cant run safe mode!! please help!!

View previous topic View next topic Go down

cant run safe mode!! please help!!

Post by two4you8 on 31st October 2009, 6:22 am

My computer has been drastically lagging lately. It started when i was watching videos on metaupload. I have norton antivirus and i try to scan it but it did not find anything. also when i do the free scan online, for some reason i couldnt do it. Please help, this is my only computer i cant afford another one. thank you.

two4you8
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 26088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by Belahzur on 31st October 2009, 8:00 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by two4you8 on 1st November 2009, 7:53 am

here is the log, thank you for helping.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:01 AM, on 11/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton SystemWorks Basic Edition\NswUiTray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {dc2c3f63-5bf0-4feb-b964-645866d510e4} - talukota.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Filter hijack: text/html - {3f294bd5-4297-4528-8993-1ce20d311cbd} - (no file)
O20 - AppInit_DLLs: goriyifu.dll, c:\windows\system32\firufudi.dll
O21 - SSODL: neyevajug - {839813c1-c3ce-4454-9154-ad82967feecb} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {839813c1-c3ce-4454-9154-ad82967feecb} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9380 bytes

two4you8
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 26088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by Belahzur on 1st November 2009, 10:26 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {dc2c3f63-5bf0-4feb-b964-645866d510e4} - talukota.dll (file missing)
    O18 - Filter hijack: text/html - {3f294bd5-4297-4528-8993-1ce20d311cbd} - (no file)
    O20 - AppInit_DLLs: goriyifu.dll, c:\windows\system32\firufudi.dll
    O21 - SSODL: neyevajug - {839813c1-c3ce-4454-9154-ad82967feecb} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {839813c1-c3ce-4454-9154-ad82967feecb} - (no file)
    O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by two4you8 on 2nd November 2009, 5:36 am

So i fȋxed the one for hijack this and did a quick scan for the malwarebyte's anti-malware. Here the logs tab in MBAM. Thanks again for helping me.

Malwarebytes' Anti-Malware 1.41
Database version: 3081
Windows 5.1.2600 Service Pack 3

11/1/2009 9:34:09 PM
mbam-log-2009-11-01 (21-34-09).txt

Scan type: Quick Scan
Objects scanned: 102084
Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

two4you8
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 26088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by Belahzur on 2nd November 2009, 9:44 am

Lets go a bit deeper.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by two4you8 on 2nd November 2009, 10:19 pm

hi, this is the DDS.txt


DDS (Ver_09-10-26.01) - NTFSx86
Run by Thanhtu. Nguyen at 14:16:53.68 on Mon 11/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1450 [GMT -8:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Thanhtu. Nguyen\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\thanht~1.ngu\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear wg311v2 adapter\wlancfg5.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-9-8 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-9-8 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-9-8 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091028.004\IDSXpx86.sys [2009-10-28 329592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-9-8 117640]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~3\norton~1\NPROTECT.EXE [2008-9-25 95600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-25 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
S0 fjm30dd;fjm30dd;\SystemRoot\\SystemRoot\System32\drivers\fjm30dd.sys --> \SystemRoot\\SystemRoot\System32\drivers\fjm30dd.sys [?]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
S1 52802f2d.sys;52802f2d.sys;\??\c:\windows\system32\drivers\52802f2d.sys --> c:\windows\system32\drivers\52802f2d.sys [?]
S4 CSIScanner;CSIScanner;"c:\program files\prevx\prevx.exe" /service --> c:\program files\prevx\prevx.exe [?]

=============== Created Last 30 ================

2009-11-02 05:25:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 05:25:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 05:25:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 07:52:33 0 d-----w- c:\program files\Trend Micro
2009-10-28 07:54:22 0 d-----w- c:\documents and settings\thanhtu. nguyen\DoctorWeb
2009-10-06 02:57:39 0 d-----w- c:\program files\DivX

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 05:25:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-21 06:11:36 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2004-07-02 19:19:02 40960 ----a-w- c:\windows\inf\wg311v2\imdinst.exe
2004-06-18 06:41:16 386688 ----a-w- c:\windows\inf\wg311v2\netwg311_XP.sys
2004-04-04 20:07:40 84912 ----a-w- c:\windows\inf\wg311v2\FwRad17.bin
2004-04-04 20:07:36 83320 ----a-w- c:\windows\inf\wg311v2\FwRad16.bin
2004-02-04 19:53:26 62865 ----a-w- c:\windows\inf\wg311v2\odysseyIM3.sys
2004-02-04 19:53:22 12739 ----a-w- c:\windows\inf\wg311v2\odNetInstall.dll
2009-07-06 16:53:05 0 --sha-w- c:\windows\system32\babopise.dll
2009-07-06 16:54:08 0 --sha-w- c:\windows\system32\bamekoro.dll
2009-07-06 16:53:05 0 --sha-w- c:\windows\system32\biwodasa.dll
2009-07-06 16:50:23 0 --sha-w- c:\windows\system32\dazukepu.dll
2009-07-06 16:52:06 0 --sha-w- c:\windows\system32\faniyoko.dll
2009-07-06 16:55:06 0 --sha-w- c:\windows\system32\hatukame.dll
2009-07-06 16:51:14 0 --sha-w- c:\windows\system32\jalaloju.dll
2009-07-06 16:53:05 0 --sha-w- c:\windows\system32\jarigoja.dll
2009-07-06 16:51:14 0 --sha-w- c:\windows\system32\lekosasa.dll
2009-07-06 16:50:23 0 --sha-w- c:\windows\system32\mazelosi.dll
2009-07-06 16:54:08 0 --sha-w- c:\windows\system32\muditufi.dll
2009-07-06 16:52:06 0 --sha-w- c:\windows\system32\neyeriyi.dll
2009-07-06 16:56:34 0 --sha-w- c:\windows\system32\nilayuti.dll
2009-07-06 16:54:08 0 --sha-w- c:\windows\system32\nivibuke.dll
2009-07-06 16:52:06 0 --sha-w- c:\windows\system32\pimiheba.dll
2009-07-06 16:55:06 0 --sha-w- c:\windows\system32\talukota.dll
2009-07-06 16:50:23 0 --sha-w- c:\windows\system32\vewowoge.dll
2009-07-06 16:51:14 0 --sha-w- c:\windows\system32\wodayagu.dll
2009-07-06 16:56:34 0 --sha-w- c:\windows\system32\wuguyibu.dll
2009-07-06 16:55:06 0 --sha-w- c:\windows\system32\zasovore.dll

============= FINISH: 14:17:33.75 ===============

two4you8
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 26088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by two4you8 on 2nd November 2009, 10:20 pm

and this is the attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/26/2009 9:28:53 PM
System Uptime: 11/1/2009 10:18:01 PM (16 hours ago)

Motherboard: Intel Corporation | | D875PBZ
Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | J2E1 | 1800/100mhz

==== Disk Partitions =========================

A: is Removable
C: is fȋxed (NTFS) - 53 GiB total, 37.656 GiB free.
D: is fȋxed (NTFS) - 59 GiB total, 58.188 GiB free.
E: is fȋxed (NTFS) - 56 GiB total, 55.549 GiB free.
F: is fȋxed (NTFS) - 19 GiB total, 12.529 GiB free.
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP136: 8/6/2009 7:26:45 AM - System Checkpoint
RP137: 8/7/2009 8:25:42 AM - System Checkpoint
RP138: 8/8/2009 9:25:42 AM - System Checkpoint
RP139: 8/8/2009 9:37:37 PM - Removed Ventrilo Client
RP140: 8/10/2009 3:27:42 AM - System Checkpoint
RP141: 8/11/2009 3:41:43 AM - System Checkpoint
RP142: 8/12/2009 3:47:51 AM - System Checkpoint
RP143: 8/12/2009 5:54:24 PM - Software Distribution Service 3.0
RP144: 8/14/2009 4:01:44 AM - System Checkpoint
RP145: 8/15/2009 4:06:12 AM - System Checkpoint
RP146: 8/17/2009 12:25:49 PM - System Checkpoint
RP147: 8/18/2009 3:17:59 PM - System Checkpoint
RP148: 8/19/2009 3:25:58 PM - System Checkpoint
RP149: 8/20/2009 3:57:42 PM - System Checkpoint
RP150: 8/22/2009 2:57:55 AM - System Checkpoint
RP151: 8/23/2009 4:28:39 AM - System Checkpoint
RP152: 8/24/2009 5:25:57 AM - System Checkpoint
RP153: 8/24/2009 6:47:44 PM - Installed Ventrilo Client
RP154: 8/26/2009 12:09:08 AM - System Checkpoint
RP155: 8/26/2009 3:00:16 AM - Software Distribution Service 3.0
RP156: 8/27/2009 3:15:38 AM - System Checkpoint
RP157: 8/28/2009 3:49:28 AM - System Checkpoint
RP158: 8/29/2009 5:01:29 AM - System Checkpoint
RP159: 8/30/2009 5:41:08 AM - System Checkpoint
RP160: 8/31/2009 6:41:06 AM - System Checkpoint
RP161: 9/1/2009 7:41:06 AM - System Checkpoint
RP162: 9/2/2009 8:41:07 AM - System Checkpoint
RP163: 9/2/2009 10:25:13 PM - Installed Java(TM) 6 Update 16
RP164: 9/4/2009 2:38:10 AM - System Checkpoint
RP165: 9/5/2009 2:52:27 AM - System Checkpoint
RP166: 9/7/2009 1:06:55 AM - System Checkpoint
RP167: 9/8/2009 1:20:30 AM - System Checkpoint
RP168: 9/9/2009 1:20:43 AM - System Checkpoint
RP169: 9/10/2009 1:38:50 AM - System Checkpoint
RP170: 9/10/2009 3:00:16 AM - Software Distribution Service 3.0
RP171: 9/11/2009 3:02:37 AM - System Checkpoint
RP172: 9/12/2009 3:21:13 AM - System Checkpoint
RP173: 9/13/2009 11:51:09 PM - System Checkpoint
RP174: 9/15/2009 12:29:58 AM - System Checkpoint
RP175: 9/16/2009 1:18:06 AM - System Checkpoint
RP176: 9/17/2009 2:03:56 AM - System Checkpoint
RP177: 9/18/2009 2:16:28 AM - System Checkpoint
RP178: 9/19/2009 2:16:35 AM - System Checkpoint
RP179: 9/21/2009 12:52:58 AM - System Checkpoint
RP180: 9/22/2009 1:06:54 AM - System Checkpoint
RP181: 9/23/2009 1:49:11 AM - System Checkpoint
RP182: 9/24/2009 2:04:20 AM - System Checkpoint
RP183: 9/25/2009 2:12:18 AM - System Checkpoint
RP184: 9/26/2009 2:22:30 AM - System Checkpoint
RP185: 9/27/2009 2:53:53 PM - System Checkpoint
RP186: 9/28/2009 5:54:22 PM - System Checkpoint
RP187: 9/30/2009 2:01:11 AM - System Checkpoint
RP188: 10/1/2009 3:27:45 AM - System Checkpoint
RP189: 10/2/2009 3:31:32 AM - System Checkpoint
RP190: 10/3/2009 3:44:22 AM - System Checkpoint
RP191: 10/4/2009 4:47:34 AM - System Checkpoint
RP192: 10/5/2009 5:35:53 AM - System Checkpoint
RP193: 10/6/2009 6:49:56 AM - System Checkpoint
RP194: 10/7/2009 7:34:37 AM - System Checkpoint
RP195: 10/8/2009 8:23:46 AM - System Checkpoint
RP196: 10/9/2009 8:40:26 AM - System Checkpoint
RP197: 10/10/2009 9:40:25 AM - System Checkpoint
RP198: 10/11/2009 10:52:05 AM - System Checkpoint
RP199: 10/12/2009 11:40:25 AM - System Checkpoint
RP200: 10/12/2009 2:16:30 PM - Software Distribution Service 3.0
RP201: 10/13/2009 10:57:28 PM - Software Distribution Service 3.0
RP202: 10/14/2009 11:56:45 PM - System Checkpoint
RP203: 10/16/2009 12:47:49 AM - System Checkpoint
RP204: 10/17/2009 1:33:21 AM - System Checkpoint
RP205: 10/18/2009 2:37:49 AM - System Checkpoint
RP206: 10/18/2009 11:10:59 AM - Printer Driver Adobe PDF Converter Installed
RP207: 10/19/2009 11:17:23 AM - System Checkpoint
RP208: 10/20/2009 5:28:41 PM - System Checkpoint
RP209: 10/21/2009 5:56:12 PM - System Checkpoint
RP210: 10/22/2009 11:20:10 PM - System Checkpoint
RP211: 10/23/2009 11:22:10 PM - System Checkpoint
RP212: 10/25/2009 3:20:17 AM - System Checkpoint
RP213: 10/26/2009 3:33:49 AM - System Checkpoint
RP214: 10/27/2009 3:34:17 AM - System Checkpoint
RP215: 10/28/2009 4:18:32 AM - System Checkpoint
RP216: 10/29/2009 4:50:04 AM - System Checkpoint
RP217: 10/30/2009 6:26:35 AM - System Checkpoint
RP218: 10/31/2009 7:24:26 AM - System Checkpoint
RP219: 11/1/2009 7:28:55 AM - System Checkpoint
RP220: 11/2/2009 8:23:06 AM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
AIM 6
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HydraVision
BlackBerry Desktop Software 4.6
Brother HL-2140
CheckIt Diagnostics
Connection Keep Alive
Creative System Information
DJBCP Codec Pack
GTOneCare
Heroes of Newerth
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
InCD
InCD EasyWrite Reader
Intel(R) PRO Network Adapters and Drivers
Java(TM) 6 Update 16
Letter Chase Typing Tutor 3.5
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing Deluxe 16
Microsoft ActiveSync 4.0
Microsoft Application Error Reporting
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.4)
MSXML 4.0 SP2 (KB954430)
Nero 6 Ultra Edition
NeroMIX
NeroVision Express 2
NETGEAR WG311v2 802.11g Wireless PCI Adapter
Norton Cleanup
Norton Internet Security
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Basic Edition
Norton Utilities
PerformanceTest
QuickTime
Roxio Media Manager
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sound Blaster Live!
Uninstall LAC VIET mtd2002-EVA
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Ventrilo Client
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Movie Maker 2.0
Windows XP Service Pack 3
XP Codec Pack

