:16 PM, on 9/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bi
C:\WINDOWS\system32\dla\tf
C:\WINDOWS\system32\CTHELP
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ssofts
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.ex
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bi
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpda
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.d
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
Also I have OEM XP with SP2 installed. I plan to download boot disks from allbootdisk.com, is it necessary to copy this to floppy or can i burn to cd?
Interestingly, a google of MCSTRM links to several porn sites. a clue?
Sorry about the disjointedness of this question and please tell me if you need anymore info
Thanks,
Mike
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the replies.
1. Cant find MSTRM using MSconfig or services.msc nor in a windows search.
2. I will try to induce the error or restart and give a new hijack.
thanks
1. Cant find MSTRM using MSconfig or services.msc nor in a windows search.
2. I will try to induce the error or restart and give a new hijack.
thanks
ASKER
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/7/2004
Time: 7:25:28 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I put a random cd into my lite on dvdrw drive and cause a reboot. my recovery settings for automatic restart is unchecked.
I restarted and the windows loaded and then restart itself to a save dump. I rebooted to last good config.
here is the bug check
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 9/7/2004
Time: 7:25:03 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf7d00d4c, 0xf7d00a48, 0xf3260d42). A dump was saved in: C:\WINDOWS\Minidump\Mini09 0704-02.dm p.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
This tends to happen when a load a disc from either optical drive.
Hijack file-
Logfile of HijackThis v1.97.7
Scan saved at 7:35:46 PM, on 9/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bi n\jusched. exe
C:\WINDOWS\system32\dla\tf swctrl.exe
C:\WINDOWS\system32\CTHELP ER.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3 2.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ssofts rv.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.ex e
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\HijackThis.exe
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-0 0123456789 0} - C:\WINDOWS\system32\dla\tf swshx.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bi n\jusched. exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump rep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf swctrl.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter. exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmse arch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmba cklinks.ht ml
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmca che.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmsi milar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmtr ans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.d ll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2 407B42F57C 9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092957777287
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0 050DA18DE7 1} (RdxIE Class) - http://software-dl.real.com/20d3d0cae4a3e811c300/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-4 7A8489BB47 F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38201.2751041667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
What now? btw what is the best way to get rid of runservice.exe
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/7/2004
Time: 7:25:28 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I put a random cd into my lite on dvdrw drive and cause a reboot. my recovery settings for automatic restart is unchecked.
I restarted and the windows loaded and then restart itself to a save dump. I rebooted to last good config.
here is the bug check
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 9/7/2004
Time: 7:25:03 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf7d00d4c, 0xf7d00a48, 0xf3260d42). A dump was saved in: C:\WINDOWS\Minidump\Mini09
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
This tends to happen when a load a disc from either optical drive.
Hijack file-
Logfile of HijackThis v1.97.7
Scan saved at 7:35:46 PM, on 9/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bi
C:\WINDOWS\system32\dla\tf
C:\WINDOWS\system32\CTHELP
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ssofts
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.ex
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bi
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.d
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
What now? btw what is the best way to get rid of runservice.exe
ASKER
also autoplay for both drives are set to ask me to choose an action.
but wait here are a couple more error messages that happened while typing this-
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 9/7/2004
Time: 7:41:05 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
AND
Event Type: Error
Event Source: Application Hang
Event Category: None
Event ID: 1001
Date: 9/7/2004
Time: 7:41:29 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
Fault bucket 127043675.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 31 32 37 30 34 33 36 37 12704367
0010: 35 0d 0a 5..
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 9/7/2004
Time: 7:41:18 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
Hanging application explorer.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 65 78 70 6c 6f 72 explor
0018: 65 72 2e 65 78 65 20 36 er.exe 6
0020: 2e 30 2e 32 39 30 30 2e .0.2900.
0028: 32 31 38 30 20 69 6e 20 2180 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00
and
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1001
Date: 9/7/2004
Time: 7:40:24 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
Fault bucket 00733296.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 30 30 37 33 33 32 39 36 00733296
0010: 0d 0a ..
and
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 9/7/2004
Time: 7:40:04 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 64 72 77 ure drw
0018: 74 73 6e 33 32 2e 65 78 tsn32.ex
0020: 65 20 35 2e 31 2e 32 36 e 5.1.26
0028: 30 30 2e 30 20 69 6e 20 00.0 in
0030: 64 62 67 68 65 6c 70 2e dbghelp.
0038: 64 6c 6c 20 35 2e 31 2e dll 5.1.
0040: 32 36 30 30 2e 32 31 38 2600.218
0048: 30 20 61 74 20 6f 66 66 0 at off
0050: 73 65 74 20 30 30 30 31 set 0001
0058: 32 39 35 64 295d
These logs really mean nothing to me. What else can I give you to help?
but wait here are a couple more error messages that happened while typing this-
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 9/7/2004
Time: 7:41:05 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
AND
Event Type: Error
Event Source: Application Hang
Event Category: None
Event ID: 1001
Date: 9/7/2004
Time: 7:41:29 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
Fault bucket 127043675.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 31 32 37 30 34 33 36 37 12704367
0010: 35 0d 0a 5..
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 9/7/2004
Time: 7:41:18 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
Hanging application explorer.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 65 78 70 6c 6f 72 explor
0018: 65 72 2e 65 78 65 20 36 er.exe 6
0020: 2e 30 2e 32 39 30 30 2e .0.2900.
0028: 32 31 38 30 20 69 6e 20 2180 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00
and
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1001
Date: 9/7/2004
Time: 7:40:24 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
Fault bucket 00733296.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 30 30 37 33 33 32 39 36 00733296
0010: 0d 0a ..
and
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 9/7/2004
Time: 7:40:04 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 64 72 77 ure drw
0018: 74 73 6e 33 32 2e 65 78 tsn32.ex
0020: 65 20 35 2e 31 2e 32 36 e 5.1.26
0028: 30 30 2e 30 20 69 6e 20 00.0 in
0030: 64 62 67 68 65 6c 70 2e dbghelp.
0038: 64 6c 6c 20 35 2e 31 2e dll 5.1.
0040: 32 36 30 30 2e 32 31 38 2600.218
0048: 30 20 61 74 20 6f 66 66 0 at off
0050: 73 65 74 20 30 30 30 31 set 0001
0058: 32 39 35 64 295d
These logs really mean nothing to me. What else can I give you to help?
>> The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).
this is this process >> C:\WINDOWS\runservice.exe >> http://www.2-spyware.com/file-runservice-exe.html
if u cannot find this service in msconfig or servies, then u can try renaming this runservice.exe to something else in C:\Windows
restart and check now ??
this is this process >> C:\WINDOWS\runservice.exe >> http://www.2-spyware.com/file-runservice-exe.html
if u cannot find this service in msconfig or servies, then u can try renaming this runservice.exe to something else in C:\Windows
restart and check now ??
ASKER
ogfile of HijackThis v1.97.7
Scan saved at 8:19:32 PM, on 9/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\savedu mp.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bi n\jusched. exe
C:\WINDOWS\system32\dla\tf swctrl.exe
C:\WINDOWS\system32\CTHELP ER.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3 2.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ssofts rv.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mmc.ex e
C:\WINDOWS\system32\wuaucl t.exe
C:\WINDOWS\System32\wbem\w miprvse.ex e
C:\WINDOWS\system32\taskmg r.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\HijackThis.exe
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-0 0123456789 0} - C:\WINDOWS\system32\dla\tf swshx.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bi n\jusched. exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump rep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf swctrl.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter. exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmse arch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmba cklinks.ht ml
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmca che.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmsi milar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmtr ans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.d ll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2 407B42F57C 9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092957777287
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0 050DA18DE7 1} (RdxIE Class) - http://software-dl.real.com/20d3d0cae4a3e811c300/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-4 7A8489BB47 F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38201.2751041667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Here is a better timeline of events:
Anytime I restart I get the BSOD along with the the messages:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/7/2004
Time: 8:17:02 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
AND
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/7/2004
Time: 8:17:02 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The LicCtrl Service service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
AND Something like this
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 9/7/2004
Time: 8:16:44 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf7d2cd4c, 0xf7d2ca48, 0xf2b1cd42). A dump was saved in: C:\WINDOWS\Minidump\Mini09 0704-04.dm p.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I retrieved these logs after a reboot (f8) to last good config. THe hijack file above is the most recent after the reboot. Of note- everytime I go into last good config. windows re-recognize my optical drives as new hardware (liteon dvdrw recently installed and pioneer dvd rom.) the drives are in the secondary controller and master/ slave respectively. This is the same as the original config with the oem cd rw that I replace.
This is fun!
When a boot is done into the last good config, does this refer only to the registry??
I think I should up the point totally on this one.
Scan saved at 8:19:32 PM, on 9/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\savedu
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bi
C:\WINDOWS\system32\dla\tf
C:\WINDOWS\system32\CTHELP
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ssofts
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mmc.ex
C:\WINDOWS\system32\wuaucl
C:\WINDOWS\System32\wbem\w
C:\WINDOWS\system32\taskmg
C:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bi
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.d
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
Here is a better timeline of events:
Anytime I restart I get the BSOD along with the the messages:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/7/2004
Time: 8:17:02 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
AND
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/7/2004
Time: 8:17:02 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The LicCtrl Service service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
AND Something like this
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 9/7/2004
Time: 8:16:44 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf7d2cd4c, 0xf7d2ca48, 0xf2b1cd42). A dump was saved in: C:\WINDOWS\Minidump\Mini09
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I retrieved these logs after a reboot (f8) to last good config. THe hijack file above is the most recent after the reboot. Of note- everytime I go into last good config. windows re-recognize my optical drives as new hardware (liteon dvdrw recently installed and pioneer dvd rom.) the drives are in the secondary controller and master/ slave respectively. This is the same as the original config with the oem cd rw that I replace.
This is fun!
When a boot is done into the last good config, does this refer only to the registry??
I think I should up the point totally on this one.
ASKER
I found the MCSTRM file in the registry. I am not sure what the info listed means but here it is-
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\MCS TRM
Class Name: <NO CLASS>
Last Write Time: 9/7/2004 - 8:15 PM
Value 0
Name: Type
Type: REG_DWORD
Data: 0x1
Value 1
Name: Start
Type: REG_DWORD
Data: 0x2
Value 2
Name: ErrorControl
Type: REG_DWORD
Data: 0x1
Value 3
Name: DisplayName
Type: REG_SZ
Data: MCSTRM
Value 4
Name: Group
Type: REG_SZ
Data: MCSTRM
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\MCS TRM\Securi ty
Class Name: <NO CLASS>
Last Write Time: 8/19/2004 - 6:36 PM
Value 0
Name: Security
Type: REG_BINARY
Data:
00000000 01 00 14 80 90 00 00 00 - 9c 00 00 00 14 00 00 00 ................
00000010 30 00 00 00 02 00 1c 00 - 01 00 00 00 02 80 14 00 0...............
00000020 ff 01 0f 00 01 01 00 00 - 00 00 00 01 00 00 00 00 ÿ...............
00000030 02 00 60 00 04 00 00 00 - 00 00 14 00 fd 01 02 00 ..`.........ý...
00000040 01 01 00 00 00 00 00 05 - 12 00 00 00 00 00 18 00 ................
00000050 ff 01 0f 00 01 02 00 00 - 00 00 00 05 20 00 00 00 ÿ........... ...
00000060 20 02 00 00 00 00 14 00 - 8d 01 02 00 01 01 00 00 ...............
00000070 00 00 00 05 0b 00 00 00 - 00 00 18 00 fd 01 02 00 ............ý...
00000080 01 02 00 00 00 00 00 05 - 20 00 00 00 23 02 00 00 ........ ...#...
00000090 01 01 00 00 00 00 00 05 - 12 00 00 00 01 01 00 00 ................
000000a0 00 00 00 05 12 00 00 00 - ........
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\MCS TRM\Enum
Class Name: <NO CLASS>
Last Write Time: 9/7/2004 - 8:16 PM
Value 0
Name: 0
Type: REG_SZ
Data: Root\LEGACY_MCSTRM\0000
Value 1
Name: Count
Type: REG_DWORD
Data: 0x1
Value 2
Name: NextInstance
Type: REG_DWORD
Data: 0x1
Value 3
Name: INITSTARTFAILED
Type: REG_DWORD
Data: 0x1
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\
Class Name: <NO CLASS>
Last Write Time: 9/7/2004 - 8:15 PM
Value 0
Name: Type
Type: REG_DWORD
Data: 0x1
Value 1
Name: Start
Type: REG_DWORD
Data: 0x2
Value 2
Name: ErrorControl
Type: REG_DWORD
Data: 0x1
Value 3
Name: DisplayName
Type: REG_SZ
Data: MCSTRM
Value 4
Name: Group
Type: REG_SZ
Data: MCSTRM
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\
Class Name: <NO CLASS>
Last Write Time: 8/19/2004 - 6:36 PM
Value 0
Name: Security
Type: REG_BINARY
Data:
00000000 01 00 14 80 90 00 00 00 - 9c 00 00 00 14 00 00 00 ................
00000010 30 00 00 00 02 00 1c 00 - 01 00 00 00 02 80 14 00 0...............
00000020 ff 01 0f 00 01 01 00 00 - 00 00 00 01 00 00 00 00 ÿ...............
00000030 02 00 60 00 04 00 00 00 - 00 00 14 00 fd 01 02 00 ..`.........ý...
00000040 01 01 00 00 00 00 00 05 - 12 00 00 00 00 00 18 00 ................
00000050 ff 01 0f 00 01 02 00 00 - 00 00 00 05 20 00 00 00 ÿ........... ...
00000060 20 02 00 00 00 00 14 00 - 8d 01 02 00 01 01 00 00 ...............
00000070 00 00 00 05 0b 00 00 00 - 00 00 18 00 fd 01 02 00 ............ý...
00000080 01 02 00 00 00 00 00 05 - 20 00 00 00 23 02 00 00 ........ ...#...
00000090 01 01 00 00 00 00 00 05 - 12 00 00 00 01 01 00 00 ................
000000a0 00 00 00 05 12 00 00 00 - ........
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\
Class Name: <NO CLASS>
Last Write Time: 9/7/2004 - 8:16 PM
Value 0
Name: 0
Type: REG_SZ
Data: Root\LEGACY_MCSTRM\0000
Value 1
Name: Count
Type: REG_DWORD
Data: 0x1
Value 2
Name: NextInstance
Type: REG_DWORD
Data: 0x1
Value 3
Name: INITSTARTFAILED
Type: REG_DWORD
Data: 0x1
It must be a non-plug and play service or driver.
Open the device manager. Select View/show hidden devices.
Look at the non-plug and play drivers.
Click the item in question/disable.
Also, you can just delete the key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\MCS TRM
Dave
Open the device manager. Select View/show hidden devices.
Look at the non-plug and play drivers.
Click the item in question/disable.
Also, you can just delete the key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\
Dave
>> I found the MCSTRM file in the registry.
ofcourse,,,, backup this key\folder and then delete it..... coz first of all its unknown service, second this is not found on ur system, third its creating problems, so there is no need of it to present in the services registry folder !!
infact, i will say to remove this LicCtrl Service also from registry.... its that process runservice.exe which is not required by u, and this is failing also..... so remove these both !!
ofcourse,,,, backup this key\folder and then delete it..... coz first of all its unknown service, second this is not found on ur system, third its creating problems, so there is no need of it to present in the services registry folder !!
infact, i will say to remove this LicCtrl Service also from registry.... its that process runservice.exe which is not required by u, and this is failing also..... so remove these both !!
ASKER
I will try these fixes and update after work. thanks
ASKER
Driver : MCSTRM
Description : RealNetworks Virtual Path Manager®
Version : 5.0.2195.7
Company : RealNetworks, Inc.
Off of yahoo.
Description : RealNetworks Virtual Path Manager®
Version : 5.0.2195.7
Company : RealNetworks, Inc.
Off of yahoo.
now what is this RealNetworks Virtual Path Manager :-?
Real.com has nothing related to it on its site.... neither Google came up with anything =\
Real.com has nothing related to it on its site.... neither Google came up with anything =\
ASKER
I did install and uninstall realplayer a few weeks ago to try the 49 cent downloads. the realplayer library wasn't easy to use and crashed a lot so i uninstalled it. Perhaps it is a remnant of real service, maybe radiopass?
hmmmmm radio pass... i dont use it, i have the free real player and that can be the reason i dont have such service ??
ASKER
Maybe it's a driver to support the ipod management?? wild guess.
hmmmmmmmm, btw just tell me one thing,,,,, are u abel to boot from the CD without this rebooting problem ??
or when u boot into safemode, and insert a CD or DVD, same thing happens there also ??
or when u boot into safemode, and insert a CD or DVD, same thing happens there also ??
ASKER
"when u boot into safemode, and insert a CD or DVD, same thing happens there also ??"
I haven't tried to create the problem in safe mood yet. But I will tonight.
"are u abel to boot from the CD without this rebooting problem ??"
not sure what you mean by this.
I emailed tech support a real concerning MCSTRM, hopefully they will reply this year.
So tonight i plan to back up and delete the registries for MCSRTM and liccrtl
I will run chkdsk on both my hard drives to check for errors.
I will download bootdisks for xp sp2 (I have nothing to boot from besides whats on the hard drive).
I will update again, any other suggestions?
>> not sure what you mean by this.
coz i was thinking, if it wud be a firmware or motherboard compatibility problem, u wud be unable to boot from the bootable cds..... coz as soon as it tries to access the CD, it shud restart or freeze ur system.... right :-?
coz i was thinking, if it wud be a firmware or motherboard compatibility problem, u wud be unable to boot from the bootable cds..... coz as soon as it tries to access the CD, it shud restart or freeze ur system.... right :-?
