Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers running very slow and freezing troubles


  • Please log in to reply
14 replies to this topic

#1 pigfoot

pigfoot

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:07:47 AM

Posted 15 August 2013 - 03:00 AM

My browsers stated to run especially slow lately..especially Firefox  and a lot of times it freezes up going to yahoo.

 

DDS.TXT-

 

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Ken at 2:51:39 on 2013-08-15
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.554 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
uSearch Page = hxxp://my.juno.com/s/search?r=minisearch
uSearch Bar = hxxp://my.juno.com/s/search?r=minisearch
uInternet Settings,ProxyServer = 59.148.224.190:80
uSearchAssistant =
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0e8a89ad-95d7-40eb-8d9d-083ef7066a01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: NetZero Toolbar Helper: {fe3098b0-04a3-41fd-8ca9-bea39cb14c87} - c:\program files\netzero\ucreg.dll
BHO: Juno Toolbar Helper: {fe3098b1-04a3-41fd-8ca9-bea39cb14c87} - c:\program files\juno\ucreg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: JunoBar: {5854fac4-5bf0-47dd-b5a9-a5ea8cff3cf4} - c:\program files\juno\Toolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
uPolicies-explorer: <NO NAME> =
IE: Display All Images with Full Quality - "c:\program files\juno\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\juno\qsacc\appres.dll/227"
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\HMIPCore.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230087268602
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{68765F38-9C7B-45C6-9CFD-DA5B86395864} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ken\application data\mozilla\firefox\profiles\j7s5h6jz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\ken\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_25.dll
FF - plugin: c:\program files\java\jre7\bin\npoji610.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.zonealarm.hpOld0 - hxxp://en.v9.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3250820A_9QE78BPSXXXX9QE78BPS&ts=1372307928
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=34784decf32a4d059f4e4bdfe5642db3&tu=11LH0008l2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 1c77067700000000000000c0a87eb660
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15883
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1123:41:03
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5163
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN118654202169782-5163
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=34784decf32a4d059f4e4bdfe5642db3&tu=11LH0008l2B0008&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=34784decf32a4d059f4e4bdfe5642db3&tu=11LH0008l2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=34784decf32a4d059f4e4bdfe5642db3&tu=11LH0008l2B0008&sku=&tstsId=&ver=&
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2009-9-28 24645]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]
S3 AVRedirector;AVRedirector;c:\program files\hide the ip\avredirector.exe --> c:\program files\hide the ip\AVRedirector.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-5-31 34248]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2009-2-7 220055]
S3 SecureSrv;SecureSrv;c:\program files\hide my ip 2009\securesrv.exe --> c:\program files\hide my ip 2009\SecureSrv.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S4 gupdate1ca13184601dd2;Google Update Service (gupdate1ca13184601dd2);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]
.
=============== Created Last 30 ================
.
2013-08-15 07:25:24    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2013-08-15 07:25:24    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-07-17 10:05:28    --------    d-----w-    c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2013-07-17 08:59:35    --------    d-----w-    c:\documents and settings\ken\local settings\application data\Nero_AG
2013-07-17 08:58:27    --------    d-----w-    c:\documents and settings\ken\local settings\application data\Nero
2013-07-17 08:36:22    2106216    ----a-w-    c:\windows\system32\D3DCompiler_43.dll
2013-07-17 08:36:20    1868128    ----a-w-    c:\windows\system32\d3dcsx_43.dll
2013-07-17 08:36:18    248672    ----a-w-    c:\windows\system32\d3dx11_43.dll
2013-07-17 08:36:17    470880    ----a-w-    c:\windows\system32\d3dx10_43.dll
2013-07-17 08:36:09    1998168    ----a-w-    c:\windows\system32\D3DX9_43.dll
2013-07-17 08:35:53    --------    d-----w-    c:\windows\Logs
.
==================== Find3M  ====================
.
2013-07-25 15:52:59    385024    ----a-w-    c:\windows\system32\html.iec
2013-06-19 17:43:30    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-19 17:43:30    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-13 02:48:23    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-06-13 02:48:17    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-13 02:48:00    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-06-13 02:35:55    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-06-07 21:56:06    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-06-07 21:56:06    920064    ----a-w-    c:\windows\system32\wininet(3).dll
2013-06-07 21:56:06    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-07 21:56:06    1215488    ----a-w-    c:\windows\system32\urlmon(3).dll
2013-06-07 21:56:06    105984    ----a-w-    c:\windows\system32\url(3).dll
2013-06-07 21:56:05    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40:45    1876736    ----a-w-    c:\windows\system32\win32k.sys
2001-08-18 12:00:00    94784    -csh--w-    c:\windows\twain.dll
2008-04-14 00:12:07    50688    --sh--w-    c:\windows\twain_32.dll
2011-02-08 13:33:55    978944    --sh--w-    c:\windows\system32\mfc42.dll
2008-04-14 00:12:01    57344    --sh--w-    c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01    413696    --sha-w-    c:\windows\system32\msvcp60.dll
2013-01-26 03:55:44    552448    --sh--w-    c:\windows\system32\oleaut32.dll
2008-04-14 00:12:32    11776    --sh--w-    c:\windows\system32\regsvr32.exe
.
============= FINISH:  2:52:39.95 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:07:47 AM

Posted 17 August 2013 - 11:56 PM

I also forgot to mention that the infected computer takes about 2 minutes to  boot up.  It did not use to do this before. I also found this link tracking and not sure if this is suppose to be here.  

 

 

 

tracking_zps6f6b57e5.jpg

 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 AM

Posted 19 August 2013 - 01:09 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM

Let me know what problem persists.

#4 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:07:47 AM

Posted 19 August 2013 - 11:16 PM

AdwCleaner  and Junkware program ran fine but the combo fix will not run a complete scan...it stalls out about 15 seconds into running..backs up some files then closes.

 

 

 

# AdwCleaner v2.306 - Logfile created 08/19/2013 at 18:50:00
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ken - KEN-RW9IJ6PKV6S
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ken\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
File Deleted : C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\searchplugins\icqplugin.xml
File Deleted : C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\searchplugins\zonealarm.xml
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files\Mozilla firefox\searchplugins\v9.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\eSafe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\Ken\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\extensions\staged
Folder Deleted : C:\Documents and Settings\Ken\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\Ken\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Ken\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\ParetoLogic

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://my.juno.com/s/search?r=minisearch --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://my.juno.com/s/search?r=minisearch --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Par défaut)] = hxxp://my.juno.com/s/search?r=minisearch --> Empty data

-\\ Mozilla Firefox v3.5.19 (en-US)

File : C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\prefs.js

C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "1");
Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "BC8E9E2F9B8C696857D0AF1E8DFB4D6F");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "27");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 27);
Deleted : user_pref("extensions.zonealarm.hpOld0", "hxxp://en.v9.com/?utm_source=b&utm_medium=cor&from=cor&uid[...]
Deleted : user_pref("extentions.y2layers.installId", "631e9c9b-8c68-44c9-9665-d91c05ee2377");
Deleted : user_pref("icqtoolbar.installsource", "1");
Deleted : user_pref("icqtoolbar.skip_default_search", "yes");

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\etfywvr3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.51] : icon_url = "hxxp://sp.ask.com/sh/i/a14/favicon/favicon.ico",
Deleted [l.54] : keyword = "v9",
Deleted [l.57] : search_url = "hxxp://search.v9.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3250820A_9[...]
Deleted [l.2471] : urls_to_restore_on_startup = [ "hxxp://en.v9.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST[...]

-\\ Chromium v//www.yandex.ru/?clid=48577

File : C:\Documents and Settings\Ken\Local Settings\Application Data\Chromium\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.16.1860.0

File : C:\Documents and Settings\Ken\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [336 octets] - [19/08/2013 18:48:10]
AdwCleaner[S2].txt - [8399 octets] - [19/08/2013 18:50:00]

########## EOF - C:\AdwCleaner[S2].txt - [8459 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.0 (08.18.2013:1)
OS: Microsoft Windows XP x86
Ran by Ken on Mon 08/19/2013 at 18:53:26.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\pagerage"



~~~ FireFox

Emptied folder: C:\Documents and Settings\Ken\Application Data\mozilla\firefox\profiles\j7s5h6jz.default\minidumps [87 files]



~~~ Chrome

Dumping contents of C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Default
C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\mdffhkhbjgbpmakegkienddnplhcmcfd
C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\mdffhkhbjgbpmakegkienddnplhcmcfd\manifest.json

Successfully deleted: [Folder] C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Default [Default Extension 1.0]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/19/2013 at 18:59:01.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:07:47 AM

Posted 20 August 2013 - 02:25 AM

I wanted to mention that this is where combofix stops running-  Stops on the outputfolders-

 

Extract: 023.dat
Extract: 023v.dat
Extract: 023w7.dat
Extract: AWF.cmd
Extract: AppDataFile.cfx
Extract: AppDataFolder.cfx
Extract: Assoc.cmd
Extract: Auto-RC.cmd
Extract: Boot-Rk.cmd
Extract: Boot.bat
Extract: BootDrv.vbs
Extract: CF-Script.cmd
Extract: CSet.cmd
Extract: Catch-sub.cmd
Extract: Combo-Fix.sys
Extract: ComboFix-Download.cfxxe
Extract: Combobatch.bat
Extract: Create.cmd
Extract: Creg.dat
Extract: CregC.cmd
Extract: CregC.dat
Extract: DPF.str
Extract: DelClsid.bat
Extract: DelClsid64.bat
Extract: DesktopFile.cfx
Extract: Dnl.dat
Extract: DrvRun.vbs
Extract: ERDNT.e_e
Extract: ERDNTDOS.LOC
Extract: ERDNTWIN.LOC
Extract: ERUNT.LOC
Extract: ERUNT.cfxxe
Extract: Exe.reg
Extract: FD-SV.cmd
Extract: FIND3M.bat
Extract: FIXLSP.bat
Extract: FKMGen.cmd
Extract: FavoriteFolder.cfx
Extract: FavoritesFile.cfx
Extract: FileKill.cfxxe
Extract: Fin.dat
Extract: GetHive.cmd
Extract: HDPEInfo.cfxxe
Extract: Imefile.dat
Extract: Install-RC.cmd
Extract: Kill-All.cmd
Extract: Ksvchost.vbs
Extract: Lang.bat
Extract: List-B.bat
Extract: List-C.bat
Extract: List-D.bat
Extract: List.bat
Extract: LocalAppDataFile.cfx
Extract: LocalAppDataFolder.cfx
Extract: LocalService.dat
Extract: LocalServiceNetworkRestricted.dat
Extract: LocalSettingsFile.cfx
Extract: LocalSystemNetworkRestricted.dat
Extract: MoveIt.bat
Extract: ND_.bat
Extract: ND_64.bat
Extract: NT-OS.cmd
Extract: NetworkService.dat
Extract: NirCmd.cfxxe
Extract: NirCmd.chm
Extract: NirCmdC.cfxxe
Extract: OSid.vbs
Extract: P.cmd
Extract: PersonalFile.cfx
Extract: PersonalFolder.cfx
Extract: Policies.dat
Extract: Prep.inf
Extract: ProfilesFile.cfx
Extract: ProfilesFolder.cfx
Extract: ProgramsFile.cfx
Extract: ProgramsFolder.cfx
Extract: Purity.dat
Extract: RCLink.dat
Extract: REGDACL.sed
Extract: RegDo.sed
Extract: RegScan.cmd
Extract: RegScan64.cmd
Extract: Rkey.cmd
Extract: Rust.str
Extract: SRestore.cmd
Extract: Safeboot.def.w7.dat
Extract: SetEnvmt.bat
Extract: ShellDel.cfxxe
Extract: SnapShot.cmd
Extract: StartMenuFile.cfx
Extract: StartMenuFolder.cfx
Extract: StartUpFile.cfx
Extract: SuppScan.cmd
Extract: SvcDrv.vbs
Extract: TemplatesFile.cfx
Extract: TemplatesFolder.cfx
Extract: Update-CF.cmd
Extract: VINFO3
Extract: VInfo
Extract: VInfo2
Extract: Vipev.dat
Extract: VwinTemp.dacl
Extract: Wmi_rem.vbs
Extract: XPSBoot.reg
Extract: appinit.bad
Extract: asp.str
Extract: av.cmd
Extract: av.vbs
Extract: badclsid.c
Extract: c.bat
Extract: catchme.cfxxe
Extract: clsid.c
Extract: dd.cfxxe
Extract: ddsDo.sed
Extract: dumphive.cfxxe
Extract: embedded.sed
Extract: extract.cfxxe
Extract: ffdefstr.dll
Extract: files.pif
Extract: firefox.exe
Extract: grep.cfxxe
Extract: gsar.cfxxe
Extract: handle.cfxxe
Extract: hidec.cfxxe
Extract: history.bat
Extract: hwid.pif
Extract: iexplore.exe
Extract: image001.gif
Extract: katch.cmd
Extract: lnkread.vbs
Extract: mbr.cfxxe
Extract: mbr.chk
Extract: md5sum.pif
Extract: md5sum00.pif
Extract: mtee.cfxxe
Extract: mynul.dat
Extract: n.pif
Extract: ncmd.com
Extract: ndis_combofix.dat
Extract: netsvc.bad.dat
Extract: netsvc.dat
Extract: netsvc.vista.dat
Extract: netsvc.xp.dat
Extract: pausep.cfxxe
Extract: pev.cfxxe
Extract: pevb.cfxxe
Extract: powp.dat
Extract: pv.com
Extract: region.dat
Extract: restore_pt.vbs
Extract: rmbr.cfxxe
Extract: rogues.dat
Extract: run2.sed
Extract: s0rt.cfxxe
Extract: safeboot.dat
Extract: safeboot.def.dat
Extract: safeboot.def.vista.dat
Extract: sed.cfxxe
Extract: setpath.cfxxe
Extract: srizbi.md5
Extract: svc_wht.dat
Extract: svchost.dat
Extract: svchost.vista.dat
Extract: svchost.vista.x64.dat
Extract: svchost.w7.dat
Extract: svchost.w7.x64.dat
Extract: swreg.cfxxe
Extract: swsc.cfxxe
Extract: swxcacls.cfxxe
Extract: system_ini.dat
Extract: tail.cfxxe
Extract: toolbar.sed
Extract: vistaMcode.dat
Extract: vistareg.dat
Extract: vun.dat
Extract: w2k_sock.dll
Extract: w2kreg.dat
Extract: w7Mcode.dat
Extract: w7reg.dat
Extract: w_sock.dll
Extract: xpmcode.dat
Extract: xpreg.dat
Extract: zDomain.dat
Extract: zhsvc.dat
Extract: zip.cfxxe
Output folder: C:\32788R22FWJFW\EN-US
Output folder: C:\32788R22FWJFW\License
Extract: Curl - license.txt
Extract: EXTRACT.TXT
Extract: FI - license.txt
Extract: UnxUtilsDist.com
Extract: UnxUtilsDist.html
Extract: UnxUtilsDist.pif
Extract: Zip - license.txt
Extract: dumphive-license.txt
Extract: firefox.exe
Extract: iexplore.exe
Extract: mtee.txt
Extract: ncmd.cfxxe
Extract: pv_5_2_2.zip
Extract: streamtools.zip
Output folder: C:\32788R22FWJFW\N_
Output folder: C:\32788R22FWJFW[/b]



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 AM

Posted 20 August 2013 - 08:37 AM

May be you had an other freezing and ComboFix stop.

Can you run it one more time.

If it fails to complete run it in Safe Mode with Internet connectivity.

#7 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:07:47 AM

Posted 20 August 2013 - 06:58 PM

I am trying to get in safe mode but it will not do it.  I get a black screen saying WE ARE SORRY FOR INCONVENIENCE BUT A RECENT HARD WARE CHANGE....BLAH BLAH BLAH.  I am clicking   F8 before   windows tries to start up.  Should I do anything  special since it has  recovery  console?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 AM

Posted 21 August 2013 - 08:49 AM

we apologize for the inconvenience ,but windows did not start successfully. a recent hardware or software change might have caused this.

If this is the error message I suggest you make a copy of the following Microsoft article.

http://answers.microsoft.com/en-us/windows/forum/windows_xp-performance/windows-xp-doesnt-start-up-i-keep-getting-we/1f4451d4-b595-408e-b23e-1f6320fd414a

With the copy of the text then follow the instructions.

If at any time you need additional help please ask.

Keep me posted.

p.s. If you can get to the Recovery Console with this computer you should not have a need for the XP installation disk.

#9 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:07:47 AM

Posted 21 August 2013 - 05:04 PM

 

we apologize for the inconvenience ,but windows did not start successfully. a recent hardware or software change might have caused this.

If this is the error message I suggest you make a copy of the following Microsoft article.

http://answers.microsoft.com/en-us/windows/forum/windows_xp-performance/windows-xp-doesnt-start-up-i-keep-getting-we/1f4451d4-b595-408e-b23e-1f6320fd414a

With the copy of the text then follow the instructions.

If at any time you need additional help please ask.

Keep me posted.

p.s. If you can get to the Recovery Console with this computer you should not have a need for the XP installation disk.

 

 

 

Yes this is the message I get but only get it when trying to boot up in SAFE MODE.  It  starts fine in normal mode.  So do I still procede as above?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 AM

Posted 22 August 2013 - 07:41 AM

Open your c:\boot.in file with Notepad.

copy and paste the content in your next post.

#11 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:07:47 AM

Posted 22 August 2013 - 05:32 PM

Open your c:\boot.in file with Notepad.

copy and paste the content in your next post.

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn


Edited by pigfoot, 22 August 2013 - 06:24 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 AM

Posted 23 August 2013 - 08:30 AM

Quoted from this Article.
http://www.tomshardware.com/forum/56835-45-unable-enter-safe-mode

Just try this for now.

Go to Start / Run and type msconfig and select OK. Select the Boot.ini Tab and place a check mark in the /SafeBoot option. Press OK. Reboot the system. The system will now automatically go to Safe Mode.

Before exiting Safe Mode, repeat these steps and remove the check mark from the /SafeBoot option.

Restart the computer normally

Can you get to Safe mode that way?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 AM

Posted 29 August 2013 - 09:34 AM

Are you still with me?

#14 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:07:47 AM

Posted 30 August 2013 - 03:51 AM

Are you still with me?

I am trying to put a check in the safe mode but it is in gray and it will not allow a check to be marked in there.  Do you have to change the windows recovery console to another  option  to  get  the  safe mode  box to allow a  check in there?


Edited by pigfoot, 30 August 2013 - 04:00 AM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 AM

Posted 30 August 2013 - 08:41 AM

That option works with my Windows 7.

It may be different in Windows XP.
I do not have an XP computer to check it.

I suggest you start a new topic in the Windows XP forum
http://www.bleepingcomputer.com/forums/forum56.html

Some one should be able to help you.

I will keep this topic open for 6 days.
If you need to return please do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users