==== Event Viewer Messages From Past Week ========

10/29/2009 12:35:58 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pxscan pxsec
10/29/2009 12:34:34 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
10/29/2009 12:34:34 AM, error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The system cannot find the path specified.
10/29/2009 12:05:08 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer THANHTUNGNGUYEN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B8329BF6-27F. The master browser is stopping or an election is being forced.
10/28/2009 3:59:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pxscan pxsec SRTSP
10/28/2009 3:57:56 PM, error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
10/28/2009 3:57:56 PM, error: SRTSP [4] - Error loading virus definitions.
10/28/2009 3:52:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service to connect.

==== End Of File ===========================

two4you8
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 26088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by Belahzur on 3rd November 2009, 12:30 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Viewpoint Media Player

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    fjm30dd
    52802f2d.sys

    :files
    c:\windows\system32\babopise.dll
    c:\windows\system32\bamekoro.dll
    c:\windows\system32\biwodasa.dll
    c:\windows\system32\dazukepu.dll
    c:\windows\system32\faniyoko.dll
    c:\windows\system32\hatukame.dll
    c:\windows\system32\jalaloju.dll
    c:\windows\system32\jarigoja.dll
    c:\windows\system32\lekosasa.dll
    c:\windows\system32\mazelosi.dll
    c:\windows\system32\muditufi.dll
    c:\windows\system32\neyeriyi.dll
    c:\windows\system32\nilayuti.dll
    c:\windows\system32\nivibuke.dll
    c:\windows\system32\pimiheba.dll
    c:\windows\system32\talukota.dll
    c:\windows\system32\vewowoge.dll
    c:\windows\system32\wodayagu.dll
    c:\windows\system32\wuguyibu.dll
    c:\windows\system32\zasovore.dll


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by two4you8 on 3rd November 2009, 5:57 am

So i have done exactly what you asked but some of them i get an error message saying something like its not a valid image or something. but here are the logs. thanks.

