Thread: [SOLVED] Comp shutting down with BSOD and then restarting on its own
View Single Post
Old 06-04-2008, 04:20 PM   #1 (permalink)
pmb116
Registered User
 
Join Date: May 2008
Posts: 5
OS: xp


[SOLVED] Comp shutting down with BSOD and then restarting on its own
so ive been forced to run in safe mode with networking otherwise it wont stay on long enough for me to follow the 5 steps.... i was surfing and recieved a message to download a codec. i was tired and not thinking so i clicked ok and thats when all my problems started. i followed the 5 steps, however was unable to complete step 4 as my computer will not allow me to turn on automatic updates. so here we are any help would be much appreciated

*edit for active scan attachment*

Deckard's System Scanner v20071014.68
Run by Rob on 2008-06-04 18:09:24
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Rob.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:10:17 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\9CM5Z42K\dss[1].exe
C:\DOCUME~1\Rob\MYDOCU~1\Rob.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4357F205-68A0-4D58-90F2-851FCA6C686D} - C:\WINDOWS\system32\awttttQi.dll
O2 - BHO: (no name) - {4647C2C7-9F3D-4220-87D9-43E617F67478} - C:\WINDOWS\system32\cbXNFvTk.dll
O2 - BHO: QXK Olive - {CC7A758B-8CA3-4FB5-987D-F6147DAA28C6} - C:\WINDOWS\boqnrwdmfrp.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [1455bd2b] rundll32.exe "C:\WINDOWS\system32\nxepbvhg.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O20 - Winlogon Notify: cbXNFvTk - C:\WINDOWS\SYSTEM32\cbXNFvTk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: vregfwlx - {081383E9-7865-4609-AAFA-BDB9F78020E1} - C:\WINDOWS\vregfwlx.dll
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\Rob\MYDOCU~1\backups\) ----------------

backup-20070425-151520-181 O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
backup-20070425-151520-203 O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
backup-20070425-151520-522 O11 - Options group: [INTERNATIONAL] International*
backup-20070425-151520-878 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070425-151520-904 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20070628-183123-240 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20070706-172452-265 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
backup-20080530-233833-352 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
backup-20080530-233833-738 O3 - Toolbar: atfxqogp - {23649E36-60C6-4433-880A-9DF59FC27342} - C:\WINDOWS\atfxqogp.dll
backup-20080530-234015-363 O21 - SSODL: vregfwlx - {8D3B28FB-AF6F-4CCC-8FB9-BB140376D415} - C:\WINDOWS\vregfwlx.dll
backup-20080530-234047-105 O21 - SSODL: vltdfabw - {5DC3E480-A398-4352-985E-1BF25E66A648} - C:\WINDOWS\vltdfabw.dll
backup-20080530-234047-353 O21 - SSODL: vregfwlx - {581EE0DA-1AC1-4A53-A255-F33A78B4F978} - C:\WINDOWS\vregfwlx.dll
backup-20080530-234103-899 O21 - SSODL: vregfwlx - {E1F1967B-ED2C-4028-A5A2-6126EBFA531B} - C:\WINDOWS\vregfwlx.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 BLKWGU(Belkin) (Belkin Wireless G USB Network Adapter(Belkin)) - c:\windows\system32\drivers\blkwgu.sys <Not Verified; Belkin Corporation; Wireless G USB Network Adapter>
3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
0 nsX04 - c:\windows\system32\drivers\nsx04.sys
3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
3 USB-100 (USB Fast Ethernet Adapter) - c:\windows\system32\drivers\usb150.sys <Not Verified; USBs; USB Fast Ethernet Adapter>
3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 msupdate (Microsoft security update service) - c:\windows\system32\mssrv32.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-21 00:43:00 432 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job


-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-04 17:44:10 95232 --a------ C:\WINDOWS\system32\nxepbvhg.dll
2008-06-01 00:43:28 0 d-------- C:\ie-spyad_zo
2008-06-01 00:38:58 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 00:38:47 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-01 00:38:47 0 d-------- C:\Program Files\SpywareBlaster
2008-06-01 00:19:03 95232 --a------ C:\WINDOWS\system32\cggaktod.dll
2008-05-31 23:43:06 0 d-------- C:\Program Files\Panda Security
2008-05-31 23:37:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-31 23:37:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-31 03:21:06 0 d-------- C:\Documents and Settings\Rob\Application Data\AXPFixer
2008-05-31 0349 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-30 23:51:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-05-30 23:50:15 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-30 23:50:15 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-30 23:50:15 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-30 23:50:15 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-30 23:50:15 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-30 23:50:15 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-30 23:50:15 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-30 23:50:15 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-30 23:50:15 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-30 23:50:15 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-30 23:50:15 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-30 23:50:15 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-30 23:50:15 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-30 23:50:15 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-30 23:36:02 387248 --ahs---- C:\WINDOWS\system32\iQttttwa.ini2
2008-05-30 23:35:59 324864 --a------ C:\WINDOWS\system32\awttttQi.dll
2008-05-30 23:31:13 12792 --a------ C:\WINDOWS\system32\mssrv32.exe
2008-05-30 23:31:11 14336 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-05-30 23:31:11 28928 --a------ C:\WINDOWS\system32\drivers\nsX04.sys
2008-05-30 23:30:54 33920 --a------ C:\WINDOWS\system32\tuvWoppO.dll
2008-05-30 23:30:42 33920 --a------ C:\WINDOWS\system32\cbXNFvTk.dll
2008-05-30 23:30:30 94208 --a------ C:\WINDOWS\xmpstean.exe
2008-05-30 23:30:30 274432 --a------ C:\WINDOWS\vregfwlx.dll
2008-05-30 23:30:30 385024 --a------ C:\WINDOWS\vltdfabw.dll
2008-05-30 23:30:30 176128 --a------ C:\WINDOWS\embd.exe
2008-05-30 23:30:30 200704 --a------ C:\WINDOWS\atfxqogp.dll
2008-05-30 23:30:17 101376 --a------ C:\WINDOWS\system32\ctfmona.exe
2008-05-30 23:25:33 0 d-------- C:\Documents and Settings\Rob\Application Data\Google
2008-05-30 23:25:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-30 23:25:17 0 d-------- C:\Program Files\Google
2008-05-15 23:25:55 3496 --a------ C:\logfile


-- Find3M Report ---------------------------------------------------------------

2008-05-30 23:25:35 0 d-------- C:\Documents and Settings\Rob\Application Data\Adobe
2008-05-14 22:31:43 0 d-------- C:\Program Files\World of Warcraft
2008-04-10 12:37:27 0 d-------- C:\Program Files\MSXML 4.0
2008-04-09 00:47:04 0 d-------- C:\Program Files\Kodak
2008-04-09 00:46:33 0 d-------- C:\Program Files\Common Files
2008-04-09 00:46:33 0 d-------- C:\Program Files\Common Files\Kodak


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4357F205-68A0-4D58-90F2-851FCA6C686D}]
05/30/2008 11:36 PM 324864 --a------ C:\WINDOWS\system32\awttttQi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4647C2C7-9F3D-4220-87D9-43E617F67478}]
05/30/2008 11:30 PM 33920 --a------ C:\WINDOWS\system32\cbXNFvTk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC7A758B-8CA3-4FB5-987D-F6147DAA28C6}]
C:\WINDOWS\boqnrwdmfrp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 02:42 PM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 05:59 AM C:\WINDOWS\BCMSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/28/2007 12:43 PM]
"nwiz"="nwiz.exe" [06/28/2007 12:43 PM C:\WINDOWS\system32\nwiz.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/28/2007 12:43 PM]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [05/30/2008 11:30 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"1455bd2b"="C:\WINDOWS\system32\nxepbvhg.dll" [06/04/2008 05:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 11:20 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [10/28/2005 11:23:10 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 4:33:46 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4647C2C7-9F3D-4220-87D9-43E617F67478}"= C:\WINDOWS\system32\cbXNFvTk.dll [05/30/2008 11:30 PM 33920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vregfwlx"= {081383E9-7865-4609-AAFA-BDB9F78020E1} - C:\WINDOWS\vregfwlx.dll [05/29/2008 11:59 PM 274432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXNFvTk]
cbXNFvTk.dll 05/30/2008 11:30 PM 33920 C:\WINDOWS\system32\cbXNFvTk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 06/04/2008 05:58 PM 14336 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awttttQi

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nsX04.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-06-04 18:11:25 ------------
Attached Files
File Type: txt extra.txt (9.7 KB, 1 views)
File Type: txt ActiveScan.txt (22.9 KB, 1 views)
Last edited by pmb116; 06-04-2008 at 04:30 PM.
pmb116 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here