Inactive BSOD after failed attempt at combofix.

broni · 2010/11/01

It looks like you have some system files problem, but let's try something....

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\PSINProt.sys -- (PSINProt)
DRV - File not found [File_System | Auto | Stopped] -- C:\Windows\System32\DRIVERS\PSINProc.sys -- (PSINProc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\DRIVERS\psinknc.sys -- (PSINKNC)
DRV - File not found [File_System | Auto | Stopped] -- C:\Windows\System32\DRIVERS\PSINFile.sys -- (PSINFile)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\PSINAflt.sys -- (PSINAflt)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/10/31 09:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010/10/31 09:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/10/31 06:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/10/26 03:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/23 18:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2010/10/31 21:13:41 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

When done, try to reboot to normal mode.

hetakuso · 2010/11/01

========== OTL ==========
Service NanoServiceMain stopped successfully!
Service NanoServiceMain deleted successfully!
File C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe not found.
Error: No service named HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot was found to stop!
Service\Driver key HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot not found.
File C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe not found.
Service PSINProt stopped successfully!
Service PSINProt deleted successfully!
File C:\Windows\System32\DRIVERS\PSINProt.sys not found.
Service PSINProc stopped successfully!
Service PSINProc deleted successfully!
File C:\Windows\System32\DRIVERS\PSINProc.sys not found.
Service PSINKNC stopped successfully!
Service PSINKNC deleted successfully!
File C:\Windows\System32\DRIVERS\psinknc.sys not found.
Service PSINFile stopped successfully!
Service PSINFile deleted successfully!
File C:\Windows\System32\DRIVERS\PSINFile.sys not found.
Service PSINAflt stopped successfully!
Service PSINAflt deleted successfully!
File C:\Windows\System32\DRIVERS\PSINAflt.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfFncEnabler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PSUNMain deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\ProgramData\Panda Security folder moved successfully.
C:\Program Files\Panda Security\Panda Cloud Antivirus folder moved successfully.
C:\Program Files\Panda Security folder moved successfully.
C:\ProgramData\Hitman Pro\Quarantine folder moved successfully.
C:\ProgramData\Hitman Pro folder moved successfully.
C:\ProgramData\AVG10\SetupBackup folder moved successfully.
C:\ProgramData\AVG10\lsdb\prev folder moved successfully.
C:\ProgramData\AVG10\lsdb folder moved successfully.
C:\ProgramData\AVG10\Chjw\de8e67c18e6790b7 folder moved successfully.
C:\ProgramData\AVG10\Chjw\908838b788389e22 folder moved successfully.
C:\ProgramData\AVG10\Chjw folder moved successfully.
C:\ProgramData\AVG10 folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\UPDATE folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20101023-184002-7C603977 folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4da4a4cf folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\TEMP folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\SYSSAFE folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\REPORTS folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\PROFILES folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\JOBS folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\INFECTED folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\IDX folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\EVENTS folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\EVENTDB folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\CONFIG folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\BACKUP folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop folder moved successfully.
C:\ProgramData\Avira folder moved successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\RAVTC.TMP deleted successfully.
C:\Windows\System32\tmpD72B.tmp deleted successfully.
C:\Windows\System32\drivers\hitmanpro35.sys moved successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========

OTL by OldTimer - Version 3.2.17.2 log created on 11012010_212522

broni · 2010/11/01

Can you boot to normal mode now?

hetakuso · 2010/11/01

I'm afraid not. BSOD still appears. I would hate to take any more of your time broni. Thanks for all your help. I should be recieving my factory restore disks within a week or so, hopefully that will work.

broni · 2010/11/01

As I said, you seem to have some Windows files problems.
Did you try system restore?

hetakuso · 2010/11/01

I tried to restore. But there are no restore points on the system restore. So would factory restore from a reboot disc not do anything?

broni · 2010/11/02

It surely will, but all your data will be lost. You have to back up first.
Your computer should also have recovery partition, which works the same as recovery disks.
What brand of computer is it?

hetakuso · 2010/11/02

It's a Toshiba Satellite. A very basic model. I looked for online tutorials on how to restore, but I wasn't able to find it. I have a bunch of school papers and music, but nothing that is extremely important. Thanks for all of your help!

broni · 2010/11/02

Hold down the 0 (zero) key and turn the laptop on. Keep holding down the zero key until the TOSHIBA logo appears, where you should start tapping the zero key repeatedly. Stop if the unit beeps or when the TOSHIBA logo disappears. The screen should flash ** HDD RECOVERY MODE ** for a split second, then load the Toshiba recovery program right from the hard drive.

hetakuso · 2010/11/02

Thanks, I'll try it out right now.

broni · 2010/11/02

Let me know

hetakuso · 2010/11/02

meh. It takes me straight to startup options of safe mode,safe mode with networking and safe mode with command prompt or run normally.

broni · 2010/11/02

It looks like your Toshiba doesn't have recovery partition then.
I guess, you have to wait for those disks.

Log in or Sign up

Inactive BSOD after failed attempt at combofix.

broni Moderator Malware Analyst

hetakuso Inactive Thread Starter

broni Moderator Malware Analyst

hetakuso Inactive Thread Starter

broni Moderator Malware Analyst

hetakuso Inactive Thread Starter

broni Moderator Malware Analyst

hetakuso Inactive Thread Starter

broni Moderator Malware Analyst

hetakuso Inactive Thread Starter

broni Moderator Malware Analyst

hetakuso Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive BSOD after failed attempt at combofix.

broni Moderator Malware Analyst

hetakuso Inactive Thread Starter

broni Moderator Malware Analyst

hetakuso Inactive Thread Starter

broni Moderator Malware Analyst

hetakuso Inactive Thread Starter

broni Moderator Malware Analyst

hetakuso Inactive Thread Starter

broni Moderator Malware Analyst

hetakuso Inactive Thread Starter

broni Moderator Malware Analyst

hetakuso Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches