# Keyboard/Mouse Dead In Safe Mode.



## needafix (Mar 23, 2005)

When it is time to enter the password when attempting to start WinXP Pro SP3 in safe mode the keyboard and mouse are non functional.

Anyone know why would that be?


----------



## zabusant (Sep 6, 2007)

Hi!

Do you have USB support turned on in BIOS?


----------



## needafix (Mar 23, 2005)

There is nothing listed in the BIOS about USB support. 

The only two listing for USB are USB emulation and USB controller and both are turned on.

I can't even get safe mode option to appear anymore with the F1, F8, F12, Del or any other.

The last time I saw the safe mode option was after I pulled the plug on this thing after it ran out of RAM and seized up.

Even then safe mode wouldn't work because cutting the power corrupted the master boot record and I had to get the disk out and FIXMBR so I don't want to have to do that again to get the safe mode option. It wouldn't work that way anyway since safe mode still needs the MBR.

I need the safe mode to run some bug hunting software.


----------



## needafix (Mar 23, 2005)

Close as I can get is F12 and none of these go to safe mode:

1. Normal
2. Hard-Disk Drive C:
3. IDE CD-ROM Device
4. System Setup
5. IDE Drive Diagnostiocs
6. Boot To Utility Partition


----------



## zabusant (Sep 6, 2007)

Well, what was the original problem anyway?

Are the lights getting switched on on the keyboard?


----------



## needafix (Mar 23, 2005)

zabusant said:


> Well, what was the original problem anyway?
> 
> Are the lights getting switched on on the keyboard?


The original problem is stated in the first post:

"When it is time to enter the password when attempting to start WinXP Pro SP3 in safe mode the keyboard and mouse are non functional."

Now I see that even the safe mode option never appears.

The lights always blink on the keyboard but not when I try to go to any mode other than normal Windows.

I'm assuming the mouse and keyboard drivers are not loading as I'm attempting to go into safe mode is the cause of this, now, the safe mode option has disappeared.

So the problem has actually changed since the first post.

Now I need to get the safe mode option to appear then find out why the mouse and keyboard drivers aren't loading.

Both the mouse and keyboard are PS/2 plugs.


----------



## Rich-M (May 3, 2006)

OK time to tell us the hardware. There is no way to fix any hardware that would be safe without knowing the hardware.

We need specific information to help answer your question so would you please repost this with appropriate answers to the questions that pertain to your problem, so we can better help you fix your problem quickly.

Computer: Brand Name & Model #

Age of system and relevant components if different :

CPU: Brand, speed

Ram: Type, amount, speed

Operating system: Windows 98, 98SE, ME, XP Home, XP Pro, Vista or Other

Do you run Anti-Virus software: Brand Name, version #, is it up to date?

For Video or Graphic problems:

Video Card: Brand Name, type, speed, Chipset, driver version and date

Video settings: resolution, advanced settings

For Internet problems:

Modem: Brand name and date of driver

Type connection: dial-up, cable, sat/DSL, other

Browser: IE, Netscape, Firefox, Sea Monkey and version #

For Network problems:

LAN or ethernet card(s) or adapters: Brand, # of cards

Router: Brand name, type

# machines on network

Network settings and IP configuration


Please state your specific problem and when it started

Did you change anything, install any hardware or software before the problem started?

List any recently installed software

List software running in background ie: anti-virus program, mail programs, backup software.
(Run,msconfig,ok,startup) and what is checked

Any power disruption or incomplete shutdowns

Failed Scandisk/chkdsk or defrag attempts

Use of any &#8220;tune-up&#8221; utilities, registry utilities, system diagnostics, other third party utility software

Recent downloaded software


This information may be of critical importance in locating and correcting the source of your problem. Please note any additional information or detail about the problem that may be of value in our assessment of the problem.


Thank you.


----------



## needafix (Mar 23, 2005)

Rich-M said:


> OK time to tell us the hardware. There is no way to fix any hardware that would be safe without knowing the hardware.


"When it is time to enter the password when attempting to start WinXP Pro SP3 in safe mode the keyboard and mouse are non functional."

"I can't even get the safe mode option to appear anymore"

Dell OptiPlex GX260
Intel Pentium 4, 2000 MHz (20 x 100)
A.K.A. Northwood, A80532

WIN XP PRO SP3

Up to date Norton Internet Security 2009 (with an unresolvable 3039,1 error ((symantec has no solution))) which was the reason I wanted to run some bug hunters in safe mode to see if that may be causing that error.

Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

PS/2 Compatible Mouse


----------



## Rich-M (May 3, 2006)

My solution would be to uninstall NIS using the Symantec Removal tool which your pc will kiss you for, and see if the same problem exists....
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039


----------



## needafix (Mar 23, 2005)

I've been the fix route with the 3039,1 error, nothing works.

I've read all they have over there on their forum and many others. All that accomplishes is that during the course of trying to resolve it I found something wrong with NIS that they subsequently fixed or updated and that just makes me their free diagnostic employee and I don't like that.

I don't believe NIS is causing this:

"When it is time to enter the password when attempting to start WinXP Pro SP3 in safe mode the keyboard and mouse are non functional."

"I can't even get the safe mode option to appear anymore"


----------



## Rich-M (May 3, 2006)

> I don't believe NIS is causing this:


Fine want to buy a business?
I have had 3 client systems that would not boot to safe mode with NIS installed, but you know better I am sure!


----------



## perfume (Sep 13, 2008)

Dear needafix,
Is it an "isolated" inability to boot into safe mode?Are you able to boot in Normal mode? If so, what is happening to the mouse and keyboard functions? As you know, what's displaying in devise manager? Kindly view this link :http://www.eggheadcafe.com/software/aspnet/34179065/isolated-inability-to-boo.aspx


----------



## zabusant (Sep 6, 2007)

needafix said:


> I've been the fix route with the 3039,1 error, nothing works.





> I don't believe NIS is causing this:


It's hard to help if we only keep getting little pieces of information regarding your problems. Instead of trying to treat the symptoms, we should be focusing on figuring out the cause and fixing that. It's quite clear that you should at least consider NIS to be that cause.

And if you ask for advice, don't dismiss a perfectly valid idea just because you don't think it will work. After all, you are here searching for a solution you would not have tried or not have thought of on your own, right?


----------



## needafix (Mar 23, 2005)

I removed NIS 2009 and the safe mode option still doesn't appear.

I'm going to scan with a bunch of programs and then post the logs in Security & Malware Removal or I can keep it in this thread, whichever is convenient.


----------



## Rich-M (May 3, 2006)

You can keep them here then we can use "report" function to get a Malware Pro to read it for malware while we look at the rest of it.


----------



## needafix (Mar 23, 2005)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:45 PM, on 7/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe (this is the nview desktop manager using this)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

(I INSERTED THE ABOUT:BLANK ON PURPOSE, I KEEP IE LIKE THAT)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


----------



## needafix (Mar 23, 2005)

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++}
"Flags" = dword:0x00000080

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "Internet Explorer Version Update"
\StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{7850a720-705f-11d0-a9eb-0080488625e5}" = "BestCrypt Shell Extension"
-> {HKLM...CLSID} = "BestCrypt Shell Extension"
\InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
BCShellMenu\(Default) = "{7850a720-705f-11d0-a9eb-0080488625e5}"
-> {HKLM...CLSID} = "BestCrypt Shell Extension"
\InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."]
LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}"
-> {HKLM...CLSID} = "Lavasoft Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [file not found]
Notepad++\(Default) = "{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}"
-> {HKLM...CLSID} = "Notepad++"
\InProcServer32\(Default) = "C:\Program Files\Notepad++\nppcm.dll" ["Burgaud.com"]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {HKLM...CLSID} = "PowerArchiver Shell Extensions"
\InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["eFront Media, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
BCShellMenu\(Default) = "{7850a720-705f-11d0-a9eb-0080488625e5}"
-> {HKLM...CLSID} = "BestCrypt Shell Extension"
\InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."]
LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}"
-> {HKLM...CLSID} = "Lavasoft Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [file not found]
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {HKLM...CLSID} = "PowerArchiver Shell Extensions"
\InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["eFront Media, Inc."]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

"DisableCMD" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Lexmark Network Port\Driver = "LEXLMPM.DLL" [file not found]

---------- (launch time: 2009-07-10 17:18:20)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 8 seconds.
---------- (total run time: 59 seconds)


----------



## needafix (Mar 23, 2005)

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/07/10 16:16
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE9AF000	Size: 98304	File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8C16000	Size: 8192	File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA019000	Size: 45056	File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!


----------



## needafix (Mar 23, 2005)

Malwarebytes' Anti-Malware 1.38
Database version: 2405
Windows 5.1.2600 Service Pack 3

7/10/2009 5:46:23 PM
mbam-log-2009-07-10 (17-46-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 117500
Time elapsed: 20 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## needafix (Mar 23, 2005)

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-10 20:44:07
Windows 5.1.2600 Service Pack 3

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

(I HAVE CHANGED A LOT OF SERVICES SO PART OF THIS MIGHT BE DUE TO ME)

Service C:\WINDOWS\System32\alg.exe? (*** hidden *** ) [DISABLED] ALG <-- ROOTKIT !!!
Service C:\WINDOWS\system32\cisvc.exe? (*** hidden *** ) [MANUAL] cisvc <-- ROOTKIT !!!
Service C:\WINDOWS\system32\clipsrv.exe? (*** hidden *** ) [AUTO] ClipSrv <-- ROOTKIT !!!
Service C:\WINDOWS\system32\imapi.exe? (*** hidden *** ) [MANUAL] ImapiService <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] PolicyAgent <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] ProtectedStorage <-- ROOTKIT !!!
Service C:\WINDOWS\system32\spoolsv.exe? (*** hidden *** ) [AUTO] Spooler <-- ROOTKIT !!!
Service C:\WINDOWS\System32\ups.exe? (*** hidden *** ) [MANUAL] UPS <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]  yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1

---- EOF - GMER 1.0.15 ----


----------



## needafix (Mar 23, 2005)

perfume said:


> Dear needafix,
> Is it an "isolated" inability to boot into safe mode?Are you able to boot in Normal mode? If so, what is happening to the mouse and keyboard functions? As you know, what's displaying in devise manager? Kindly view this link :http://www.eggheadcafe.com/software/aspnet/34179065/isolated-inability-to-boo.aspx


It boots normally, the keyboard and mouse works.


----------



## perfume (Sep 13, 2008)

Dear needafix,
Did you view and try the fix suggested in the link i provided?:up:


----------



## needafix (Mar 23, 2005)

perfume said:


> Dear needafix,
> Did you view and try the fix suggested in the link i provided?:up:


I have 2 boot.ini's:

C:\boot.ini
C:\WINDOWS\pss\boot.ini.backup

they have the same content:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

I have not edited either one.


----------



## perfume (Sep 13, 2008)

Dear needafix,
I think we've hit payload! Microsoft had to address this problem after complaints that the Mouse and Keyboard were not functioning in safe mode ,but were working normally in normal mode! This ,MS attributes to a missing or corrupted registry key/s. View this link :http://support.microsoft.com/default.aspx?scid=kb;en-us;258795&Product=win2000


----------



## needafix (Mar 23, 2005)

perfume said:


> Dear needafix,
> I think we've hit payload! Microsoft had to address this problem after complaints that the Mouse and Keyboard were not functioning in safe mode ,but were working normally in normal mode! This ,MS attributes to a missing or corrupted registry key/s. View this link :http://support.microsoft.com/default.aspx?scid=kb;en-us;258795&Product=win2000


Neither of those two sub-keys have any info listed under them.

I don't have access to another comp (I have a WinMe box) to copy this data but, over the past month several programs have backed up the registry before cleaning so I searched for

*.reg

Containing text:
{4D36E96B-E325-11CE-BFC1-08002BE10318}
and
{4D36E96F-E325-11CE-BFC1-08002BE10318}

Rendered some interesting results.

One was made by PCPitstop which is the entire registry at 42,442KB. That's a bit extreme for fixing this though but will if I have no choice though that could overwrite something and create more problems.

More interesting is:

Restore_SafeBoot_Windows2000.reg
Restore_SafeBoot_WindowsXP.reg
Restore_SafeBoot_WindowsXP_SP2.reg
Restore_SafeBoot_WindowsXP_SP3.reg

...that came packed with SDFix by Andy Manchesta.

It was SDFix that was one of the bug hunting programs that I wanted to run in safe mode and then found out that I don't ever see any safe mode option listed on the black screen with white letters. Once I did, when I pulled the plug on this thing but not since then. It was then that I found out that the mouse and keyboard didn't function.

Since then, no safe mode option has ever appeared.

So I used the Restore_SafeBoot_WindowsXP_SP3.reg but still nothing has changed.

So I tried to reboot to see if the safe mode option appears. It doesn't, but...

1. If I use the F8 key Windows continues to boot normally but at the log in screen the mouse and keyboard don't work. I had to use the power button and reboot twice to get the mouse and keyboard back at normal boot.

2. At boot up there is a black screen with white letters that says F1 (might be F2) is "Setup" and that F12 is "Boot Menu."

"Boot Menu" appears but there is no safe mode option listed. So I select #1, normal, then again at the log in screen the mouse and keyboard don't function so it's back to the power button.

So F1 (maybe F2, I forget) faithfully goes to the BIOS but F8 and F12 throw a rod.

So trying to get the keyboard and mouse to work in safe mode is me getting the cart before the horse without first finding out why or fixing the fact that no safe mode option appears.

So that should be first or I'm attempting to fix something I can't test or use anyhow.

If I see the safe mode option after pulling the power cord but I don't see it on the "Boot Menu" at the F12 that has the illusion that there are 2 BIOS'.


----------



## needafix (Mar 23, 2005)

I see there is a way to force feed it over here:

http://forums.techguy.org/t402355.html

Post #5

"*Actually, if you go to msconfig ( click Start, Run, and then type in msconfig and hit Enter) the system configuration utility box comes up.
You should see several tabs across the top. One of them, when selected, has, in the middle of the page, a box you can check that says "Safe Boot". . check that box, and then click Apply and Ok and it will prompt you to restart the computer. .
do this, and then it will boot up in Safe Mode.*"

Keyboard and mouse work fine under this circumstance.

That let me run SDFix.


----------



## perfume (Sep 13, 2008)

Dear needafix,
This is a challenge for us both! My help and prayers are with you! Prayers WORK! Gotta go to attend classes! will get back ASAP! Best wishes!:up:


----------



## perfume (Sep 13, 2008)

Dear needafix,
Should have asked you in the beginning! Were you getting any error message when you were trying to enter safe mode? If i have missed it,pardon me!


----------



## needafix (Mar 23, 2005)

No, I have not seen one single error message in all this.


----------



## perfume (Sep 13, 2008)

Dear needafix,
Please try this method and see how it goes! :http://www.eggheadcafe.com/conversation.aspx?messageid=34179073&threadid=34179065


----------



## Phantom010 (Mar 9, 2009)

needafix said:


> I see there is a way to force feed it over here:
> 
> http://forums.techguy.org/t402355.html
> 
> ...


You should never run SDFix without proper supervision. It's a powerful tool that can render your computer inoperable. Besides, the software hasn't been updated in a couple of years! Really not recommended.

Can you please post your complete HijackThis log?

Other thing. You say you can get into Safe Mode using msconfig. So, the only problem remaining is that you can't see the Safe Mode option when rebooting and using the F8 key? Is that it?


----------



## Phantom010 (Mar 9, 2009)

Here's the only thing I've found to recover your boot options at Startup. You have a rare issue! Hope it helps.


----------



## needafix (Mar 23, 2005)

Phantom010 said:


> You should never run SDFix without proper supervision. It's a powerful tool that can render your computer inoperable. Besides, the software hasn't been updated in a couple of years! Really not recommended.
> 
> Can you please post your complete HijackThis log?
> 
> Other thing. You say you can get into Safe Mode using msconfig. So, the only problem remaining is that you can't see the Safe Mode option when rebooting and using the F8 key? Is that it?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:55 AM, on 7/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\myNetWatchman\NWClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [myNetWatchman] C:\Program Files\myNetWatchman\NWClient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2441 bytes
*******************************************************

SDFix only made a log, it didn't attempt to fix anything. You wanna look at it?

No one has said anything about the other logs.

"Other thing. You say you can get into Safe Mode using msconfig. So, the only problem remaining is that you can't see the Safe Mode option when rebooting and using the F8 key? Is that it?"

Absolutely.

I have not tried editing the boot.ini because mine is different than his.

Here's mine:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

He has dual partitions, I have 1 and he has no "NoExecute=OptIn"


----------



## Phantom010 (Mar 9, 2009)

> I have not tried editing the boot.ini because mine is different than his.
> 
> Here's mine:
> 
> ...


I would try it anyway. It was only an example. Do it for one partition and perhaps add "NoExecute=OptIn".

Maybe worth a shot because I have never heard of your problem before. Finding a fix for this problem is not easy.


----------



## needafix (Mar 23, 2005)

Phantom010 said:


> I would try it anyway. It was only an example. Do it for one partition and perhaps add "NoExecute=OptIn".
> 
> Maybe worth a shot because I have never heard of your problem before. Finding a fix for this problem is not easy.


You say to add NoExecute=OptIn when I already have it.

If I don't know of a way of properly editing this .ini I have no way of knowing that it won't cause more problems because I have never had any need to edit any boot.ini on my or anyone else's computer.


----------



## Phantom010 (Mar 9, 2009)

Simply don't add the NoExecute=OptIn since you already have it. The author is not showing this fix for dual partitions exclusively. Change the 2 for a 1.

As you may have noticed in the example, the author didn't include *fastdetect *either in his fix. So, IMO, not including *NoExecute=OptIn *will also work.

I would run the fix as it is after changing the 2 for a 1.


----------



## perfume (Sep 13, 2008)

Dear *phantom010*,
Thanks for your helping hand! I was searching Microsoft articles for a fix,but to no avail. Other help sites too turned up glitch! Hope *needafix finds a solution, but for me it was an exercise in learning trying to tackle such rare probs.

Best wishes,dear needafix!:up:
*


----------

