Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop driver dvd email error excel excel 2003 firefox hard drive hardware hdmi hijackthis internet itunes keyboard laptop malware monitor network networking outlook problem ram recovery router screen slow sound spyware tdlwsp.dll trojan vba video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: Packed.rolex virus

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 3 of 6 12 3 456
 
Thread Tools
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
29-Jun-2009, 07:31 AM #31
I know you are busy, but I was wondering what you thought of those logs because my son needs this laptop back asap. He is taking a summer class and will be needing it asap.

Thanks...
Rosemary
Register for free to hide this ad!
Cookiegal's Avatar
Administrator with 63,623 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
29-Jun-2009, 06:59 PM #32
Please disable Windows Defender and run the CF Script again as it didn't work so something is blocking it.
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
29-Jun-2009, 08:09 PM #33
Still isn't running....it opens in a blut window that has Administrator at the top, that isn't how it was running before??? It was running in a black window before.

Rosemary
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
29-Jun-2009, 10:09 PM #34
sorry...that's a "blue" window....
Cookiegal's Avatar
Administrator with 63,623 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
30-Jun-2009, 02:28 PM #35
Can you run a regular scan with ComboFix (not the CFScript) and if that works, post the new log please.
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
30-Jun-2009, 04:16 PM #36
Can't seem to run it regardless. I have tried uninstalling and reinstalling, etc. Tried getting it from different sites, etc. Won't run anything but that scan that I previously posted .... the one that you said didn't run.
???

Rosemary
Cookiegal's Avatar
Administrator with 63,623 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
30-Jun-2009, 06:12 PM #37
I see you didn't rename ComboFix so try removing it again and then when you download it, rename ComboFix.exe to Combo-Fix.exe. Then see if you can get it to run. If not, try running it in safe mode.
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
30-Jun-2009, 08:46 PM #38
Yes you were right.....And I uninstalled it and reinstalled it and renamed it, disabled Windows Defender and it still won't run. And for some reason the computer will not boot in safe mode now. It gets stuck after I put in the password and a blue box appears in the toolbar like there is a window open, but it is just dark blue and the computer won't go past that point in the booting process.

Rosemary
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
30-Jun-2009, 09:23 PM #39
i ran the combofix both with windows defender enabled and disabled and it still comes up the same....Her is the log with it disabled.....and it shows it as enabled.....very strange..

ComboFix 09-06-26.02 - Jason Nordeman 06/27/2009 21:16.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1287 [GMT -4:00]
Running from: E:\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-28 01:23 . 2009-06-28 01:23 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\temp
2009-06-27 14:48 . 2009-06-27 14:48 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\data
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\quicktime
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\META-INF
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\com
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
2009-06-26 02:11 . 2009-06-26 02:42 -------- d-s---w- C:\Combo-Fix
2009-06-25 12:48 . 2009-06-25 11:41 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-25 12:40 . 2009-06-27 17:00 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-25 11:43 . 2009-06-14 20:07 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-06-25 11:41 . 2009-06-25 11:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 11:41 . 2009-06-25 11:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-25 11:41 . 2009-06-25 11:41 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 11:41 . 2009-06-25 11:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-25 11:41 . 2009-06-25 11:43 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-25 11:41 . 2009-06-25 11:43 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-24 21:44 . 2009-06-24 21:52 -------- d-----w- c:\windows\BDOSCAN8
2009-06-22 10:46 . 2009-06-22 10:46 93 ----a-w- c:\windows\system32\SKYNET.dat
2009-06-21 18:01 . 2009-06-21 18:01 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\Malwarebytes
2009-06-21 18:00 . 2009-06-21 18:00 -------- d-----w- c:\programdata\Malwarebytes
2009-06-13 16:39 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 16:39 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-12 20:34 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 20:34 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-09 22:31 . 2009-06-09 22:31 758088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2009-05-30 18:11 . 2009-05-30 18:27 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\W Photo Studio
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\programdata\Walgreens
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\Walgreens
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\program files\Common Files\HP
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\program files\Walgreens
2009-05-30 18:00 . 2009-05-30 18:27 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\W Photo Studio Viewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 01:12 . 2008-11-09 18:05 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\SUPERAntiSpyware.com
2009-06-28 01:12 . 2008-11-09 18:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-27 11:26 . 2009-03-16 18:29 -------- d-----w- c:\programdata\avg8
2009-06-25 23:18 . 2007-05-09 13:46 -------- d-----w- c:\program files\Corel
2009-06-25 23:17 . 2007-05-09 13:54 -------- d-----w- c:\program files\Google
2009-06-24 20:37 . 2009-04-10 00:28 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-22 10:47 . 2007-05-14 22:59 13448 ----a-w- c:\users\Jason Nordeman\AppData\Roaming\nvModes.dat
2009-06-21 17:49 . 2007-06-26 12:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-19 16:03 . 2007-06-05 16:37 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\LimeWire
2009-06-15 13:46 . 2009-04-19 20:39 -------- d-----w- c:\program files\Dl_cats
2009-06-10 13:36 . 2009-04-20 05:29 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\DellFaxCtr
2009-05-27 20:05 . 2009-05-27 19:50 -------- d-----w- c:\program files\Coupons
2009-05-16 16:06 . 2009-05-16 16:06 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-14 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-03 23:00 . 2007-06-05 16:37 -------- d-----w- c:\program files\LimeWire
2009-05-01 21:29 . 2007-05-15 00:03 -------- d-----w- c:\programdata\AOL
2009-04-24 16:05 . 2009-06-12 20:33 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-12 20:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-12 20:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-12 20:33 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2007-05-09 21:21 . 2007-05-09 21:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-06-26_02.38.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-09 14:07 . 2009-06-27 11:28 45488 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-28 00:58 63858 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-05-14 22:25 . 2009-06-28 00:58 14184 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2996572545-135866921-4033492168-1000_UserData.bin
- 2009-06-26 02:26 . 2009-06-26 02:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-27 11:26 . 2009-06-28 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-27 11:26 . 2009-06-28 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-26 02:26 . 2009-06-26 02:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-05-14 22:59 . 2009-06-27 11:16 238614 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-06-28 01:03 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-26 02:34 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-26 02:34 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-28 01:03 101350 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SCClient.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SCClient.exe.lnk
backup=c:\windows\pss\SCClient.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2996572545-135866921-4033492168-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{30D18C48-2E87-4AB5-B5F5-5C5C90D409BE}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{33ECB0B3-0BA8-4AEF-A847-3DE8AB30765A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{752A2A26-7848-4B6F-95F5-99C961DD44D0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{44AC46A5-5D40-4064-96EE-72C1852EB6F8}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{40AA8754-CC61-4C37-92CC-18E467D9FF9E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CAEDFBF3-8AC1-4501-9187-7B6C3AE33A99}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2B0C8748-C298-4593-9A2C-F711CE3BF54B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{565BCD25-E083-4F79-95BE-CA8B17076CBD}"= UDP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"{C63E095A-D1A0-48BC-AB5A-453C57DB18E9}"= TCP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"{1BEF7C0B-FA0A-4A4A-8C3F-4D27EA4F706D}"= UDP:c:\users\Jason Nordeman\Desktop\Office, pp, excel\Shared\LimeWire\LimeWire.exe:LimeWire
"{ED31C1C4-A6AD-4BDD-95F3-FD502A945883}"= TCP:c:\users\Jason Nordeman\Desktop\Office, pp, excel\Shared\LimeWire\LimeWire.exe:LimeWire
"{E0D5481E-022F-4EF1-8E73-ECBC0F06C920}"= UDP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"{981B494F-F1CE-40FB-B17C-0AFD5C540E0E}"= TCP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C4596475-1235-497F-A66C-B4D67FCAD7A9}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AF475501-7225-430C-988D-2A6E013A29B5}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1ADC034B-24D0-4A4E-8F68-68E50C690B8A}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{D4FF6448-E444-46D6-A271-BA1D2AFEA691}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{432D73F0-7642-43D9-87DC-9F68B74F2CE0}c:\\users\\jason nordeman\\desktop\\new folder (2)\\soulseek\\slsk.exe"= UDP:c:\users\jason nordeman\desktop\new folder (2)\soulseek\slsk.exe:slsk.exe
"UDP Query User{FACFF2AA-A4F9-458E-95D1-F6CD1EE9F7B5}c:\\users\\jason nordeman\\desktop\\new folder (2)\\soulseek\\slsk.exe"= TCP:c:\users\jason nordeman\desktop\new folder (2)\soulseek\slsk.exe:slsk.exe
"TCP Query User{322DAA30-8DA3-4C37-9C85-B5CEF9F40FE8}c:\\users\\jason nordeman\\desktop\\new folder\\soulseek\\slsk.exe"= UDP:c:\users\jason nordeman\desktop\new folder\soulseek\slsk.exe:slsk.exe
"UDP Query User{9F5ED81A-1F16-4F64-AB61-F41C9897B5BD}c:\\users\\jason nordeman\\desktop\\new folder\\soulseek\\slsk.exe"= TCP:c:\users\jason nordeman\desktop\new folder\soulseek\slsk.exe:slsk.exe
"TCP Query User{1751EDD1-3958-4FD3-95BD-A6B80B23B128}c:\\users\\jason nordeman\\desktop\\soulseek\\slsk.exe"= UDP:c:\users\jason nordeman\desktop\soulseek\slsk.exe:slsk.exe
"UDP Query User{6A3D6779-DA09-4D53-8FC9-D81790679962}c:\\users\\jason nordeman\\desktop\\soulseek\\slsk.exe"= TCP:c:\users\jason nordeman\desktop\soulseek\slsk.exe:slsk.exe
"{5612308F-E23E-41A3-8E8F-66EE85702116}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6C62D755-6B0D-433F-BEE3-477E65302824}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{93EA2948-2AC6-4714-B668-CD8E389D7EB7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7FE49F12-FD2C-44D3-B448-A0332C9DCC27}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A31D874D-C774-4C50-9B37-EFEACEDB7126}"= UDP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{53CACE5E-F6F6-43A2-9F4A-8DCE351D4777}"= TCP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{EBADB57F-E90E-40F5-84BD-6C96A9614010}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exeevice Monitor
"{F598B523-83A8-4254-896D-63C7555B199C}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exeevice Monitor
"{4D21C11A-78EA-451E-9EE6-F0972D57AB40}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{EB5045ED-A6F7-4C5F-BC2E-141F40265387}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{04133352-B104-419F-9DAC-EA90F86045E1}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{163E3D9F-747E-4609-862C-86EE434602CF}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/25/2009 7:41 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [6/25/2009 7:41 AM 108552]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
R2 scManager;SafeConnect Network manager ;c:\program files\Impulse\scManager.sys servicestart --> c:\program files\Impulse\scManager.sys servicestart [?]
R3 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/25/2009 7:41 AM 298776]
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.wcupa.edu/exchweb/bi...ange/&reason=0
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 21:23
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\JASONN~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-28 21:27
ComboFix-quarantined-files.txt 2009-06-28 01:27
ComboFix2.txt 2009-06-26 02:42

Pre-Run: 12,120,854,528 bytes free
Post-Run: 11,720,769,536 bytes free

189 --- E O F --- 2009-06-22 22:50
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
01-Jul-2009, 07:41 AM #40
once again I went into services.msc and made sure that windows defender was set to disabled and ran a log, but I don't think it is any different....here it is though:

ComboFix 09-06-29.07 - Jason Nordeman 07/01/2009 7:25.12 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1150 [GMT -4:00]
Running from: c:\users\Jason Nordeman\Desktop\combo-fix.exe.exe
Command switches used :: c:\users\Jason Nordeman\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-07-01 11:30 . 2009-07-01 11:30 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\temp
2009-06-30 20:11 . 2009-07-01 00:02 -------- d-----w- C:\ComboFix
2009-06-28 22:44 . 2009-06-28 22:44 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2009-06-27 14:48 . 2009-06-27 14:48 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\data
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\quicktime
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\META-INF
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\com
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
2009-06-25 12:48 . 2009-06-25 11:41 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-25 12:40 . 2009-06-30 22:47 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-25 11:41 . 2009-06-25 11:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 11:41 . 2009-06-25 11:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-25 11:41 . 2009-06-25 11:41 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 11:41 . 2009-06-25 11:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-25 11:41 . 2009-06-30 23:54 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-24 21:44 . 2009-06-24 21:52 -------- d-----w- c:\windows\BDOSCAN8
2009-06-22 10:46 . 2009-06-22 10:46 93 ----a-w- c:\windows\system32\SKYNET.dat
2009-06-21 18:01 . 2009-06-21 18:01 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\Malwarebytes
2009-06-21 18:00 . 2009-06-21 18:00 -------- d-----w- c:\programdata\Malwarebytes
2009-06-13 16:39 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 16:39 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-12 20:34 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 20:34 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 21:47 . 2009-03-16 18:29 -------- d-----w- c:\programdata\avg8
2009-06-28 01:12 . 2008-11-09 18:05 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\SUPERAntiSpyware.com
2009-06-28 01:12 . 2008-11-09 18:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-25 23:18 . 2007-05-09 13:46 -------- d-----w- c:\program files\Corel
2009-06-25 23:17 . 2007-05-09 13:54 -------- d-----w- c:\program files\Google
2009-06-24 20:37 . 2009-04-10 00:28 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-22 10:47 . 2007-05-14 22:59 13448 ----a-w- c:\users\Jason Nordeman\AppData\Roaming\nvModes.dat
2009-06-21 17:49 . 2007-06-26 12:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-19 16:03 . 2007-06-05 16:37 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\LimeWire
2009-06-15 13:46 . 2009-04-19 20:39 -------- d-----w- c:\program files\Dl_cats
2009-06-10 13:36 . 2009-04-20 05:29 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\DellFaxCtr
2009-05-30 18:27 . 2009-05-30 18:11 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\W Photo Studio
2009-05-30 18:27 . 2009-05-30 18:00 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\W Photo Studio Viewer
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\programdata\Walgreens
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\Walgreens
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\program files\Common Files\HP
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\program files\Walgreens
2009-05-27 20:05 . 2009-05-27 19:50 -------- d-----w- c:\program files\Coupons
2009-05-16 16:06 . 2009-05-16 16:06 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-14 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-03 23:00 . 2007-06-05 16:37 -------- d-----w- c:\program files\LimeWire
2009-04-24 16:05 . 2009-06-12 20:33 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-12 20:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-12 20:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-12 20:33 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2007-05-09 21:21 . 2007-05-09 21:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-06-26_02.38.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-09 14:07 . 2009-07-01 00:22 45738 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-01 00:53 64000 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-05-14 22:25 . 2009-07-01 00:53 14216 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2996572545-135866921-4033492168-1000_UserData.bin
+ 2006-11-02 13:02 . 2009-06-30 23:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2006-11-02 13:02 . 2009-06-26 02:06 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2006-11-02 13:02 . 2009-06-26 02:06 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-06-30 23:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-06-30 23:52 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-06-26 02:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2007-05-17 00:20 . 2009-06-28 12:29 4522 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-07-01 00:43 . 2009-07-01 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-26 02:26 . 2009-06-26 02:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-01 00:43 . 2009-07-01 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-26 02:26 . 2009-06-26 02:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-05-14 22:59 . 2009-07-01 10:47 239774 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-07-01 10:48 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-26 02:34 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-26 02:34 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-01 10:48 101350 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SCClient.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SCClient.exe.lnk
backup=c:\windows\pss\SCClient.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2996572545-135866921-4033492168-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{30D18C48-2E87-4AB5-B5F5-5C5C90D409BE}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{33ECB0B3-0BA8-4AEF-A847-3DE8AB30765A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{752A2A26-7848-4B6F-95F5-99C961DD44D0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{44AC46A5-5D40-4064-96EE-72C1852EB6F8}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{40AA8754-CC61-4C37-92CC-18E467D9FF9E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CAEDFBF3-8AC1-4501-9187-7B6C3AE33A99}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2B0C8748-C298-4593-9A2C-F711CE3BF54B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{565BCD25-E083-4F79-95BE-CA8B17076CBD}"= UDP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"{C63E095A-D1A0-48BC-AB5A-453C57DB18E9}"= TCP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"{1BEF7C0B-FA0A-4A4A-8C3F-4D27EA4F706D}"= UDP:c:\users\Jason Nordeman\Desktop\Office, pp, excel\Shared\LimeWire\LimeWire.exe:LimeWire
"{ED31C1C4-A6AD-4BDD-95F3-FD502A945883}"= TCP:c:\users\Jason Nordeman\Desktop\Office, pp, excel\Shared\LimeWire\LimeWire.exe:LimeWire
"{E0D5481E-022F-4EF1-8E73-ECBC0F06C920}"= UDP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"{981B494F-F1CE-40FB-B17C-0AFD5C540E0E}"= TCP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C4596475-1235-497F-A66C-B4D67FCAD7A9}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AF475501-7225-430C-988D-2A6E013A29B5}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1ADC034B-24D0-4A4E-8F68-68E50C690B8A}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{D4FF6448-E444-46D6-A271-BA1D2AFEA691}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{432D73F0-7642-43D9-87DC-9F68B74F2CE0}c:\\users\\jason nordeman\\desktop\\new folder (2)\\soulseek\\slsk.exe"= UDP:c:\users\jason nordeman\desktop\new folder (2)\soulseek\slsk.exe:slsk.exe
"UDP Query User{FACFF2AA-A4F9-458E-95D1-F6CD1EE9F7B5}c:\\users\\jason nordeman\\desktop\\new folder (2)\\soulseek\\slsk.exe"= TCP:c:\users\jason nordeman\desktop\new folder (2)\soulseek\slsk.exe:slsk.exe
"TCP Query User{322DAA30-8DA3-4C37-9C85-B5CEF9F40FE8}c:\\users\\jason nordeman\\desktop\\new folder\\soulseek\\slsk.exe"= UDP:c:\users\jason nordeman\desktop\new folder\soulseek\slsk.exe:slsk.exe
"UDP Query User{9F5ED81A-1F16-4F64-AB61-F41C9897B5BD}c:\\users\\jason nordeman\\desktop\\new folder\\soulseek\\slsk.exe"= TCP:c:\users\jason nordeman\desktop\new folder\soulseek\slsk.exe:slsk.exe
"TCP Query User{1751EDD1-3958-4FD3-95BD-A6B80B23B128}c:\\users\\jason nordeman\\desktop\\soulseek\\slsk.exe"= UDP:c:\users\jason nordeman\desktop\soulseek\slsk.exe:slsk.exe
"UDP Query User{6A3D6779-DA09-4D53-8FC9-D81790679962}c:\\users\\jason nordeman\\desktop\\soulseek\\slsk.exe"= TCP:c:\users\jason nordeman\desktop\soulseek\slsk.exe:slsk.exe
"{5612308F-E23E-41A3-8E8F-66EE85702116}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6C62D755-6B0D-433F-BEE3-477E65302824}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{93EA2948-2AC6-4714-B668-CD8E389D7EB7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7FE49F12-FD2C-44D3-B448-A0332C9DCC27}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A31D874D-C774-4C50-9B37-EFEACEDB7126}"= UDP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{53CACE5E-F6F6-43A2-9F4A-8DCE351D4777}"= TCP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{EBADB57F-E90E-40F5-84BD-6C96A9614010}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exeevice Monitor
"{F598B523-83A8-4254-896D-63C7555B199C}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exeevice Monitor
"{4D21C11A-78EA-451E-9EE6-F0972D57AB40}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{EB5045ED-A6F7-4C5F-BC2E-141F40265387}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{04133352-B104-419F-9DAC-EA90F86045E1}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{163E3D9F-747E-4609-862C-86EE434602CF}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/25/2009 7:41 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [6/25/2009 7:41 AM 108552]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
R2 scManager;SafeConnect Network manager ;c:\program files\Impulse\scManager.sys servicestart --> c:\program files\Impulse\scManager.sys servicestart [?]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/25/2009 7:41 AM 298776]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUDIOSRV
*NewlyCreated* - PROFSVC
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.wcupa.edu/exchweb/bi...ange/&reason=0
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 07:30
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-01 7:34
ComboFix-quarantined-files.txt 2009-07-01 11:34
ComboFix2.txt 2009-07-01 01:18
ComboFix3.txt 2009-07-01 01:06
ComboFix4.txt 2009-07-01 00:16
ComboFix5.txt 2009-07-01 11:19

Pre-Run: 11,826,737,152 bytes free
Post-Run: 11,632,582,656 bytes free

197 --- E O F --- 2009-06-30 21:04




Is there a different way of going about this.?
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
01-Jul-2009, 07:47 AM #41
Computer will still not start up in safe mode.

Rosemary
Cookiegal's Avatar
Administrator with 63,623 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
01-Jul-2009, 11:30 AM #42
  • Click Start>Run
  • Copy the lines in the box below, and paste it in the run box that opens:
    Quote:
    regedit /e c:\safeboot.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot"
  • Click “Ok”
  • Double click the My Computer icon, then your C drive
  • In there, you will see a file called safeboot.txt. Double click to open it.
  • Copy and paste the text into a reply to your thread.
__________________
Microsoft MVP - Consumer Security
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
01-Jul-2009, 02:37 PM #43
Ok...here ya go:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInf o]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgm t]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptS vc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLa unch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventL og]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSv c]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlog on]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPl ay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primar y disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSv c]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermou se.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tablet InputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Truste dInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sy s]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasav e.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr .sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr x.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgm t]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9 E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E 965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E 967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E 969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E 96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E 96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E 96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E 977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E 97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E 97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E 980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5 B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1 FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27 CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A1 7A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D4817 9BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE 5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInf o]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgm t]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browse r]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptS vc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLa unch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCac he]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Sv c]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphos t]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventL og]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSv c]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat. sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lanman Server]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lanman Workstation]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHost s]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messen ger]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb 10]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb 20]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Native WifiP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisui o]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIO S]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIO SGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDE Group]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlog on]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netpro fm]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Networ k]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Networ kProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsipro xy.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPl ay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TD I]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Policy Agent]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primar y disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSv c]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpenc dd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsess mgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardS vr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermou se.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Shared Access]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Stream s Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tablet InputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Truste dInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sy s]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasav e.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr .sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr x.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDef end]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgm t]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansv c]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9 E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E 980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5 230-BA8A-11D1-BF5D-0000F805F530}]
@="Smart card readers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5 B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1 FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27 CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A1 7A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D4817 9BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE 5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
Cookiegal's Avatar
Administrator with 63,623 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
01-Jul-2009, 03:31 PM #44
What happens when you try to boot to safe mode?
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
01-Jul-2009, 03:45 PM #45
It gets stuck after I put in the password ...just sits there iwth the windows emblem and the circle going around and around...and a blue box appears in the toolbar like there is a window open, but it is just dark blue and the computer won't go past that point in the booting process.

Rosemary
Closed Thread Bookmark and Share
Page 3 of 6 12 3 456

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 07:29 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.