========== SERVICES/DRIVERS ==========

Service\Driver fjm30dd deleted successfully.

Service\Driver 52802f2d.sys deleted successfully.
========== FILES ==========
LoadLibrary failed for c:\windows\system32\babopise.dll
c:\windows\system32\babopise.dll NOT unregistered.
c:\windows\system32\babopise.dll moved successfully.
LoadLibrary failed for c:\windows\system32\bamekoro.dll
c:\windows\system32\bamekoro.dll NOT unregistered.
c:\windows\system32\bamekoro.dll moved successfully.
LoadLibrary failed for c:\windows\system32\biwodasa.dll
c:\windows\system32\biwodasa.dll NOT unregistered.
c:\windows\system32\biwodasa.dll moved successfully.
LoadLibrary failed for c:\windows\system32\dazukepu.dll
c:\windows\system32\dazukepu.dll NOT unregistered.
c:\windows\system32\dazukepu.dll moved successfully.
LoadLibrary failed for c:\windows\system32\faniyoko.dll
c:\windows\system32\faniyoko.dll NOT unregistered.
c:\windows\system32\faniyoko.dll moved successfully.
LoadLibrary failed for c:\windows\system32\hatukame.dll
c:\windows\system32\hatukame.dll NOT unregistered.
c:\windows\system32\hatukame.dll moved successfully.
LoadLibrary failed for c:\windows\system32\jalaloju.dll
c:\windows\system32\jalaloju.dll NOT unregistered.
c:\windows\system32\jalaloju.dll moved successfully.
LoadLibrary failed for c:\windows\system32\jarigoja.dll
c:\windows\system32\jarigoja.dll NOT unregistered.
c:\windows\system32\jarigoja.dll moved successfully.
LoadLibrary failed for c:\windows\system32\lekosasa.dll
c:\windows\system32\lekosasa.dll NOT unregistered.
c:\windows\system32\lekosasa.dll moved successfully.
LoadLibrary failed for c:\windows\system32\mazelosi.dll
c:\windows\system32\mazelosi.dll NOT unregistered.
c:\windows\system32\mazelosi.dll moved successfully.
LoadLibrary failed for c:\windows\system32\muditufi.dll
c:\windows\system32\muditufi.dll NOT unregistered.
c:\windows\system32\muditufi.dll moved successfully.
LoadLibrary failed for c:\windows\system32\neyeriyi.dll
c:\windows\system32\neyeriyi.dll NOT unregistered.
c:\windows\system32\neyeriyi.dll moved successfully.
LoadLibrary failed for c:\windows\system32\nilayuti.dll
c:\windows\system32\nilayuti.dll NOT unregistered.
c:\windows\system32\nilayuti.dll moved successfully.
LoadLibrary failed for c:\windows\system32\nivibuke.dll
c:\windows\system32\nivibuke.dll NOT unregistered.
c:\windows\system32\nivibuke.dll moved successfully.
LoadLibrary failed for c:\windows\system32\pimiheba.dll
c:\windows\system32\pimiheba.dll NOT unregistered.
c:\windows\system32\pimiheba.dll moved successfully.
LoadLibrary failed for c:\windows\system32\talukota.dll
c:\windows\system32\talukota.dll NOT unregistered.
c:\windows\system32\talukota.dll moved successfully.
LoadLibrary failed for c:\windows\system32\vewowoge.dll
c:\windows\system32\vewowoge.dll NOT unregistered.
c:\windows\system32\vewowoge.dll moved successfully.
LoadLibrary failed for c:\windows\system32\wodayagu.dll
c:\windows\system32\wodayagu.dll NOT unregistered.
c:\windows\system32\wodayagu.dll moved successfully.
LoadLibrary failed for c:\windows\system32\wuguyibu.dll
c:\windows\system32\wuguyibu.dll NOT unregistered.
c:\windows\system32\wuguyibu.dll moved successfully.
LoadLibrary failed for c:\windows\system32\zasovore.dll
c:\windows\system32\zasovore.dll NOT unregistered.
c:\windows\system32\zasovore.dll moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 11022009_215448

two4you8
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 26088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by Belahzur on 3rd November 2009, 8:01 pm