ASKER
UPDATE----
1. backed up MCSTRM and licctrl registry entries and delete in normal windows.
2. Found MCSTRM in hidden device manager non plug and play- uninstalled it in normal windows.
rebooted to windows and had the same problem as before - BSOD with MCSTRM and Licctrl error messages.
I rebooted into safe mode and logged on as admin. Computer stated admin file could not be find and logged me in as default user. I could not delete MCSTRM or Licctrl in this safe mode profile- error message was something like "cannot not delete files-error in deleting"
So.. i rebooted to safemode under my user name without a problem. MCSTRM and Licctrl dont exist in this profile. I tried disc in both optical drives and both worked fine without any problems. so here i sit.
hijack of safemode currently-
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mmc.ex e
C:\Program Files\Lavalys\EVEREST Home Edition\everest.bin
C:\WINDOWS\regedit.exe
D:\Documents and Settings\HijackThis.exe
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-0 0123456789 0} - C:\WINDOWS\system32\dla\tf swshx.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCt r\Binaries \MSConfig. exe /auto
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmse arch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmba cklinks.ht ml
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmca che.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmsi milar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar 1.dll/cmtr ans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.d ll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2 407B42F57C 9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092957777287
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0 050DA18DE7 1} (RdxIE Class) - http://software-dl.real.com/20d3d0cae4a3e811c300/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-4 7A8489BB47 F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38201.2751041667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Here is a everest profile:
--------[ EVEREST Home Edition (c) 2003, 2004 Lavalys, Inc. ]------------------------- ---------- ---------- ---------- ----
Version EVEREST v1.10.106
Homepage http://www.lavalys.com/
Report Type Report Wizard
Computer MIKE-B7RKAHSS5S
Generator Mike
Operating System Microsoft Windows XP Home Edition 5.1.2600 (WinXP Retail)
Date 2004-09-08
Time 19:37
--------[ Summary ]------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ------
Computer:
Operating System Microsoft Windows XP Home Edition
OS Service Pack Service Pack 2
Internet Explorer 6.0.2900.2180
DirectX 4.09.00.0904 (DirectX 9.0)
Computer Name MIKE-B7RKAHSS5S
User Name Mike
Motherboard:
CPU Type Intel Pentium 4, 1500 MHz
Motherboard Name Unknown
Motherboard Chipset Intel Brookdale i845
System Memory 768 MB
BIOS Type Award Medallion (08/28/01)
Communication Port Communications Port (COM1)
Communication Port Communications Port (COM2)
Communication Port ECP Printer Port (LPT1)
Display:
Video Adapter nVIDIA GeForce FX 5600
3D Accelerator nVIDIA GeForce FX 5600
Multimedia:
Audio Adapter Creative Audigy Platinum Sound Card
Storage:
IDE Controller Intel(r) 82801BA Bus Master IDE Controller
Floppy Drive Floppy disk drive
Disk Drive ST380011A (80 GB, 7200 RPM, Ultra-ATA/100)
Disk Drive Maxtor 4D040H2 (40 GB, 5400 RPM, Ultra-ATA/100)
Optical Drive LITE-ON DVDRW SOHW-812S
Optical Drive PIONEER DVD-ROM DVD-116 (16x/40x DVD-ROM)
SMART Hard Disks Status OK
Partitions:
C: (NTFS) 34558 MB (16118 MB free)
D: (NTFS) 76316 MB (54302 MB free)
Input:
Keyboard Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Mouse PS/2 Compatible Mouse
Network:
Network Adapter Intel(R) PRO/100 VE Network Connection (24.217.149.115)
Peripherals:
USB1 Controller Intel 82801BA(M) ICH2X/M - USB Controller 1 [C-0]
USB1 Controller Intel 82801BA(M) ICH2X/M - USB Controller 2 [C-0]
USB Device Generic USB Hub
USB Device USB Printing Support
USB Device Visioneer 87XX/89XX USB Scanner
--------[ Debug - PCI ]------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --
B00 D1F F02: Intel 82801BA(M) ICH2X/M - USB Controller 1 [C-0]
Offset 00: 86 80 42 24 00 00 00 00 12 00 03 0C 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 28 80
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B00 D1F F04: Intel 82801BA(M) ICH2X/M - USB Controller 2 [C-0]
Offset 00: 86 80 44 24 00 00 00 00 12 00 03 0C 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 28 80
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B01 D00 F00: nVIDIA GeForce FX 5600 Video Adapter
Offset 00: DE 10 12 03 00 00 00 00 A1 00 00 03 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B00 D1F F01: Intel 82801BA ICH2X/M - ATA-100 IDE Controller [C-0]
Offset 00: 86 80 4B 24 00 00 00 00 12 00 01 01 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 28 80
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B02 D0A F00: Creative Audigy Platinum Sound Card
Offset 00: 02 11 04 00 00 00 00 00 03 00 80 04 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 02 11 51 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B02 D0A F01: Creative Audigy Game Port
Offset 00: 02 11 03 70 00 00 00 00 03 00 80 04 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 02 11 40 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B02 D08 F00: Intel PRO/100 VE Network Connection
Offset 00: 86 80 49 24 00 00 00 00 03 00 00 02 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 86 80 13 30
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B00 D1F F00: Intel 82801BA ICH2X/M - LPC Bridge [C-0]
Offset 00: 86 80 40 24 00 00 00 00 12 00 00 08 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B00 D01 F00: Intel 82845 AGP Controller [A-3]
Offset 00: 86 80 31 1A 00 00 00 00 03 00 00 08 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B00 D00 F00: Intel 82845 Memory Controller Hub [A-3]
Offset 00: 86 80 30 1A 00 00 00 00 03 00 00 08 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B00 D1E F00: Intel 82801BA I/O Controller Hub 2X/M (ICH2X/M) [C-0]
Offset 00: 86 80 4E 24 00 00 00 00 12 00 00 08 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B02 D0B F00: Texas Instruments TSB43AB23 1394A-2000 OHCI PHY/Link-Layer Controller
Offset 00: 4C 10 24 80 00 00 00 00 00 00 00 00 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B02 D09 F00: Texas Instruments OHCI Compliant FireWire Controller
Offset 00: 4C 10 20 80 00 00 00 00 00 00 00 00 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 35 12 20 80
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B02 D0A F02: Creative Audigy IEEE1394 Firewire Controller
Offset 00: 02 11 01 40 00 00 00 00 00 00 00 00 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 02 11 10 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
--------[ Debug - Video BIOS ]------------------------- ---------- ---------- ---------- ---------- ---------- ---------- -----
C000:0000 U.~.K7400.L.w.VIDEO ....,.@...IBM VGA Compatible......z.04/04/03
C000:0040 .................u......_@ @`..@..... ...."....u ..|.PMIDl. o.......
C000:0080 .....3...........NV..'..x 8 1.................D.P..O.. .?.?#G.F.F
C000:00C0 ..'..p.........2...`...0W. ..q.r.r.r. r.r.r2.>.. .......... .r.B....
C000:0100 .....G.b.R................ .....q0.7. =..s....(# ..end bmp.....h.O.
C000:0140 ...G...........S.k........ .......... .......... ..U...}... ........
C000:0180 ....................0u..z. .......n.. ......@... n,........ ...n....
C000:01C0 ........r.............0u.. ....n,.... ...4...n.. ......P... z.......
C000:0200 .n............k.r......... .......... ..k.rq..PC IR........ ....~...
C000:0240 ....GeForce FX 5600 BIOS...................... .......... ........
C000:0280 .....................Versi on 4.31.20.38.00 ...Copyright (C) 1996
C000:02C0 -2003 NVIDIA Corp...................... .......... .......... .....
C000:0300 ....NV31 Board - p141nz ..............Chip Rev ..............
C000:0340 ......1.......7.......A... I.f.L..... a......oe. D......... ......n.
C000:0380 ....q...>.t.....).x...9.#. f`....q... .......... ...u..fa.? u....f`3
C000:03C0 ....fa....C.*....F.......u .........8 ...t...... 2.....t..Q ........
--------[ Debug - Unknown ]------------------------- ---------- ---------- ---------- ---------- ---------- ---------- --------
Motherboard 08/28/2001-I845 -P4B-LA
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ----
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
ANything else I can give you???
thanks, mike
Let me know if i can give any more info to you.
1. backed up MCSTRM and licctrl registry entries and delete in normal windows.
2. Found MCSTRM in hidden device manager non plug and play- uninstalled it in normal windows.
rebooted to windows and had the same problem as before - BSOD with MCSTRM and Licctrl error messages.
I rebooted into safe mode and logged on as admin. Computer stated admin file could not be find and logged me in as default user. I could not delete MCSTRM or Licctrl in this safe mode profile- error message was something like "cannot not delete files-error in deleting"
So.. i rebooted to safemode under my user name without a problem. MCSTRM and Licctrl dont exist in this profile. I tried disc in both optical drives and both worked fine without any problems. so here i sit.
hijack of safemode currently-
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mmc.ex
C:\Program Files\Lavalys\EVEREST Home Edition\everest.bin
C:\WINDOWS\regedit.exe
D:\Documents and Settings\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCt
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.d
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
Here is a everest profile:
--------[ EVEREST Home Edition (c) 2003, 2004 Lavalys, Inc. ]-------------------------
Version EVEREST v1.10.106
Homepage http://www.lavalys.com/
Report Type Report Wizard
Computer MIKE-B7RKAHSS5S
Generator Mike
Operating System Microsoft Windows XP Home Edition 5.1.2600 (WinXP Retail)
Date 2004-09-08
Time 19:37
--------[ Summary ]-------------------------
Computer:
Operating System Microsoft Windows XP Home Edition
OS Service Pack Service Pack 2
Internet Explorer 6.0.2900.2180
DirectX 4.09.00.0904 (DirectX 9.0)
Computer Name MIKE-B7RKAHSS5S
User Name Mike
Motherboard:
CPU Type Intel Pentium 4, 1500 MHz
Motherboard Name Unknown
Motherboard Chipset Intel Brookdale i845
System Memory 768 MB
BIOS Type Award Medallion (08/28/01)
Communication Port Communications Port (COM1)
Communication Port Communications Port (COM2)
Communication Port ECP Printer Port (LPT1)
Display:
Video Adapter nVIDIA GeForce FX 5600
3D Accelerator nVIDIA GeForce FX 5600
Multimedia:
Audio Adapter Creative Audigy Platinum Sound Card
Storage:
IDE Controller Intel(r) 82801BA Bus Master IDE Controller
Floppy Drive Floppy disk drive
Disk Drive ST380011A (80 GB, 7200 RPM, Ultra-ATA/100)
Disk Drive Maxtor 4D040H2 (40 GB, 5400 RPM, Ultra-ATA/100)
Optical Drive LITE-ON DVDRW SOHW-812S
Optical Drive PIONEER DVD-ROM DVD-116 (16x/40x DVD-ROM)
SMART Hard Disks Status OK
Partitions:
C: (NTFS) 34558 MB (16118 MB free)
D: (NTFS) 76316 MB (54302 MB free)
Input:
Keyboard Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Mouse PS/2 Compatible Mouse
Network:
Network Adapter Intel(R) PRO/100 VE Network Connection (24.217.149.115)
Peripherals:
USB1 Controller Intel 82801BA(M) ICH2X/M - USB Controller 1 [C-0]
USB1 Controller Intel 82801BA(M) ICH2X/M - USB Controller 2 [C-0]
USB Device Generic USB Hub
USB Device USB Printing Support
USB Device Visioneer 87XX/89XX USB Scanner
--------[ Debug - PCI ]-------------------------
B00 D1F F02: Intel 82801BA(M) ICH2X/M - USB Controller 1 [C-0]
Offset 00: 86 80 42 24 00 00 00 00 12 00 03 0C 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 28 80
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B00 D1F F04: Intel 82801BA(M) ICH2X/M - USB Controller 2 [C-0]
Offset 00: 86 80 44 24 00 00 00 00 12 00 03 0C 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 28 80
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B01 D00 F00: nVIDIA GeForce FX 5600 Video Adapter
Offset 00: DE 10 12 03 00 00 00 00 A1 00 00 03 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B00 D1F F01: Intel 82801BA ICH2X/M - ATA-100 IDE Controller [C-0]
Offset 00: 86 80 4B 24 00 00 00 00 12 00 01 01 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 28 80
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B02 D0A F00: Creative Audigy Platinum Sound Card
Offset 00: 02 11 04 00 00 00 00 00 03 00 80 04 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 02 11 51 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B02 D0A F01: Creative Audigy Game Port
Offset 00: 02 11 03 70 00 00 00 00 03 00 80 04 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 02 11 40 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B02 D08 F00: Intel PRO/100 VE Network Connection
Offset 00: 86 80 49 24 00 00 00 00 03 00 00 02 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 86 80 13 30
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B00 D1F F00: Intel 82801BA ICH2X/M - LPC Bridge [C-0]
Offset 00: 86 80 40 24 00 00 00 00 12 00 00 08 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B00 D01 F00: Intel 82845 AGP Controller [A-3]
Offset 00: 86 80 31 1A 00 00 00 00 03 00 00 08 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B00 D00 F00: Intel 82845 Memory Controller Hub [A-3]
Offset 00: 86 80 30 1A 00 00 00 00 03 00 00 08 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B00 D1E F00: Intel 82801BA I/O Controller Hub 2X/M (ICH2X/M) [C-0]
Offset 00: 86 80 4E 24 00 00 00 00 12 00 00 08 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B02 D0B F00: Texas Instruments TSB43AB23 1394A-2000 OHCI PHY/Link-Layer Controller
Offset 00: 4C 10 24 80 00 00 00 00 00 00 00 00 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B02 D09 F00: Texas Instruments OHCI Compliant FireWire Controller
Offset 00: 4C 10 20 80 00 00 00 00 00 00 00 00 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 35 12 20 80
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
B02 D0A F02: Creative Audigy IEEE1394 Firewire Controller
Offset 00: 02 11 01 40 00 00 00 00 00 00 00 00 00 00 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 02 11 10 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
--------[ Debug - Video BIOS ]-------------------------
C000:0000 U.~.K7400.L.w.VIDEO ....,.@...IBM VGA Compatible......z.04/04/03
C000:0040 .................u......_@
C000:0080 .....3...........NV..'..x
C000:00C0 ..'..p.........2...`...0W.
C000:0100 .....G.b.R................
C000:0140 ...G...........S.k........
C000:0180 ....................0u..z.
C000:01C0 ........r.............0u..
C000:0200 .n............k.r.........
C000:0240 ....GeForce FX 5600 BIOS......................
C000:0280 .....................Versi
C000:02C0 -2003 NVIDIA Corp......................
C000:0300 ....NV31 Board - p141nz ..............Chip Rev ..............
C000:0340 ......1.......7.......A...
C000:0380 ....q...>.t.....).x...9.#.
C000:03C0 ....fa....C.*....F.......u
--------[ Debug - Unknown ]-------------------------
Motherboard 08/28/2001-I845 -P4B-LA
--------------------------
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
ANything else I can give you???
thanks, mike
Let me know if i can give any more info to you.
ASKER
Another Question-
Should I delete all instances of MCSTRM and Licctrl from the registry???
Should I delete all instances of MCSTRM and Licctrl from the registry???
ok i cannot see tha runservice.exe process now,,,,, and if this problem is not happening in safemode, means in Normal mode there must be those services active, and are causing this......
yes u can delete all instances of MCSTRM and Licctrl from the registry, but dont forget to backup them first for precuations :)
yes u can delete all instances of MCSTRM and Licctrl from the registry, but dont forget to backup them first for precuations :)
ASKER
I am still at a loss....
I have cleaned the registry of all instances of MCSTRM and Licctlr
Key Name: HKEY_USERS\.DEFAULT\Softwa re\Microso ft\Windows \CurrentVe rsion\Appl ets\Regedi t
Class Name: <NO CLASS>
Last Write Time: 9/8/2004 - 7:17 PM
Value 0
Name: View
Type: REG_BINARY
Data:
00000000 2c 00 00 00 00 00 00 00 - 01 00 00 00 ff ff ff ff ,...........ÿÿÿÿ
00000010 ff ff ff ff ff ff ff ff - ff ff ff ff 42 00 00 00 ÿÿÿÿÿÿÿÿÿÿÿÿB...
00000020 42 00 00 00 9a 02 00 00 - dd 01 00 00 d8 00 00 00 B.......Ý...Ø...
00000030 78 00 00 00 78 00 00 00 - 20 01 00 00 01 00 00 00 x...x... .......
Value 1
Name: FindFlags
Type: REG_DWORD
Data: 0xe
Value 2
Name: LastKey
Type: REG_SZ
Data: My Computer\HKEY_LOCAL_MACHIN E\SYSTEM\C ontrolSet0 01\Enum\Ro ot\LEGACY_ MCSTRM
Key Name: HKEY_USERS\.DEFAULT\Softwa re\Microso ft\Windows \CurrentVe rsion\Appl ets\Regedi t\Favorite s
Class Name: <NO CLASS>
Last Write Time: 9/8/2004 - 7:13 PM
and
Key Name: HKEY_USERS\.DEFAULT\Softwa re\Microso ft\Windows \CurrentVe rsion\Expl orer\ComDl g32\OpenSa veMRU\*
Class Name: <NO CLASS>
Last Write Time: 9/8/2004 - 7:15 PM
Value 0
Name: a
Type: REG_SZ
Data: C:\Documents and Settings\Administrator.MIK E-B7RKAHSS 5S\My Documents\mcstrm.reg
Value 1
Name: MRUList
Type: REG_SZ
Data: ba
Value 2
Name: b
Type: REG_SZ
Data: C:\Documents and Settings\Administrator.MIK E-B7RKAHSS 5S\My Documents\licctrl.reg
and several others where mcstrm an lictrl are mentioned in data strings. I not sure about dumping these.
I reboot and a still get dumped back to bsod after windows load up. the last to error messages associated mention licctrl only, however.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/9/2004
Time: 7:04:36 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The LicCtrl Service service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I also received a response from real network tech support directing me to delete certain files in windows assc. with real player, which i did. interestingly I found a regkey that was strange and deleted it as well (it contained mention of runservice, mcstrm, and the -.dll files real told me to delete. here is that key-
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant]
"InstallDir"="C:\\WINDOWS\ \srchasst\ \"
"Actor"="c:\\windows\\srch asst\\char s\\rover.a cs"
"UsageCount"=dword:0000000 a
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\ACMru]
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\ACMru\5603]
"000"="Sete3260.dll"
"001"="Rnuninst.exe"
"002"="Rmoc3260.dl"
"003"="Prefscpl.cpl"
"004"="Pnen3260.dll"
"005"="Pndx5016.dll"
"006"="Pndx5032.dll"
"007"="runservice"
"008"="mcstrm"
"009"="WDM"
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\ACMru\5604]
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\Tips]
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\Tips\SrchAssCtl]
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\Tips\SrchAssCtl\ fa0]
"TimesResisted"=dword:0000 0000
"TimesDisplayed"=dword:000 00000
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\Tips\SrchAssCtl\ fa1]
"TimesResisted"=dword:0000 0000
"TimesDisplayed"=dword:000 00000
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\Tips\SrchAssCtl\ fa2]
"TimesResisted"=dword:0000 0000
"TimesDisplayed"=dword:000 00000
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\Tips\SrchAssCtl\ fa4]
"TimesResisted"=dword:0000 0000
"TimesDisplayed"=dword:000 00000
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\Tips\SrchAssCtl\ fa5]
"TimesResisted"=dword:0000 0000
"TimesDisplayed"=dword:000 00000
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\Tips\SrchAssCtl\ fa6]
"TimesResisted"=dword:0000 0000
"TimesDisplayed"=dword:000 00000
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\Tips\SrchAssCtl\ fa8]
"TimesResisted"=dword:0000 0000
"TimesDisplayed"=dword:000 00000
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\Tips\SrchAssCtl\ fa9]
"TimesResisted"=dword:0000 0000
"TimesDisplayed"=dword:000 00000
[HKEY_CURRENT_USER\Softwar e\Microsof t\Search Assistant\Tips\SrchAssCtl\ faa]
"TimesResisted"=dword:0000 0000
"TimesDisplayed"=dword:000 00000
any more suggestions anyone??? My wife is starting to think I'm having a internet affair now.
I have cleaned the registry of all instances of MCSTRM and Licctlr
Key Name: HKEY_USERS\.DEFAULT\Softwa
Class Name: <NO CLASS>
Last Write Time: 9/8/2004 - 7:17 PM
Value 0
Name: View
Type: REG_BINARY
Data:
00000000 2c 00 00 00 00 00 00 00 - 01 00 00 00 ff ff ff ff ,...........ÿÿÿÿ
00000010 ff ff ff ff ff ff ff ff - ff ff ff ff 42 00 00 00 ÿÿÿÿÿÿÿÿÿÿÿÿB...
00000020 42 00 00 00 9a 02 00 00 - dd 01 00 00 d8 00 00 00 B.......Ý...Ø...
00000030 78 00 00 00 78 00 00 00 - 20 01 00 00 01 00 00 00 x...x... .......
Value 1
Name: FindFlags
Type: REG_DWORD
Data: 0xe
Value 2
Name: LastKey
Type: REG_SZ
Data: My Computer\HKEY_LOCAL_MACHIN
Key Name: HKEY_USERS\.DEFAULT\Softwa
Class Name: <NO CLASS>
Last Write Time: 9/8/2004 - 7:13 PM
and
Key Name: HKEY_USERS\.DEFAULT\Softwa
Class Name: <NO CLASS>
Last Write Time: 9/8/2004 - 7:15 PM
Value 0
Name: a
Type: REG_SZ
Data: C:\Documents and Settings\Administrator.MIK
Value 1
Name: MRUList
Type: REG_SZ
Data: ba
Value 2
Name: b
Type: REG_SZ
Data: C:\Documents and Settings\Administrator.MIK
and several others where mcstrm an lictrl are mentioned in data strings. I not sure about dumping these.
I reboot and a still get dumped back to bsod after windows load up. the last to error messages associated mention licctrl only, however.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/9/2004
Time: 7:04:36 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The LicCtrl Service service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I also received a response from real network tech support directing me to delete certain files in windows assc. with real player, which i did. interestingly I found a regkey that was strange and deleted it as well (it contained mention of runservice, mcstrm, and the -.dll files real told me to delete. here is that key-
[HKEY_CURRENT_USER\Softwar
"InstallDir"="C:\\WINDOWS\
"Actor"="c:\\windows\\srch
"UsageCount"=dword:0000000
[HKEY_CURRENT_USER\Softwar
[HKEY_CURRENT_USER\Softwar
"000"="Sete3260.dll"
"001"="Rnuninst.exe"
"002"="Rmoc3260.dl"
"003"="Prefscpl.cpl"
"004"="Pnen3260.dll"
"005"="Pndx5016.dll"
"006"="Pndx5032.dll"
"007"="runservice"
"008"="mcstrm"
"009"="WDM"
[HKEY_CURRENT_USER\Softwar
[HKEY_CURRENT_USER\Softwar
[HKEY_CURRENT_USER\Softwar
[HKEY_CURRENT_USER\Softwar
"TimesResisted"=dword:0000
"TimesDisplayed"=dword:000
[HKEY_CURRENT_USER\Softwar
"TimesResisted"=dword:0000
"TimesDisplayed"=dword:000
[HKEY_CURRENT_USER\Softwar
"TimesResisted"=dword:0000
"TimesDisplayed"=dword:000
[HKEY_CURRENT_USER\Softwar
"TimesResisted"=dword:0000
"TimesDisplayed"=dword:000
[HKEY_CURRENT_USER\Softwar
"TimesResisted"=dword:0000
"TimesDisplayed"=dword:000
[HKEY_CURRENT_USER\Softwar
"TimesResisted"=dword:0000
"TimesDisplayed"=dword:000
[HKEY_CURRENT_USER\Softwar
"TimesResisted"=dword:0000
"TimesDisplayed"=dword:000
[HKEY_CURRENT_USER\Softwar
"TimesResisted"=dword:0000
"TimesDisplayed"=dword:000
[HKEY_CURRENT_USER\Softwar
"TimesResisted"=dword:0000
"TimesDisplayed"=dword:000
any more suggestions anyone??? My wife is starting to think I'm having a internet affair now.
ok before going into mroe depth,,,, try an easy step first.....
create a new user and then login with it
check if same BSOD problem is happening or not ??
create a new user and then login with it
check if same BSOD problem is happening or not ??
ASKER
thanks, i will try.
btw- i have elicence control folder in my control panel and it is empty-- signifcant???
also, here is the last error message i got after bsod
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 9/9/2004
Time: 7:38:36 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The SAVScan service depends on the SAVRT service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
thanks again.
btw- i have elicence control folder in my control panel and it is empty-- signifcant???
also, here is the last error message i got after bsod
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 9/9/2004
Time: 7:38:36 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The SAVScan service depends on the SAVRT service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
thanks again.
ASKER
i created a new user in safe mode (correct?) and tried to logon normal windows. The user was there but
windows said it cannot find the file for the user. it logged me into windows as the default account and presto
bsod with this error:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 9/9/2004
Time: 8:03:03 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The SAVScan service depends on the SAVRT service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
and
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 9/9/2004
Time: 8:03:03 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The following boot-start or system-start driver(s) failed to load:
ATMhelpr
Fips
Processor
SAVRT
SAVRTPEL
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.as
of note- all safe modes are functional-- even the safemode for directory service whatever that is
also-
Licctrol is listed in the services (start up disabled)- the path to executable is C:\WINDOWS\runservice.exe, which does not exist..
windows said it cannot find the file for the user. it logged me into windows as the default account and presto
bsod with this error:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 9/9/2004
Time: 8:03:03 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The SAVScan service depends on the SAVRT service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
and
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 9/9/2004
Time: 8:03:03 PM
User: N/A
Computer: MIKE-B7RKAHSS5S
Description:
The following boot-start or system-start driver(s) failed to load:
ATMhelpr
Fips
Processor
SAVRT
SAVRTPEL
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.as
of note- all safe modes are functional-- even the safemode for directory service whatever that is
also-
Licctrol is listed in the services (start up disabled)- the path to executable is C:\WINDOWS\runservice.exe,
ASKER
those error previously appeared related to norton av 2004
recommend re-install of norton?
recommend re-install of norton?
ASKER
Ok whatever i did worked. I don't know what happened. I rebooted into last good config then imediately restarted. Maybe this is what i should have done all along. So far everything is good. I can load disc into either drive without any problems. any suggestions at this point to make sure i will stay good?
Anyway thanks to Sheharyaar and Daveexnet. I learned a lot about how to troubleshoot and not to fear the registry monster so much.
Anyway thanks to Sheharyaar and Daveexnet. I learned a lot about how to troubleshoot and not to fear the registry monster so much.
wowwwww.... see the length of this thread.... and see the Final solution..... why windows cannot behave like a gentleman =\
lol.. anywayzzzzzz im gald that finally u are back with ur system and happy that registry monster has gone from ur house ;-)
Cheers ^_^
lol.. anywayzzzzzz im gald that finally u are back with ur system and happy that registry monster has gone from ur house ;-)
Cheers ^_^
I know that this thread has already been answered. However, I wanted to add some information here anyways so that people will know how to solve the problems that Realplayer and Rhapsody have on Windows Vista.
First, I wanted to clarify for everyone that the mcstrm.sys file is put in the system32/drivers folder by Realplayer. It is a required file for Rhapsody to work.
The problem with the file location is actually in the registry. In order to stop getting errors in your system log about the file being not a valid Win32 application or the path being invalid, you must:
1. Run regedit
2. Go to HKLM > SYSTEM > ControlSet001 > Services > MCSTRM (or you can search for mcstrm in the registry until you get to a key that contains a ImagePath string value
3. Change the ImagePath value to this EXACTLY: System32\DRIVERS\mcstrm.sy s
- This should be the location where mcstrm is installed. If this doesn't work the first time, delete the file mcstrm.sys from C:\Windows\System32\driver s and then reinstall Real and Rhapsody.They will work fine. Even on Vista Home Edition.
Ben Sigman
Rent-A-Geek
rentageekla.com
First, I wanted to clarify for everyone that the mcstrm.sys file is put in the system32/drivers folder by Realplayer. It is a required file for Rhapsody to work.
The problem with the file location is actually in the registry. In order to stop getting errors in your system log about the file being not a valid Win32 application or the path being invalid, you must:
1. Run regedit
2. Go to HKLM > SYSTEM > ControlSet001 > Services > MCSTRM (or you can search for mcstrm in the registry until you get to a key that contains a ImagePath string value
3. Change the ImagePath value to this EXACTLY: System32\DRIVERS\mcstrm.sy
- This should be the location where mcstrm is installed. If this doesn't work the first time, delete the file mcstrm.sys from C:\Windows\System32\driver
Ben Sigman
Rent-A-Geek
rentageekla.com
If you find it, try renaming it from MCSTRM.exe to MCSTRM.exe1 or something like that. As I don't know it, i guess it's not that critical for your system. If your system starts behaving oddly after a reboot, it might be wise to rename it back to the original filename.
If it's still in use, terminate it by using CTRL+ALT+DEL.
Also, run MSConfig.exe from Start|Run. Under the Tab Startup search for MCSTRM and uncheck that line. It now won't be restarted with windows.
You might also search your services for occurencies of MCSTRM. Do this by going to Start|Run and type services.msc. Then search the list for MCSTRM. If it's in the list, right-click the entry and choose Properties. Choose as startup type Disabled.
Hope this helps,
Evarest