Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


How Is It Running In Safe Mode?!

  • Please log in to reply
2 replies to this topic

#1 grand natty

grand natty

  • Members
  • 8 posts
  • Local time:09:12 PM

Posted 26 April 2007 - 06:32 PM

Can someone please enlighten me as to how there are shifty programs running while I am in safe mode? Does safe mode have its own .ini? Is it possible to have a script run on my machine and manipulate the .ini to allow non-essential system files to run in safe mode? I am on my laptop right now, and it is difficult to get a hjt log posted seeing as I can only run in safe mode and the usb drivers are not there to support my flash drive. If there is something specific that would help from any type of log I would be happy to type it out, but I will throw this tower in my aquarium before I type the whole log.

The proc in question is IEXPLORE.EXE and there are multiple instances running at all times. It seems to be in cahoots with a drwtsn32.exe proc that I think should not be there because I am not utilizing any debugging features (unless safe mode includes one). With that said, 64% of my CPU is taken up by csrss, but I am in safe mode; minimal.

Now the issue that really pisses me off is the fact that I cannot start services from the cmd prompt.
I enter; at xx:xx /interactive cmd.exe, press enter and it flips me the bird and says "service not started".
However, I am able to launch spybot from the not so clean cmd. (The mouse with a relentless hour-glass-lamprey turns into a full hour glass when hovered above the start menu not allowing me to right or left click... real cute). After spybot runs it finds some junk and gets hung up while shreding one .dll and one reg key.

winsys2f.dll courtesy of smitfraud-c
IE Set reg key from what SB calls Win32.VB.ahq

One last inquiry. SB tells me winsys2f.dll is located in a directory that does not exsist on my machine (I did trying view all folders). WTF?

I am horribley confused, but intrigued. So please let me know if you can offer up any suggestions. If someone could tell me a way to get into a clean windows enviorment I have the SW to blast this thing, but I cannot get it to stop running!! ANY comments, empathy or suggestions are welcome. Thanks, and as this is my first posting on the internet ever!! I am sort of excited to hear from you.

BC AdBot (Login to Remove)


#2 TMacK


  • Members
  • 4,672 posts
  • Gender:Male
  • Location:B.C. Canada
  • Local time:07:12 PM

Posted 28 April 2007 - 01:15 AM

Welcome to Bleeping Computer grand natty,

First download and install SUPERAntiSpyware. Allow it to quarantine whatever it finds.

Then run the online scan for BitDefender, this time in normal mode. Allow it to quarantine whatever it finds.

If the programs above have not solved all your problems, Post a HijackThis Log in the in the Hijack and Analysis Forum by following the directions in the link below;
Preparation Guide For Use Before Posting A Hijackthis Log.
Please do not post the log in this forum.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#3 grand natty

grand natty
  • Topic Starter

  • Members
  • 8 posts
  • Local time:09:12 PM

Posted 01 May 2007 - 07:44 PM

Tmack, brother, gracias for getting back with me, very cool of you. I have posted my hjt log if you have a chance to check that out.

Super andti spyware is a no go, as I cannot run windows in normal mode. Thanks agin.

Adam B.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users