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by two4you8 on 3rd November 2009, 10:35 pm

yea my computer is still the same. Videos on youtube are buffering really slow and i still cant start safe mode. Please help me. Thank you.

two4you8
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 26088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by Belahzur on 4th November 2009, 1:38 am

What browser are you using?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by two4you8 on 4th November 2009, 4:02 am

Mozilla Firefox 5.0

two4you8
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 26088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by Belahzur on 5th November 2009, 1:03 am

Have you got the latest flash installed?

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by two4you8 on 5th November 2009, 5:45 am

yea i have the latest flash installed. But my main problem is why i cant start safe mode, i think i might have a virus that prevents it. Thank you.

two4you8
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 26088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by two4you8 on 7th November 2009, 8:50 am

So is there any other way to resolve this problem?

two4you8
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 26088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by Dr Jay on 7th November 2009, 9:50 pm

For YouTube buffering issues, right-click on every video you watch, and click Settings. Then, uncheck Enable Hardware Acceleration.

Then, while in your YouTube account, hover over your name in the top right hand corner and click Account.

Click Playback Setup on the left. Then, fill in the circle on the left of the following phrase: I have a slow connection. Never play higher-quality video.
Click Save Changes.

Did this help?

==

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302989
# Likes # Likes : 10

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by two4you8 on 9th November 2009, 6:52 am

Im not that good with computers and stuff but i will try to explain some of the symptoms that i see.

1. I have Norton Systemworks and they have this thing called Norton Diskdoctor and what that does is to diagnose my disk and fix it but when i try to scan and fix my C drive, it wouldnt let me.

2. Also i see weird copy of my files. So for example i wrote a .doc file and save it onto my destop under the name "theoryofrelativity.doc" and when i open it i would see a copy of it on the destop under the name "~$eoryofrelativity.doc" same goes for "my documents" but i deleted the weird "my documents" already.

3. When i open my C drive, i see some faint colored files and weird names. some of them are pretty big, like "pagefile.sys" which is around 2,000,000 KB and "hiberfil.sys" which is around the same size.

4. Also when i try to open the "System volume information" in my C drive, it wouldnt let me open the folder and saids "It is not accessible, access denied" and i try deleting it and it didnt let me.


Please help me i really need help thanks.

two4you8
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 26088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by Dr Jay on 10th November 2009, 12:43 am

You were not able to do anything I asked for above?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302989
# Likes # Likes : 10

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by two4you8 on 10th November 2009, 6:56 am

this is the log for the malware byte. Also i seem to have a tracking cookie that everytime i scan with norton anti virus, it seems to remove it but then i scan again and its still see it. Please help, thank you.

Malwarebytes' Anti-Malware 1.41
Database version: 3131
Windows 5.1.2600 Service Pack 3

11/9/2009 8:50:47 AM
mbam-log-2009-11-09 (08-50-47).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 162793
Time elapsed: 46 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

two4you8
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 26088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by Dr Jay on 10th November 2009, 7:00 am

Tracking cookies are usually harmless.

Those files with ~ attached to them were temp files, because the file was opened before. Those are usually hȋdden.

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302989
# Likes # Likes : 10

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by two4you8 on 10th November 2009, 8:25 am

here is the result. thank you for much for helping.

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
GTOneCare
Norton Internet Security
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 16
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

two4you8
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 26088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant run safe mode!! please help!!

Post by Dr Jay on 10th November 2009, 3:28 pm

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302989
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum