ComputerForum.com ComputerForum.com  
Go Back   Computer Forum > Computer Software > Computer Security
My computer won't let me go into safe mode. My computer won't let me go into safe mode.
Register FAQ Members List Calendar Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
Old 12-05-2006, 06:08 AM   #1 (permalink)
New Member
 
Join Date: Dec 2006
Posts: 1
Default My computer won't let me go into safe mode.
I can't use system restore either. It made my internet connections disappear for a while but now they're back. Everytime I tried to scan in system 32 my computer would crash. I don't know what the problem is but i'm sure it's bad. Here's my hjt (HiJack This) log, thanks in advance:





Logfile of HijackThis v1.99.1
Scan saved at 9:37:14 PM, on 12/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe
E:\Programs\Firefox\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\End User\Desktop\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files\No More Cookies\No More Cookies.exe
O9 - Extra 'Tools' menuitem: No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files\No More Cookies\No More Cookies.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1154480598313
O17 - HKLM\System\CCS\Services\Tcpip\..\{B32485E6-A521-4569-92F5-2C5D6B538422}: NameServer = 216.165.129.157
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programs\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programs\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Generic Host Process for Win32 Service - Unknown owner - C:\WINDOWS\
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
markstandridge1 is offline   Reply With Quote


Old 12-05-2006, 06:46 AM   #2 (permalink)
banned
 
Join Date: Aug 2006
Posts: 4,711
Default
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

That is a problem if it's in the Windows directory. If that's the case, then it's a trojan.
SirKenin is offline   Reply With Quote
Old 12-05-2006, 09:16 AM   #3 (permalink)
Digaredd
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 6,927
Default
Download AVG anti-rootkit.

http://beta.grisoft.cz/beta/betarep....t_1.0.0.13.exe

Install and run the program, select "search for rootkits" and post the results.
__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!
Buzz1927 is offline   Reply With Quote
Old 12-05-2006, 09:32 AM   #4 (permalink)
Administrator
 
apj101's Avatar
 
Join Date: Apr 2005
Location: London
Age: 26
Posts: 9,360
Default
moved to security section
__________________
TechZine
What did one snow man say to the other?
can you smell carrot?

The fight is won or lost far away from witnesses - behind the lines, in the gym, and out there on the road, long before I dance under those lights.

How you do anything, is how you do everything!
apj101 is offline   Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Delete Viruses in safe mode?? grazhopper Computer Security 1 10-11-2006 03:19 AM
only load in safe mode Dogmagts60 Desktop Computers 2 10-09-2006 06:27 AM
safe mode scroudt General Computer Chat 3 07-10-2006 08:36 PM
Computer only starts in safe mode!!! ranzy Desktop Computers 2 06-10-2006 08:01 PM
My Computer Guide... jbrown456 General Software 0 10-18-2005 03:16 AM

All times are GMT +1. The time now is 01:07 PM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.7.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.
Copyright © 2002-2008 Computer Forum and Web Design Forum