Tech Problem Aggregator

Can't run hijack this, malwarebytes, or spybot even in safe mode

Q: Can't run hijack this, malwarebytes, or spybot even in safe mode

I have removed over 90 infections from my sisters' computer, using malwarebytes, superanitspyware, spybot search & destroy, and avg. I can only run them in safe mode due to the computer freezing up about 3 minutes after it loads the desktop. Now malwarebytes has found 2 more infections but freezes the computer at just over 12 min everytime. Spybot also freezes during the scan, and superantisyware and AVG come up clean.I tried to run Hijack this, and it freezes the computer during the scan. the computers has the useless Windows live one care is also installed, but it won't let me remove it unless I am in the nonfunctioning normal mode. I am running windows vista 32bit, on a sony vaio.After 2 days of searching for an answer on my own, I am now asking for help. What can I do now?I tried to list everything, please let me know if you need more informationEdit: Moved topic from Vista to the more appropriate forum. ~ Animal

More replies
Answer Match 91.56%

Google redirecting to other websites, Malwarebytes and spybot not opening unless I am in safe mode. I have used Malwarebytes in safe mode and removed several infected files, I have also used super antispyware which removed several more infected items. After doing all of this the issue still persists where google is redirecting me to other websites, malwarebytes isnt able to load or update. Thank you for any help that you can give me!!DDS (Ver_10-03-17.01) - NTFSx86 Run by Ashley at 2:09:35.99 on Sun 07/11/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1872 [GMT -4:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32 ... Read more

A:Google redirecting to other websites, Malwarebytes and spybot not opening unless I am in safe mode

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

14 more replies
Answer Match 69.72%

ok, guys. I know I am not the one who should tell it to you as the are lots of people more knowledgeable then me.

But I have seen this happening here and many other security forums (and not just once ) and I was doing the same in the past, so just to inform you.

Many of us while helping user who is infected or suspected to be infected recommend them to use our trusty Malwarebytes Anti Malware but at the same time most of us recommend to use it in safe mode.
Theoretically it is great, as safe mode loads only basic drivers and applications so there will be less things (or even malware) to interact with MBAM scan.

But no, it's not recommended to run Malwarebytes in safe mode unless normal mode fails.

Just take a look at those thread, they are from official Malwarebytes forum and aswered by their staff.
And all of them against running Malwarebytes in safe mode unless normal mode fails:
Running MBAM in Safe Mode - Malwarebytes Forum
Should i run MalwareBytes in normal or in safe mode? - Malwarebytes Forum
Should I run Malwarebytes in Safe mode? - Malwarebytes Forum
Safe Mode vs Normal Mode - Malwarebytes Forum
SAFE MODE - Malwarebytes Forum
`Safe Mode` or `Normal Mode` - Malwarebytes Forum

Some quotes:







  
Quote: Originally Posted by nosirrah


MBAM works from safemore but it is not designed to work that way .

MBAM will work better from regular mode both in terms of what it detects and what it can re... Read more

A:Malwarebytes and Safe mode

I have used MB in safe mode (with networking) many times. It's recommended on "bleeping" I know that.

Nice links, but it's always worked fine for me. It's depends on what you're infected with I suppose.

9 more replies
Answer Match 68.88%

I got a virus and couldn?t connect to the web, so I scanned with AVG, Spybot, and ComboFix in safe mode, removed some stuff and was able to get back online. However, right after I got back online, later that day, I scanned again and Spybot and AVG picked up lots of browser entries that spybot defines as spyware that can steal your passwords and sensitive information.

What should I do?

A:Tried AVG, Spybot and ComboFix in Safe Mode

I ran the scans another few times, but every time I go online I get the cookies back. Today I scanned again with AVG and Spybot, there were like 20-30 entries like the one in the photo, fixed them, went online again for a short while, scanned again and again they're back. It seems to me that there some malware on my system installing cookies everytime I go online.

3 more replies
Answer Match 68.88%

I got a virus and couldn’t connect to the web, so I scanned with AVG, Spybot, and ComboFix in safe mode, removed some stuff and was able to get back online. However, right after I got back online, later that day, I scanned again and Spybot and AVG picked up lots of browser entries that spybot defines as spyware that can steal your passwords and sensitive information.

I ran the scans another few times, but every time I go online I get the cookies back. Today I scanned again with AVG and Spybot, there were like 20-30 entries like the one in the photo, fixed them, went online again for a short while, scanned again and again they're back. It seems to me that there some malware on my system installing cookies everytime I go online.

What should I do?
 

A:Tried AVG, Spybot and ComboFix in Safe Mode

Does anyone have any Ideas?
 

2 more replies
Answer Match 68.46%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:13 PM, on 11/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HTC\HTC Sync\Applicatio... Read more

A:I've tried Spybot, malwarebytes, super anti-spyware, and much more, still infected!!. Check my Hijack This log?

Hi,Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.NEXTPlease download GetPartitions from the link bellow. You must right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktopgetpartitions.batDouble click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").It will produce a log on your C:\ drive C:\DiskReport.txt please navigate to that file and post the contents of the log in your next reply

more replies
Answer Match 68.46%

I know that after you run either one of them in normal mode, if they find Malware that is in use/or in memory, they prompt you to reboot to complete the removal process.So, is it necessary to run them in safe mode?Edit: Moved topic from All Other Applications to the more appropriate forum. ~ Animal

A:Should Super Antispyware and/or Malwarebytes be run in safe mode?

A lot of times, if I know a system is really infected (instinct) I run a scan in safe mode first and then follow it up with a scan in normal mode.

But in answer to your question, it isnt really necessary

5 more replies
Answer Match 68.46%

I noticed b.exe some time ago would give me these random pop ups with audio. I would just sendthe process putting off a malwarebytes run until I "had time". Finally a few days ago, my entire computer shut down. Program by program. I have not been able to boot into Normal mode since. When I try, I get the black screen. I can boot into safe mode but not with networking as I cannot connect online. I am using another computer to download the things I need to a zip drive and implementing them to the affected computer.

I am a graphic designer and I absolutely must get rid of this virus as it is tremendously slowing down my productivity.

I have read a lot of posts but as instructed by the help forum, I didn't want to take any of the advice given to a specific person.

I have run the dds and have my two logs. I couldn't however run the gmer, it is just unresponsive on my computer as is the ability to run malwarebytes or anything that appears to try to fix the problem.

ANY help is greatly appreciated.

A:Malware (b.exe)- Can't Run Malwarebytes - Can only boot in Safe Mode

hi and welcome to TSF your first stop should be our security forum where a trained analyst can take you through the removal of your virus http://www.techsupportforum.com/f50/...lp-305963.html

4 more replies
Answer Match 68.46%

I know that after you run either one of them in normal mode, if they find Malware that is in use/or in memory, they prompt you to reboot to complete the removal process.
So, is it necessary to run them in safe mode?
 

A:Should Super Antispyware and/or Malwarebytes be run in safe mode?

No, as most files that are in use can not be deleted, the deletion of some AV found files are deleted doing the startup or the shutdown before or after the said file is no longer in use.

Being in the safe mode MAY not stop the infected files from being in use.
 

2 more replies
Answer Match 68.46%

Please help with my malware/virus problem. I have Microsoft Windows xp Pro version 2002 service pack 2 AMD Athlon 64 processor 512 mb of RAM. I was running as resident Antivirus either Avast or Avira. Somehow I picked up an infection unknown to me. It flagged me that I had a virus. After several clicks it rebooted and I could no longer use my antivirus program. I tried to use Avira, AVG, AVAST, MCaffee, and Spybot S&D. It would either not install because of "insufficient user rights" or it would install but would either not run, or run then immediately close, and then it could not be found. I tried Malwarebytes, and Hijackthis. Downloaded it, renamed as "explorer", ran it but would also not run or immediately close. Not enough user rights to run F-secure and housecall. I removed programs adobe/acrobat readers and all java that I could remove. Attached are some old logs that i found. Have not tried to restore from a point. I have should have superuser admin rights on the computer but I can't seem to get it to work. All these things I tried in Safe Mode with network. Task Manager is no longer available in CTrl/alt/del.

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

Thanks in advance

Ka1bigan

AVG 8.5 Anti-Virus command line scanner
Copyright ? 1992 - 2009 AVG Technologies
Program version 8.0.401, engine 8.0.408
Virus Database: Version 270.13.75/2340 20... Read more

A:can't launch malwarebytes and HJT from safe mode even after rename

I'm not sure if I posted in the correct forum or my topic title from before was improper. I posted Sept 8 and no replies so far. I'm itching to try DDS, RSIT, System repair engineer, and rootrepeal. So I'm not sure if where I posted was wrong, my topic title is unclear, or my details of my problems or posting of my logs is lacking or outdated that's why I haven't gotten a response yet. Am I doing something wrong? Any tips on anything would be appreciated. - mark
Sept 8 post of

Topic Title can't launch malwarebytes and HJT from safe mode even after rename

Please help with my malware/virus problem. I have Microsoft Windows xp Pro version 2002 service pack 2 AMD Athlon 64 processor 512 mb of RAM. I was running as resident Antivirus either Avast or Avira. Somehow I picked up an infection unknown to me. It flagged me that I had a virus. After several clicks it rebooted and I could no longer use my antivirus program. I tried to use Avira, AVG, AVAST, MCaffee, and Spybot S&D. It would either not install because of "insufficient user rights" or it would install but would either not run, or run then immediately close, and then it could not be found. I tried Malwarebytes, and Hijackthis. Downloaded it, renamed as "explorer", ran it but would also not run or immediately close. Not enough user rights to run F-secure and housecall. I removed programs adobe/acrobat readers and all java that I could remove. Attached are some old logs that i found. Have n... Read more

8 more replies
Answer Match 68.46%

My computer is acting infected. I cannot get Malwarebytes to run in Safe Mode. I keep geeting an error when I attempt to run it in Safe Mode which says something about getting a different version. 

A:Malwarebytes will not run in Safe Mode on my Windows 7 machine

Can you run it in Normal? If so do that first and post the log it creates.Next do these.....Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwClean... Read more

9 more replies
Answer Match 68.46%

Hello,

I am unable to remove a stubborn rootkit problem from my computer. Even in safe mode, I am unable to run any antivirus program or Malwarebytes.

I checked Non Plug and Play drivers, but did not see anything suspicious except "Catchme".

Any help would be appreciated. The logs are below and attached.

Thank you,
Shootmenow

DDS (Ver_09-12-01.01) - NTFSx86 MINIMAL
Run by Administrator at 9:40:45.03 on Thu 12/31/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1976.1721 [GMT -6:00]
============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\system32\svchost.exe -k netsvcs
D:\WINDOWS\Explorer.EXE
D:\Documents and Settings\Administrator.NLM-DUSTINB\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\progra... Read more

A:Cannot run Malwarebytes or any antivirus software even in Safe Mode

I tried running ComboFix a couple of times. During the Completed_Stage_2, I get the following error:PEV.cfxxe has encountered a problem and needs to close.After hitting close, ComboFix continues to run and spits out this log:ComboFix 09-12-29.06 - Administrator 12/31/2009 15:01:51.6.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1976.1468 [GMT -6:00]Running from: G:\ComboFix.exe.((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 ))))))))))))))))))))))))))))))).No new files created in this timespan.(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((( SnapShot@2009-12-30_17.51.21 )))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"FingerPrintSoftware"="d:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"TPHOTKEY"="d:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]"LPManager"="d:\progra~1\THINKV~1\... Read more

3 more replies
Answer Match 68.04%

I try to run either Spybot or Norton and they can't seem to be found, even though I know I have them installed. I also try to boot up in safe mode and it just reboots. I am able to boot up normally after clicking on start with last known good configuration. Here is the Hijackthis log.Logfile of HijackThis v1.99.1Scan saved at 12:51:43 PM, on 8/25/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Digital Media Reader\shwiconem.exeC:\Program Files\Lexmark X1100 Series\lxbkbmgr.exeC:\Program Files\Lexmark X1100 Series\lxbkbmon.exeC:\Program Files\PopUp Killer\PopUpKiller.EXEC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Soulseek\slsk.exeC:\Program Files\eMule\eMule.exeC:\Program Files\Internet Explorer\iexplore.exeC... Read more

A:Can't Open Spybot Or Norton, And Can't Run Safe Mode

Hello Chris,I try to run either Spybot or Norton and they can't seem to be found, even though I know I have them installed. I also try to boot up in safe mode and it just reboots.Try uninstalling Spybot and reinstalling it. **********************Let's look in a different place for signs. Open HijackThisGo to 'config'Go to 'misc tools'Press the button 'open uninstall manager'Press 'save list'A notepad file will open. Post the content here in your reply.Close HijackThis. **********************From your log, I can see that Symantec Shared\Security Center is missing a file and that is probably the reason it will not run. I recommend you uninstall Norton and reinstall it. Here's a link to Norton's own removal tool, which they developed in response to complaints that the program did not uninstall completely. It contains instructions and a download link: http://service1.symantec.com/SUPPORT/tsgen...005033108162039 After you run the tool, please confirm that the quarantine files are gone by navigating to C:\Program Files\ and checking to see if the folder Norton AntiVirus exists there. If it does, delete it. Let me know what you find and whether you manage to get rid of it.

2 more replies
Answer Match 68.04%

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-08 20:50:17
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.3807.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Devin\AppData\Roaming\Mozilla\Firefox\Profiles\bn5vvdqj.default\coo... Read more

More replies
Answer Match 68.04%

I think I may have something but I'm not sure what it could be. I try to run either Spybot or Norton and they can't seem to be found, even though I know I have them installed. I also try to boot up in safe mode and it just reboots. I am able to boot up normally after clicking on start with last known good configuration. Can someone help? Thank you.

A:Can't Open Spybot Or Norton, And Can't Run Safe Mode, Can Someone Help?

Let's see what Bit Defender can find. Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html

13 more replies
Answer Match 68.04%

Dear members,

I checked and found that this issue has once been discussed here. Unfortunately the solution that was provided there didnt work for me. Hence this new post.

I am working on Win XP SP 2. For the last two days I observed that I could not update the AVG antivirus, the Spybot programme wouldnt start and all the technical forum websites were blocked. Normal websies like google etc are still working fine. What more even the computer wont start off in Safe Mode. I tried to install the SDfix software but failed as the system did not allow me to access and download the file. So i downloaded it on another PC and transferrred it here. But then when I tried to log on in Safe mode for running the software, te system did not log in and kept logging in as a normal mode start up.

I tried to access the anti-malaware sites but the system did not allow me to reach there.

THe last option that I have within my knowledge is to format the drive. But I would request all the others members to kindly share their knowledge in case something can be done to repair the system without formatting the same.

Kind regards.

Suvarghya Dutta

A:Spybot, AVG, safe mode wont work.

Have you tried Malwarebytes?----------------------------Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to s... Read more

2 more replies
Answer Match 67.62%

Quick question for you all:I am in the process of killing antimalware today. The computer I am fixing would blue screen when I tried safe mode, but I finally got there. Unfortunately it is safe mode without networking.Will I get antimalware out with malwarebytes WITHOUT an update?I hate to reboot or do anything, it is so nice to work on it without all the popups and crap!The registry keys are exactly as described in the guide posted yesterday.link to your guideEDIT:I tried installing malwarebytes, it won't run after install, in safe mode.EDIT 2: something deleted mbabm.exe during the install process. No problem, I installed on another computer and moved it on over.

A:quick question antimalware, malwarebytes and safe mode

Try running this application and then run mbamPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again======================When you cannot update mbam download the definition updates from another computer, save them to a flash (usb, pen, thumb, jump) drive or CD and transfer to the infected machine. Then just double-click on mbam-rules.exe to install the update. If you cannot transfer or install from the infected machine, try installing the file directly from the flash drive to your machine.alternate rules.ref download link 1alternate rules.ref download link 2Mbam-rules.exe is not updated daily. Another way to get the most current database definitions is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system.XP: C:\... Read more

2 more replies
Answer Match 67.62%

Hey guys I've been playing ms private servers for a pong time now and on one of my routine malwarebytes scans I suddenly got about 9 or 10 hits and after the scan was done mbam needed me to reboot to kill the last 3 and now I get a blue screen no matter what way I boot up whether it's in safe mode regular or any other way. I get a "stop: 0x00000024 (0x001902 FE; 0xF78c2484, 0xF78c2180, 0x8A71E889)" as the tech info on the blue screen page I have the ability to do a clean sweep but I was wondering if there was any way to get around having to do that oh and I don't have a floppy drive so I can't use bot discs

A:Malwarebytes needed me to reboot and now I can't even start in safe mode

STOP 24 errors are bad, see 24, left side, http://www.aumha.org/a/stop.htm.At the least, it'a a corrupt file which is the problem...at the worst your NTFS file system may be severely damaged, rendering it useless (which renders your XP useless).I suggest trying to run the chkdsk /r command, as suggested. You will run it from the XP Recovery Console.How to Create a Bootable XP Recovery Console CD - http://www.bleepingcomputer.com/forums/t/276527/how-to-create-a-bootable-xp-recovery-console-cd/ How to use CHKDSK in the XP Recovery Console - http://pirules3.14.googlepages.com/recovery_console_chkdsk Louis

1 more replies
Answer Match 67.62%

Running XP, SP3. Have run avast antivirus in both regular and doot scan with no results. Tried to run MalwareBytes but it hangs when trying to update definitions.
 
When I reboot and select Safe Mode it hangs while loading files.
 
Can't find files like Syetem Restore or msconfig.
 
Ran Unhide with following results:
 
Unhide by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
  http://www.bleepingcomputer.com/forums/topic405109.html
Program started at: 11/23/2013 02:45:10 PM
Windows Version: Windows XP
Please be patient while your files are made visible again.
Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.
Processing the C:\ drive
Finished processing the C:\ drive. 186756 files processed.
Processing the E:\ drive
Finished processing the E:\ drive. 1234 files processed.
The C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html
Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\polic... Read more

A:Can't get to Safe Mode, System Restore msconfig or Malwarebytes

Hello John, please try this, it will create a shortcut to your system restore.
 
Right-click the desktop
Choose New-Shortcut
For the location of the item, enter:%SYSTEMROOT%\System32\restore\rstrui.exe
Click “Next”
Enter a name for the shortcut
Click “Finish” 
After that try to restore your PC. I hope this will help. Give us updates.

5 more replies
Answer Match 67.2%

So I am having a huge problem with some sort of virus where I can't install Hiijackthis or Run spybot S&D or install AVG. When I try to boot into safe mode it works for 20 secs then I get a Blue screen of death! I can still boot normally and access the internet but I cant access google or any search engine. I am running Windows Vista. Please help anyone?!

JeanMC
 

A:HELP!! cannot install HiijackThis or Spybot S&D or boot into safe mode!!

Bump please help
 

1 more replies
Answer Match 67.2%

Hi guys. Another n00b with a problem, regretfully.I have a problem with Google & Yahoo being hijacked in Firefox, which is starting to get on my nerves. If I wanted to visit dodgy casino websites, I wouldn't be Googling for vacation ideas!I have tried running AVG, Malwarebytes, Spybot & even gave AdAware a shot, but this has failed to fix the problem. I have tried to update my software for new detection rules & also to check for the updates for Vista & Windows Defender, but something seems to be be blocking these programs from updating. Either they fail to connect to the net (or site), or programs will indicate there are updates & then say they cannot install.I have given up with Firefox for the time being & have have used IE to find your site through Google. So far, the problem doesn't seem to be as bad, only redirecting me or opening an unrelated pop-up for valid links about one time in five, as oppossed to virtually every time in Firefox. I have also been booted out of of IE when trying to access information on AVG's website.Prior to this problem appearing, I had a bit of trouble with my computer blue-screening a few times on start-up: switch on - loads normally - blue screen a few seconds after login screen appears - reboot - shows start mode option screen (I left it on start normally) - blue screen as above (lather, rinse, repeat). Usually after three blue screens or so, it would start working normally. Damn thing!This problem ... Read more

A:Search engine hijack issues, unable to update Windows, AVG, Malwarebytes, Spybot or AdAware.

Let's start with a malwarebytes log: Please update then rerun Malwarebytes following these instructions: The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into saf... Read more

3 more replies
Answer Match 66.78%

This Windows XP computer shuts down when running Malwarebytes in Safe Mode. This is my problem, this is my concern.A brief history:A few weeks back I mounted an old HD from back around 2003, on it a lil something nasty was laying in wait.---4/14/2012 1:08:29 AMmbam-log-2012-04-14 (01-08-29).txtFiles Detected: 2C:\Documents and Settings\mgk\Desktop\utility\CS3 Master\KG\Keygen.EXE(Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\mgk\x.exe (Trojan.KillAV) -> Quarantined anddeleted successfully.---Which put me in the habit of booting up in Safe Mode every so often and running Malwarebytes. All had been well ever since.Then, on 4.25.12 I happened to be at the computer when Microsoft Security Essentials was running it's daily scheduled full scan, caught it alerting me to:---Exploit:JS/Blacole.EYItems: containerfile:C:\Documents and Settings\mgk\Local Settings\ApplicationData\Mozilla\Firefox\Profiles\3vxp40ra.default\Cache\B\52\DD4E7d01file:C:\Documents and Settings\mgk\Local Settings\ApplicationData\Mozilla\Firefox\Profiles\3vxp40ra.default\Cache\B\52\DD4E7d01->(GZip)->(SCRIPT0000)---which was quarantined and removed.Now that my ears were perked, I checked the Microsoft Security Essentials logs, I found that on 4.21.12---Exploit:JS/Pdfjsc.AH Items: containerfil... Read more

A:Windows XP computer shuts down when running Malwarebytes in Safe Mode

Reviewing my own post here, I noticed Security Check telling me I have an outdated version of Java running, which is untrue.---Verified Java VersionCongratulations!You have the recommended Java installed (Version 6 Update 31).---as told to me by http://www.java.com/en/download/installed.jsp?jre_version=1.6.0_31&vendor=Sun+Microsystems+Inc.&os=Windows+XP&os_version=5.1And I even used JavaRa to uninstall all antiquated Java files remaining on my HD.Just thought I'd add that, for the record.

16 more replies
Answer Match 66.78%

I run MS Security Essentials and AVG - AVG expired a month ago and I had been debating whether to change to another supplier but before I could do so last week I got hit by the WindowsRecovery virus. I thought I had cleared it out manually, but had been having some problems with access to IE so opened in safe mode to download Malwarebytes. At once a new virus opened, XP Anti Spyware with the usual dire warnings, and has blocked access to Malwarebytes website. Cannot now run in even safe mode as this new virus is rampaging about inside safe mode. It has presumably infiltrated SE in some way. I have no idea how it got in as I have not downloaded anything in weeks. But now I cannot even run in safe mode or access malwarebytes.

I assume the only way forward is to download an anti virus package from this pc (not yet infected) onto a usb stick and install it from there. Is this the way forward and which one should I chose. I am running XP Pro by the way.

A:Virus runs in safe mode and blocks access to Malwarebytes

Please see the self-help guide: Remove XP Anti-Spyware 2011, Vista Security 2011, and Win 7 Internet Security 2011. Be sure to follow the instructions exactly as written using FixNCR.reg, RKill and then an immediate scan by Malwarebytes.I run MS Security Essentials and AVG - AVG expired a month ago and I had been debating whether to change to another supplierUsing more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to conflicts that can arise when they are running in real-time mode simultaneously and issues with Windows resource management. Even if one of them is disabled for use as a stand-alone scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior. Each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "False Positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights ... Read more

7 more replies
Answer Match 66.78%

Hi. I'm having a problem installing Malwarebytes in Safe Mode after being infected with the Security Tools Virus. I read through the tutorial on how to remove the virus but I can't get Malwarebytes to install to begin the process. After I download the program and try the installation, it gives me a message that mbam.exe cannot be found. When I look in the Malwarebytes folder, it appears that no mbam.exe file was ever created. I see a post regarding rootkit removal in a similar thread by boopme but I can't see all of the instructions due to red x's on steps 3, 4, 5, 6 & 10. Any help would be appreciated.Thanks

A:Security Tools Virus - Malwarebytes will not install in Safe Mode

Hello,please insta;l and run Malwarebytes from normal mode.1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.2. Restart your computer (very important).3. Download and run this utility. Mbam clean4. It will ask to restart your computer (please allow it to).5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.phpNote: You will need to reactivate the program using the license you were sent.Note: If using Free version, ignore the part about putting in your license key and activating.Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first***Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click... Read more

19 more replies
Answer Match 66.36%

I've run about everything I can run on this machine. I've run the full spectrum of utilties to cleanup the viruses and trojans on this XP home system. Everything reports clean, but I still cannot run Ad-Aware, Spybot S&D, ZoneAlarn, Norton, etc. unless I boot in safe mode. I'm thinkning the regististry is toast, but I don't know which product would reliably fix it. Since it's a Compaq machine, the way to repair XP is to run the Recovery, which I believe formats the whole thing. Is there somewhere in the registry I can fix to make it behave?
 

A:Solved: Can't launch ad-aware, spybot, norton, etc unless safe mode

8 more replies
Answer Match 66.36%

Over the past few days, my computer has been experiencing high CPU usage. Upon attempting to perform a Malwarebytes scan in safe mode, I would find the computer has somehow shut down automatically during the scan. Since I would leave the computer unattended, I am not sure if any particular detections occur prior to the shutdown. The same thing also occurs when I perform a SuperAntiSpyware scan during safe mode. I am using Windows 7 as the operating system if that helps, in case it's an issue with the OS.

A:Computer automatically shuts down in safe mode during Malwarebytes & SuperAntiSpyware scans

Same issue in normal mode?Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download aswMBR to your desktop.Double click the aswMBR.exe to run it.If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".Click the "Scan" button to start scan.On completion of the scan click "Save log", save it to your desktop and post in your ... Read more

7 more replies
Answer Match 66.36%

I apparently contracted the Security Suite virus on my laptop. I downloaded Piriform's CCleaner, rkill.com, and Malwarebyte's AntiMalware on my desktop, burned them to a CD, copied them to my laptop (in Safe Mode w/ Networking enabled), and ran them in the order that I just listed them. When I ran Malwarebytes, it installed, but would not allow me to download the updates. I tried to update it in regular (not Safe) mode, but the Security Suite virus wouldn't let me open the Malwarebytes app. I tried renaming the MB app, but that didn't help. I copied SUPERAntiSpyware to my laptop but it would not let me update that either. I tried connecting my laptop to the ethernet via cable instead of wireless as it normally is, and that didn't make a difference. I ran MB un-updated, hoping it might somehow find the Security Suite virus despite not being updated. A 35 minute, complete scan later, and it took issue with an svchost.exe file and a couple of pieces of Registry Data. I "Quarantined" those threats, not sure if it would be a problem if I actually deleted those files. Not sure what to do now.
Please help.

A:can't update Malwarebytes in Safe Mode to kill Security Suite virus

Hello,Please follow the instructions in ==>This Guide<== starting at Step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

7 more replies
Answer Match 65.94%

As per the title, I am working on a laptop belonging to my fiance's family and I cannot figure out what's wrong with it. In non-safe mode, there is no internet access at all, just "limited connectivity" to the network. I whipped out my PSP and had no issues getting on the network and putzing around. I rebooted in safe mode, and had internet, but there is something preventing the already-installed spybot from running, and also keeping me from installing other programs like Adaware. Thankfully I was able to run HijackThis and DDS and have logs. Maybe somebody here can shed some light on this, because I certainly can't figure it out.I asked if they had gone to any unusual sites lately or seen any notifications on the spybot resident (installed on the laptop at my request). I found out they were trying to watch a TV show on some site other than the network's (ABC or NBC.com or such) or some other legitimate site (like Hulu), and did get a spybot notification, but denied the change (I taught them to just deny everything). I did some hunting through the browser history and found out the site they were at was:<http://a-episodes.blogspot.com/2009/04/watch-biggest-loser-season-7-episode-15.html>They confirmed this as the site that they visited, or at least one of them, that had asked them to install something as soon as they hit the "play" button, which they subsequently denied.Also, another suspicious looking history entry, which may be unrelated but I thoug... Read more

A:Google redirection, no internet outside of safe mode, blocking Spybot and other AV tools

Bump.-------------Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of... Read more

9 more replies
Answer Match 65.94%

Adding in contextual information from another post. ~ OBHi, I have all kinds of crazy things going on.I have Windows System DefenderI also have been getting code 1073741482 the system will now shut down yada yada yadaI can't start up in safe mode I get the message PAGE_FAULT_IN_NONPAGED_AREAI can download malawarebytes but can't run it or any other anti spyware.Also google chrome is the only browser that works for me.So I tried to rename mbam.exe but I don't have it in the program files. I have the help stuff the languages stuff, but not the exe. I tried to rename the one titled mbam but It won't let me.Thanks for any help you can give. End of added information. ~ OBHere is the log. Thanks so much for volunteering to help out.Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496Mount point destination : \Device\__max+... Read more

A:Can't run malawarebytes, adaware, spybot, browsers, safe mode doesn't work

Hello Mike1911,Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) "%userprofile%\desktop\win32kdiag.exe" -f -rinto the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

55 more replies
Answer Match 64.68%

In normal mode, my Internet Explorer does not work. I try to open it but the pages never come in although I am sure I am connected. I also tried Firefox and that is not work either, with the same error as IE. Windows Live email does work and I am able to pull down email, but none of the browsers work.

Also, when I try to update Spybot, Ad-Aware, Malwarebytes they fail, saying that updates cannot be downloaded. I was able to run and update in Safe mode with network to get the updates and run Spybot, Symantec Antivirus, Ad-Aware, Malwarebytes, and Windows: safety.live.com, but no issues were found and the when I reboot in Normal mode, the same problem exists.

Next, I ran SDfix in safe mode and have attached in this note, but also, the same problems exist (see attached: Report.txt)

Finally, I have now run dds.scr this and am posting the results. (see DDS.txt below and attached: Attach.txt)

Any help you could provide on this would be much appreciated.

Thanks in advance.

Rick G.

DDS.txt output:
DDS (Ver_09-03-16.01) - NTFSx86
Run by rickgoncalves at 18:49:28.51 on Wed 04/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.888 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Integrity Client Firewall *enabled*
FW: Symantec Client Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\syst... Read more

A:Internet Explorer/Firefox not working, Spybot, Ad-Aware, Malwarebytes updates not working in Normal Mode

I have resolved my issue. Turns out it was a problem that has to do with my VPN and the firewall policy.

2 more replies
Answer Match 64.68%

Logfile of HijackThis v1.99.1
Scan saved at 4:03:23 PM, on 7/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\qwerty12.exe
C:\WINDOWS\System32\HPZipm12.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Stuff X\Full Working Programs\hijackthis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GPLv3] "rundll32.exe" "C:\WINDOWS\System32\ktmejbbk.dll",realset
O4 - HKLM\..\Run: [SpySweeper] D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common F... Read more

A:Hijack logfile. Could barely even get hijack to run, including in safe mode!

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

1 more replies
Answer Match 61.32%

My friend has had trouble with XP and having her control panel crash "Windows Explorer has encountered a problem and needs to close." "Sorry for the inconvenience". I told her to use to run all antispyware and antivirus software. AVG, spybot, etc. and then run this in safe mode. This is what the log now says in safe mode.


logfile of HijackThis v1.99.1
Scan saved at 1:30:28 AM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Pro... Read more

A:Hijack Log using XP in Safe Mode

Please post a log taken from Normal Mode

4 more replies
Answer Match 60.9%

These guys are good, It looks like you guys may be better. Been fighting the about:blank for about a month. Installed Norton about 5 weeks ago, have downloaded, updated most of the tools recommended here and elsewhere.HJT - log - HyoungLogfile of HijackThis v1.99.0Scan saved at 5:35:23 AM, on 1/6/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Canon\BJCard\Bjmcmng.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WIN... Read more

A:Two Hijack logs - one in safe mode

The first thing I need you to do is download the file from here:Getservices.zip - Get list of XP/2000/NT ServicesExtract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post along with a brand new hijackthis log.

5 more replies
Answer Match 60.9%

As I stated on my other post, my computer has been formatted for a month now. I?m using windows XP. My main antivirus (McAfee) just can?t complete a whole scan without the pc restarting by itself. It happens with all antivirus and anti malwares and some other kind of programs too. I just don?t know what to do anymore.

On the other post someone told me to try my scans on safe mode. McAfee restarted, SpyBot closed and couldn?t get open again and stinger had to close. Only hijack worked all the way through. I have disabled windows restore.
This is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:03, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARQUIV~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Softw... Read more

A:All Antivirus Can´t Go Through Even In Safe Mode (hijack Log)

Hello katia and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

3 more replies
Answer Match 60.9%

Hi pals after the analyses of the 'hijackthis log' from Hijackthis section from this forum ( from here the log is clean ). I have to find a sulotion to the problem here. My OS. XP Pro SP2. In the normal windows mode I am unable to find any things which suggest it is something wrong, as I could do my usual works. One thing is particular is I could see the 'local setting folder' in C:/ doc. & setting folder which it should not been seen after uncheck the hidden folder and ext. box. OK my problem is when I enter 'safe mode' and the logon window appear, when I wanted to point to my username it seem to move away to the left or it automatically restart to normal mode. When I use theTab button it did not respond or I have to tab a few times and it will open to some where else. As I have mentioned all the required steps have been taken and followed as stated in Hijack section. I do hope someone will be able to help me. Thanks.

A:Safe Mode Appears Hijack.

Have you updated your Nero programs (or removed them) to see if that's the cause of this? (as recommended by RichieUK in your HJT log?)

1 more replies
Answer Match 60.9%

Hi there,
Losing my mind here with a browser hijack or rootkit - not sure.

Toshiba L300D
Vista
AMD DC QL-60 1.9
2 gig ram
32 bit OS

Constant redirects to stopzilla and others - fake popups from windows firewall etc.

Tried running or installing avg, SAS, Spybot, malwarebytes and others in safe mode but I am still stuck with redirects, any help would be appreciated.

Wanted to add that I can install MBAM in regular mode but after updating and starting a complete scan it just stops all of a sudden, then when I go back to restart it under start - all programs, it is the only program in black, all others are greyed out. And once I try to open it again I get the following error;

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

I'm not sure if the greyed out thing is an issue - I thought it was like that because UAC is turned off, but maybe it helps to know?

TY

A:Browser hijack even in safe mode?

Hello.We need to scan the system with this special tool.Please download Junction.zip and save it.First unzip. If it is extracted/unzipped to a folder open the folder and put junction.exe inside it on the desktop. Make sure the file itself is on the desktop. It should look like this: Go to Start => Run... => Copy and paste the following command in the run box and click OK:
cmd /c "%userprofile%\desktop\junction.exe" -s c:\ >log.txt&log.txtA command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.~BladeIn your next reply, please include the following:Junction Log

6 more replies
Answer Match 60.9%

have tried to windows update, won't let me update, ran virus scanner, advware, spybottom and still won't let me run windows normally, only safe mode wondering if I got some virus or something else. thank you in advance

here is my hijack log

Logfile of HijackThis v1.99.1
Scan saved at 3:22:19 PM, on 2/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Ken Ward's Zipper\zip4.exe
C:\KPCMS\My Documents\download\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D79424... Read more

A:need help Hijack log, can't boot only safe mode

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

It appears that you used to have Panda Antivirus onthis machine. Please tell me which version of Panda you had & how long since you removed it.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install - CleanUp.exe (not recommended for WinXP64)

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *


1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.


* * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *


Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs: Acceleration Software\stopsign ... Read more

19 more replies
Answer Match 60.9%

I have been having issues with my computer and have stated what those issues were in the "Am I infected" thread. Currently, I still cannot boot into safe mode, but the pop up ads and google redirects seem to be gone. I have used Combo fix, Mbam, Hitman Pro, TDSS killer, Eset Online Scanner, and Spybot to resolve this issue. Nothing seems to work. Here is the log and please tell me if there is anything else you need.
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:56:59 AM, on 10/23/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explore... Read more

A:Hijack this log; Cannot boot into safe mode.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552997 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

24 more replies
Answer Match 60.48%

Hi,My Computer which has Win Xp Sp3 is behaving like it is in safe mode , eventhough it is in normal mode .I noticed this because ,1. Avira Antivir Guard and Update cannot be launched bcz Scheduler is not running.2 . I tried to start scheduler ( under services.msc ) , but can't start it bcz of error 1084 ( safe mode situation ) .3 . I can't use Windows Update , bcz of error Error number: 0x8007043C ( same safe mode condition )4 . I ensured that BITS was set to automatic , but it can't run bcz of 1084 error.I have scanned with Malwarebytes, Spybot S&D , SuperAnti Spyware ( in real safe mode) - No DetectionHere is the dds log ,DDS (Ver_09-09-24.01) - NTFSx86 NETWORK Run by Administrator at 16:45:23.03 on Mon 09/28/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.112 [GMT 5.5:30]AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop�... Read more

A:Safe Mode Error, WinXpSp3 behaves like it is in safe mode even in normal mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 60.06%

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\jared westbrook\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gonnasearch.com/iesearch.php?ref=sb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gonnasearch.com/?ref=sp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = wabu.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gonnasearch.com/iesearch.php?ref=sb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gonnasearch.com/?ref=sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.gonnasearch.com/iesearch.php?ref=sb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gonnasearch.com/iesearch.php?ref=sb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ... Read more

A:can someone please evaluate this hijack logfile. im in safe mode

16 more replies
Answer Match 60.06%

Hello,
I have XP. I run virus scans, Spybot, Adaware. Today at 2pm, I click on something, and it opened a new page when it shouldn't. I ran spybot which received an error. I culdn't restart except by forcing it to. I cannot find anything on virus scans but spybot found 2 things that said "Disable Anti-Virus and Disaable Firewall." it removed them but gave me errors.
I tried to open Hijack this. When I click on (for example) my computer, it openes 5 windows but not the one i want. I have something wrong, i even suspenct my computer may be being remotely controlled.
I am sending this message from another computer.
can you help me please? I am worried as I tried over and over to go into safe mode and couldn't. I tapped F11 but it goes right into windows.
HELP
 

A:Solved: Help! Cannot Restore, Safe Mode, HiJack This!

7 more replies
Answer Match 60.06%

Baically my laptop with windows XP won't even start (except safe mode) . I've tried scanning for virus' but cant find anything. tried connecting a different monitor to see if it was the screen that was messed up as when it starts it has loads of green lines on the screen and the same occurs so the screen is not the problem. Also it just turns itself off for no apparant reason. Any help from the hijack this file and what to do to fix it would be greatly appreciated. Thank you Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:42:48, on 17/08/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft... Read more

A:Please Help. Lap Top Only Starts In Safe Mode - Hijack This Log Shown

HelloWelcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.

1 more replies
Answer Match 60.06%

Hey, thanks for the help. Recently while watching It's Always Sunny on Philadelphia on MegaVideo (I know, bad idea, but the show is addicting) an error sign popped up and then my computer shutdown "in order to protect" itself. Not sure if that was spyware. When the background came back up the wallpaper changed to the "Your computer is infected...) One of the taskbar items, a red balloon with an X in the middle, popped up saying that windows was going to install some special programs to remove the threat. I never clicked on it. When I ran malwarebytes and avg the green screen went away and everything seemed normal for a bit, but google searches were hijacked to random websites. I then ran super-antispyware and TFC. When I rebooted, I tried booting up in safemode but the computer crashed. Thanks for any help.

A:Google Hijack and Safe Mode Crashes

hello, please post you infected MBAM scan log//Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.SAS did not run in safe mode? Will it run in normal?

3 more replies
Answer Match 60.06%

Last week I seem to have picked up this google hijack virus that so many others have posted here about. The story is the same - links I click on in google would take me to various attack sites. I tried running AVG and Malwarebytes and they would detect multiple pieces of malware and rootkit infections and then delete them. However the problem would still persist afterwards.

I decided to boot up in safe mode to try and run an antivirus program, only safe mode wouldn't work and I'd just get a BSOD. While doing some research I came across this blog talking about safe mode being deleted by a virus. The author offers a fix here. I was wondering if this looks to be a legit fix or if there are other options before I go about working with the registry values?

Back to my main issue of the hijack virus - I ran the DDS diagnostic with no problem, however when I tried to run GMER it scanned for about 3 hours then gave me a BSOD. When I first open GMER and before clicking "scan" the screen displayed a few lines including "C:windows\system32\drivers\atapi.sys suspicious modification" which leads me to believe this is the culprit. As the scan would not complete I cannot offer the ark log at this time. If there's an alternate means of running GMER to obtain the log let me know.

Thanks in advance for your help!

DDS log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Jeff at 19:00:22.81 on Tue 01/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windo... Read more

A:Google hijack virus + no safe mode

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------


Quote:




When I first open GMER and before clicking "scan" the screen displayed a few lines including "C:windows\system32\drivers\atapi.s... Read more

14 more replies
Answer Match 59.64%

Windows XP Pro, 2002, Service Pack 2
Disk is buried somewhere... may have access to another in a few days.

Before the holidays had what amounted to power surge while rebooting, system shut down, I restarted and the internet wouldn't connect... being as this is our business computer it is necessary to work. I poked around and it said that the WMI service may be corrupted.
I rebuilt as best I can, but since having no XP disk handy, not certain if all files were repaired.
receiving "Nonamespace error" and after running the Dial-a-Fix program, found that there is a problem with the srclient.dll file associations. Still no luck with a fix. On a whim I started the computer in safe mode, the internet works, but some of the other functions I need do not start up.

Confused.

Here is a copy of my Hijack This log run as is in safe mode.

Thanks in advance if you can assist with this mess.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:24:32 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Micr... Read more

A:Network/Internet Only in SAFE mode - incl Hijack This Log

I found a couple of files buried in my Winsock path in the system32 files that didn't belong.

Ugh.

It's working now. I need to see where they're coming from because my new (and improved) firewall caught and pulled the same suspicious files and held them for inspection.
 

2 more replies
Answer Match 59.64%

hi,

customer has this trojan on win xp svcpack 3 PC workstation. am familiar with standard fixes that involve safe mode to run malwarebytes or similar programs.

this appears to have evolved by disabling the safe mode (safe mode, safe mode w/ command, safe mode with networking) so that when F8 selection of any safe mode, it runs like regular safe mode, but then fails and reboots to normal start up (and the virus).

i was able to apparently remove the trojan by running windows defender offline, hitman pro and malwarebytes (as far as i can tell) but am unable to find instructions how to restore the safe mode capabilities).

thoughts, suggestions welcomed. thank you.
 

More replies
Answer Match 58.8%

Hi! All right, lately I have been having alot of pop ups and my computer has been running very slow. Out of sheer laziness, I haven't downloaded any antiviruses. I wish I would have. I left my room for a brief moment and when I came back my comptuer was off. I turn back on my computer and went to log into my User account and it starts up and then restarts. I have no idea why it is doing this. I can only run my system in safe mode. I tried last known good configuration, and it still does this. I tried 2 online scans, bit defender, and trend micro. It seems I have a few trojans, I didn't take down what any of the files were that they said they removed/ tried to remove. Here is my hijackthis log file! Please somebody help me!
Logfile of HijackThis v1.99.1
Scan saved at 12:03:25 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Interne... Read more

A:My Computer will only boot in safe mode! Please Help! ASAP! Hijack this log inside!

16 more replies
Answer Match 58.8%

Windows XP [32 or 64 no idea] with Zonealarm and Avast.
 
Whilst surfing I managed to get my computer locked after it shut down and restarted of its own accord.
 
Within minutes of restarting a full page "Cheshire Police are on to you but if you pay pay us £100 by UKASH we will unfreeze your computer" type of message appears [as if the police would take money like this!!!]
 
Tried to start in Safe Mode but it just by passes it and goes to my password input page and then starts normally but quickly locks down to Cheshire Police again.
 
I can press ctrl alt delete but cannot close the page using the box that appears.
 
I do have access to a laptop.
 
Thanks in anticipation

A:Cheshire Police Hijack unable to start in Safe mode

what is the make and model of the computer? are you pressing f8 to get to safemode?

19 more replies
Answer Match 58.8%

Hey guys,

Upon trying to turn my comp on, I get the blue screen and cant start up, on restart it lets me in safe mode. The problem seemed to start when I had a redirect malware. I downloaded both Malware Bytes and AdAware to try and fix it. Once Adaware installed, it went to blue screen and since then i can only enter in safe mode. I did some research and found that having 2 adware programs may cause this problem, so i unsinstalled both from safe mode. No luck.

I'm out of ideas, so here are my logs can someone help me? Otherwise it looks like I'm going to have to take it into a store and have it fixed for a huge fee, or reboot windows. I have no system restores

EDIT: this is what the blue screen says:

A problem has been detected and windows has beens hut down to prevent damage to your computer.

NO_MORE_IRP_STACK_LOCATIONS

If this is the first time youve seent his stop eror screen, restart your computer. If this screen appears again, follow these steps.....

*Didnt want to type it all, seems generic*

Technical information:
***STOP: 0x00000035 (0xFFFFFA800FDE1240, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Brian at 17:33:38 on 2012-04-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12193.11222 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium Internet Security *Disabled/Outd... Read more

A:HiJack This + DDS log - Blue screen - cant enter windows w/o safe mode

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

29 more replies
Answer Match 58.8%

It all started today when I updated my phone I use safari web browser and I was updating my iphone on itunes. Mid way there was an error, my iphone stopped syncing and the usb stopped connecting with itunes too. My iphone's screen keeps blinking for me to plug in the usb and connect it to itunes but its like the usb wouldnt recognize it.  So I had to shutdown the computer. After I rebooted it automatically rebooted in safe mode and when I went to open safari these getsoftfree ads began to pop up.Im assuming its an virus or some malware but Im not sure where it came from, I have younger sisters who use the computer so maybe they clicked on something they shouldnt have. I immediately began trying to fix the issue by googling how to fix it. I tried a scan but it didnt detect anything.The only thing that seems to be doing something is revo uninstaller because I can see what it is that starting up with my other programs. and I see that its a virus or a program that shouldnt be starting up. Ive realized that when I disable the start up programs I can use the computer in safe mode with no issues. But when I try to exit safe mood and enable the start up programs the pop ups come back again. I have already tried uninstalling anything that isnt normally in my programs. I need help I really dont know what else to do. Sorry for any miss spellings I am in a rush and trying to get this fixed ASAP.Edit: Moved topic from Windows 7 to the more appropriate forum.~ Animal

More replies
Answer Match 58.8%

Well basically i just called the geek squad at best buy and they said their virus removal is $200.... i can not afford that. I'd rather just buy a new pc if it came to that. So heres my problem
When my computer starts up i message in yellow with a blue background pops up and says.... Warning! your computer is infected with spyware! please d/l a virus protection program or w/e... etc etc.

Just before this i had a problem with a Red X claiming it was windows xp virus update...coming up at the bottom of my screen.. and telling me to downloads things.
I cant really run my pc outside of safe mode anymore, because so much junk pops up, and it eventually kicks me out to this blue screen with a bunch of text, with a different title everytime for my problem... "poole head bad" or something like that.

and that screen tells me to resart. Ive ran AVG like 5 times, and everytime i come up with the same 3 trojans too.

So thats it in basic form... If someone can help me seriously fix this problem and keep it fixed. I'd send you a check for $20 or so just for your time and effort! no kidding... id appreciate a helpful person over a geek squad $200 ripping off.

heres my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:36, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\... Read more

A:Major issues, can only work in safe mode Hijack log attached

13 more replies
Answer Match 58.38%

okay... so i was trying to get into safemode so i could run an antivirus scan, problem is whenever i tried going in safemode the blue screen would pop up and computer would restart. now for some dumb reason i thought maybe i could get in safemode if i used msconfig and selected safe mode from the boot menu. so the computer restarted and now it boots in safemode but the blue screen and restart happen everytime now. ive tried "start windows normally" but that boots in safemode.... ive tried "last known good config..." and that too boots in safemode. so now im stuck, i cant get on windows. any help please?

im willing to start over but i dont know how to do that from here
 

A:STUCK in safe mode boot, safe mode doesnt work and restarts, REPEAT

11 more replies
Answer Match 58.38%

Well, were should I start. This all happened on August 30 Sunday, I had finished downloading a program packaged in a rar file. I unrared that file to take its contents out(which included the program and its "crack" file). Everything in the computer running smoothly still. Installed the program(FL Studio), and tried to open the crack, but the Data Prevention in vista stopped me. So I open up my Firefox, internet still working after I installed the program(I may be wrong, probably opened it before I installed it), anyways. I go online to see if the person that provided this program had instructions and he/she didnt. So I right away remembered "oh yeah the data prevention thing, all I gotta do is add to the allowed programs and it should work." So I exactly did that with the crack, I added it to the Data prevention to allow to run. So I double click on the crack, and then I click on the "crack this or crack" w.e it was, and it told me couldnt find the program it needed to crack,so then it says find the program and I click yes. I browse through my folders find FL studio and crack it. After I did that my internet connection no longer worked, like something was blocking it. Spent countless hours trying to figure this out, even uninstalled FL studios and still it didnt work, Firefox and IE opened up find, just something was blocking my internet connection. So I decide to restart my comp after I had uninstalled FL studios. And bleep just got wor... Read more

A:Windows Police,Desote.exe ,Google Hijack,Only able to us Internet in Safe Mode

SanSan,

I just got finished fixing this virus on one of my co-workers pcs.

1. Start winodws in 'safe mode with networking'
2. Download (http://www.winhelponline.com/exefix_xp.com) to desktop
3. Remove the following files:
C:\WINDOWS\svchast.exe
C:\WINDOWS\system32\dddesot.dll
(If it wont let you remove them.... pull up taskmanager and make sure to stop all processes of Desote and Svchast. Then try again)

4. Do a search in the C:\WINDOWS directory for 'desot' and delete anything that comes up.
5. With desote removed you will not be able to run any .exe files. The association to .exe in your registry was hi-jacked. Run the 'exefix_xp.com' file that you saved to your desktop to fix the registry issue.
6. Reboot

When finished run any antivirus/trojan software detection software you might have to clean your system up.

5 more replies
Answer Match 58.38%

Hi Helpers:

This what I am working on:
OS Name Microsoft® Windows Vista™ Home Basic
Version 6.0.6000 Build 6000
Dell System Model Inspiron 531s
System Type X86-based PC
Processor AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, 2109 Mhz, 2 Core(s), 2 Logical Processor(s)
Available Physical Memory 477.36 MB
Total Virtual Memory 2.13 GB
Available Virtual Memory 1.75 GB

Sometimes I can boot normally, but IE7 will not launch. When I run AVG, Trend Penicillin, it goes into the blue death mscreen. I ran AVG on SAfe Mode and quaranteed a few trojan viruses. I am able to launch IE in Safe mode. Random redirects upon search in google.

Somewhere I got an error code: 0x8007043c and disk cleanup listed
Program File (E2883E8F-427F-4FBO-9522-AC9BF37916A7
Type: ActivexControl
code base: http://platformdl.adobe.com/NOS/getPlusPlus/1.

I was able to download HijackThis and I have received the following log report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:45 AM, on 8/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Softwa... Read more

More replies
Answer Match 57.96%

i have windows home xp edtion on parkard bell.in safe mode it is fine,but when on normal bootup mode it will hang up after 2mins aprox(then restart saying crit error,check hardware etc and being to dump files kernel),on a blue screen.

i tried a different graphics card,but no joy.so i replaced the hdd drive and put a fresh copy of windows xp pro edtion on,but it loads all the files(i have not pressed f6)i just let it run its course on the disc,then it hangs up on the blue screen again with the words(crit error 0x0000007f)check hardware etc and if this is the first time you have seen it try starting windows again.

Thankyou for all your time.
 

A:Solved: xp safe in safe mode fine...mormal mode blue screen

Start in Safe Mode and look in C:\Windows\Minidump for crash log files with a dmp extension, like Mini071008-01.dmp. Zip 4-5 of the latest ones and post here as a ZIP or RAR attachment. The log file contains information useful to determine what caused the error, most likely hardware.
 

2 more replies
Answer Match 57.96%

I'm new here and in hopes of getting this resolved. I just installed the new Norton Systemworks 2005 and rebooted after installation. When the boot screen got up to the blue screen with the Windows XP logo before displaying the login names where you put in your password, it just stops. I restarted a few times and waiting a few more times thinking it may need to 'finish' installing. But each time gave the same results. Finally, I went in with 'Safe Mode' and got in with no problems. Tried again in normal mode after looking around for any obvious problems (none found)... back to square one. Tried again in 'Safe Mode with Networking' and it failed like normal mode so I suspected a networking problem??? The last thing I tried which made me mad is that I tried to uninstall Norton Systemworks in 'Safe Mode' and that failed!! Anyone in these forums know the cure? :dead:
 

A:Unable to get to login screen, works in Safe Mode but in Safe Mode w/ Networking

Just a thought

Safe-Mode
Start \ Run \ msconfig \ diagnostic startup
disable any services attached to your most recent install and restart
should get warning next boot about using msconfig, its ok
One key service that needs to be available is the installer service
Try the uninstall, if doesn't complete
Try the uninstall string in the registry only if you know what you are doing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Under it you will see a list of installed programs. Some don?t show up as words but you can figure out what they are by looking at their values. What you are looking for is the uninstall string. Double click that key as if you were going to modify its value. Do a CTRL + C to copy and then exit the registry editor.

Go to START \ RUN and paste the uninstall sting and hit enter. This should launch the uninstall.

Just a thought though as I am not infront of a test system at the moment. You should research this a little further so you have a clear understanding of what you can and can't do with msconfig.

or simpler yet

Safe-Mode

Start \ Programs \ Access. \ System Tools \ System Restore

Select restore point prior to install of whats giving you the problem.

Again, Good Luck

PS If you try to install it again, turn of antivirus and other open programs etc..
 

1 more replies
Answer Match 57.54%

Hi

I was here earlier with a problem I was having with my laptop all of a sudden randomly "preparing Windows to standby". Now that is not the problem

Ok

I have an Inspiron 1520-Windows XP 4G of ram. Laptop is about 6 yrs old and has worked perfect until about a week ago which it first started with the "windows preparing to standby". I have to add that in my power options I have the option NEVER TO STANDBY. This problem has not occurred again somehow, but it did it for about 3 or 4 days.

Problem now:

On startup my icons take about 3 minutes to load while the background wallpaper shows up in less than a second. If I do the startup in safe mode everything loads as it should. No problem.

Once my laptop is totally loaded on normal mode it works fine even if the icons took forever to load , with the exception that maybe twice a day the screen will go black for less than a second and come back to normal again.

What I have done:

I checked all my startup programs and I only left one on called Syntpenh because I read it has something to do with the mouse and scrolling of pages. (I am not computer savvy at all so this is really difficult for me I have done this while reading other posts and talking to some techs) I have run defrags (it always comes back saying there are some files that cannot be defragmented) , disk check which comes out ok , cleaned and compacted registries (with PC Tool Registry Mechanic which I downloaded after all this fiasco started ... Read more

A:Desktop Icons take 3 minutes to load on normal and seconds on safe mode-Hijack this?

16 more replies
Answer Match 57.12%

Hello,

Recently my dad's computer had a corrupted hive and boot.ini. Via this website, I was instructed to run a chkdsk /r while in the recovery console. Everytime I used his OS disk to get into the recovery console, it prompted me for a password and I didn't know it (nor could I leave it blank). I decided to use my OS disk from my computer and I could fix the problem. Now, though, everytime I startup the computer, it prompts me to start windows normally, in safe mode, in safe mode with networking... To give further information...on that same screen there is an option for Windows XP and Windows XP Home Edition. Don't know if that has something to do with it. They both work though when I press enter on either one. Could anyone help me stop the computer from prompting me??? Thank you for any help.

More replies
Answer Match 57.12%

This morning we had a power outage and when I turned my computer back on, it would not boot. I tried several times to hard boot, with no luck. Then I tried safe mode. Ran an antivirus scan and it showed malware and several infections which it cleaned. The computer still would not boot normally. I then ran chkdsk, still would not boot normally. I have ran malware bytes, registry repair and the registry defrag program as well as done a disk clean up. It still will not boot in normal mode.
Since my last problems that you helped me with, I have upgraded to a broadband internet connection and have a home network. The 2 other computers on the network are fine.
A week ago, I had purchased Avast internet security and had problems immediately. It would not allow me to connect to the internet. That was uninstalled and I went back to the free Avast antivirus, Zone alarm and Spyware blaster. I was very unhappy with Avast customer service and support iYogi and decided I did not want Avast on my computer at all. I have since downloaded PC tools free antivirus. Once I have my computer operational again, I am open to suggestions.
Fortunately, I did not change anything on the other 2 computers. Just mine.
Running Windows XP 3 .
Thank you.

A:[SOLVED] computer will not boot except in safe mode or safe mode with networking.

what are you running
video card
cpu
m/board
ram
power supply
brand
model
wattage

check the listings in the bios for voltages and temperatures and post them

the outage may have damaged the psu

19 more replies
Answer Match 57.12%

I recently attempted to clean my brother's computer after he aquired a virus from the torrent file program he uses. Regardless, I cleaned a trojan and a backdoor from his system from safe mode. I can not boot in normal mode. Everytime i try the system gets hung up at the windows loading screen then the screen turns black and sits there. I have to hard reboot. I ahve used a repar CD and i have come across an error 0x800700b7, i have also recived this when i tried to work around this problem "identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}"

OS= Win 7

A:System will only start in Safe mode, Clean virus in safe mode

You can spend a lot of time trying to fix the boot problem and clean the virus from the computer, or you can nuke it and reinstall Windows. I wouldn't bother trying to fix it, personally - I'd back up what I could and then I'd install Windows again.

9 more replies
Answer Match 57.12%

I booted into safe mode to try an fix a issue I selected to boot with command prompt butb I have a all black screen an can't get out of safe mode now I restarted the laptop a few times still the same 'anyone know how to fix this?

More replies
Answer Match 55.44%

Alright this is a family's laptop that is about 5 or even more years old...has windows xp on it dont know the exact one -.-...alright.

My sister has been using it and says she has never done anything to it...which i dont believe but anyways this computer will not boot up what so ever...everytime you power it on it goes to the screen that says unexpected error software/hardware problem yada yada yada...and then it gives you the options of boot in safe mode, safe mode networking, safe mode command prompt, last known good configuration...and none of those will work...we do have the recovery disks to wipe it but are trying to find a better way if possible...and when you try to load into any of the safe mode choices it stops at multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\System32\Drivers\Mup.sys...will stay at that for about 5-10 mins and then just turn off...if you try to just do normal mode or last known configuration it just acts like it loads with the windows and the little green loading bar then shuts off...the more i type the more i think the harddrive is toast but im new and learning so i probably could be wrong. Just looking for suggestions =)

Oh and this pc will run very hot...so if its a hardware issue i would not be surprised.
 

A:HP Pavilion will not boot in safe, safe w/networking, safe command or in normal mode

I'm heading to work now ill be back later tonight so just post suggestions and i will try them. =)
 

11 more replies
Answer Match 55.44%

Yea trying to get ino safe mode. When I do hit safe mode and choose my account to log on instead of going to my desk top the screen goes blank and the words safe mode appear in all four corners.
Any help would be great!
Have a good day
John

More replies
Answer Match 55.44%

Windows just downloaded an update to my ASUS x83V laptop and now I can't get it to boot up. I've tried booting in normal mode, last successful mode, safe mode, safe mode with command prompt and nothing works.

If trying to boot in safe mode it gets stuck on crcdisk.sys. When trying to boot in any mode it eventually hits the blue screen with a STOP error of 0x0000001E. I have also gotten 0x0000007E and 0x00000024.

I am positive it's the latest Windows Update that caused this because my computer at work, which also runs on Vista and is also an ASUS, had an update yesterday. When I came into work this morning and tried to start up it was unable to and did a start up repair. That didn't work but it gave me a system restore option which did work.

Unfortunately my ASUS laptop does not prompt me to do a repair nor a system restore. The recovery disk I have that came with the laptop only allows me to do a restore which erases everything on my HD.

I'm only somewhat computer savvy; better at working with them than fixing them so please try to put things in layman's terms. Thank you!

More replies
Answer Match 55.44%

ok i have a huge problem, i no virus scan capabilities in safe mode and in safe mode with networking, now i have tried to go back to reg. booting, and see if it is installed corectly, and from the looks of it, it is all icons and file folders are there and working.....now when im in either one of the two safe modes wither im on the amnstdr or mine the software will not open and it won't open, here is what comes up when i try to open it from program files:

"Faild to start the Symantec Management Client service. Error code returned:
0x8007043c
i am getting frustrated badly with this, i am running XP home ed. on an ACER aspier one, (say what you want but its practical) and as you can tell i am running live update/Symantec Endpoint Protection
and yes everything is up to date, i have waxxed the backdoor troj. with no prob. but i am needing help tring to fig. out how to solve this prob so i can make shure i completly killed the attack...thanx

A:No virus scan in safe mode or safe mode with netwrkg

Hi and Welcome to BleepingComputer,

Not all anitvirus programs work in safe mode, I don't know about Symantec but I do know my ZoneAlarm does not. I do not see the reason to run it in safe mode. If you are really wanting to run stuff in safe mode, run SuperAntiSpyware in it and just run your antivirus program in regular windows.

Btw, it sounds like you had something on there that has backdoor capabilities and if that is the case, then unless you reformat the computer, it will never be truly safe again.

11 more replies
Answer Match 55.44%

After attempting to start my Laptop in Safe Mode, it loaded drivers normally only to crash a few seconds later. A prompt message appears but is impossible to read because Windows immediately reboots upon showing the prompt.

Safe Mode with Networking loads normally.

Any ideas or advice?

The computer is an Acer 4743G running Windows 7 Home Basic x64.

A:Cannot access Safe Mode but can boot in Safe Mode with Networking

Hello Zarmaki, and welcome to Seven Forums.

Since it will startup in "Safe Mode with Networking", you might see if using the tutorial below to troubleshoot may help to find a cause.

Troubleshoot Application Conflicts by Performing a Clean Startup

Hope this helps for now,
Shawn

1 more replies
Answer Match 54.18%

Malwarebytes didn't find anything but Spybot found a torgan and fixed it and other problams too. Whats the best malware spyware program out there paid with free trial or free?

A:malwarebytes or Spybot?

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time.See the suggestions in this topic: Supplementing your Anti-Virus Program with Anti-Malware Toolsmvps.org is no longer recommending Spybot S&D (or Ad-Aware) due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products). Further, most people don't understand how to use Spybot's TeaTimer and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. If you don't have understanding how a particular security tool works, then you probably should not be using it. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and in some cases it will even prevent disinfection of malware by those tools.

7 more replies
Answer Match 54.18%

I am running XP media center 2002 SP3 and using safari as my only sucessful browser at the moment.
Each time I download and try to install either Malwarebytes or Spybot Search and Destroy it prompts the Run window which I confirm and then starts the hourglass load icon on my pointer after about 30 seconds or less nothing more happens and the pointer returns to normal arrow. I dont know what is happening and need help so i can diagnose and repair my problems.

A:Malwarebytes, Spybot S&D

HJT log posted.. closing speech posted at other topic

1 more replies
Answer Match 54.18%

I cant run any anti-virus/malware removers, Application tries to open then closes immediately, Im getting New hardware alerts, and rerouted on Google searches. I had the police pro virus earlier this month, but thought I removed it all, Please help! since I cant run hjt heres a win32k log:
Also when I open the win32k log in notepad it only stays open for 2sec before being closed out.

Running from: C:\Documents and Settings\HTA\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\HTA\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1E4.tmp\ZAP1E4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP20.tmp\ZAP20.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29.tmp\ZAP29.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29C.tmp\ZAP29C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point :... Read more

More replies
Answer Match 53.76%

I think something is hijacking my computer but I can't figure out what it is.I've been completely shut out of Spybot, Malwarebytes, and SuperAntiSpywareI can't boot up safe mode on my computer because it won't load a SPTD.SYS then restarts and tries it again..over and over.I'm getting a Viewmgr error pop up when i log into windows.wont let me use SDFix.exe or ComboFix.exe on my desktop...I'm all out of Ideas ..please help.Here is my HijackThis log Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:09:09, on 8/13/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16876)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Charter Security Suite\Common\FSM32.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Charter Security Suite\Common\FSMA32.EXEC:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXEC:\Program Files... Read more

A:Being locked out of spybot, malwarebytes and others.. help?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 53.76%

Good afternoon,When i try to run malwarebytes, spybot or combo nothing happens... here is my newest hijackthis log... please helpLogfile of Trend Micro HijackThis v2.0.4Scan saved at 4:11:15 PM, on 08/15/10Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17080)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AVG\AVG9\avgfws9.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files\AVG\AVG9\avgam.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Intel\Wireles... Read more

A:Cant run Malwarebytes, spybot or combofix

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 53.76%

I've been going along running my anti-spyware and malware every week as I did a few days ago. (I"m using XP).
Everything was fine until this morning in the middle of a Skype conversation, my system slowed down and eventually locked up.
I rebooted and tried to run Malwarebytes and it wouldn't run.

I tried Spybot and got, " No immediate threats were found" and also:
There were problems in the include file
c:\ProgramFiles\Spybot-Search_Destry\Includes\Trojans.sbi.
See Include errors.log for details.

There were problems in the include file
c:\ProgramFiles\Spybot-Search_Destry\Includes\TrojansC.sbi.
See Include errors.log for details."
---------------
Anti-Malwarebytes still wouldnl't run
------------------------
Ran Super anti-spyware and it found some issues.
I turned off and back on.
The system wouldn't come back up so I booted to safe mode.
Turned off again came up but got:
Arco tray is trying to install a library that will load any
time an application is started. I denied it access
--------
Malwarebytes still won't run
I uninstalled it
I installed it from the link at bleeping computer
tried to re-run it - same symptom, won't run

-------------------------------
downloaded dr. web cureit from the bleeping computer site
it was all in russian
i tried to launch it and got an error that it would load
a library any time an application was started. i denied
it and it wouldn't install.... Read more

A:Spybot error, Malwarebytes won't run

Hello,We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

3 more replies
Answer Match 53.76%

Hi,

My IE has been hijacked. Clicking on a link from Google search takes me to other sites. MalwareBytes and SpyBot won't run... I get a message that "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item". I also get an Application Error on dmaupd32.exe. I'm an admin on my laptop. I downloaded HiJackThis to try and create a log for you guys, but get the same message about permissions. What do I do????
 

More replies
Answer Match 53.76%

Spybot S&D TeaTimer vs. Malwarebytes
 
I am unfamilar with Malwarebytes. Does it feature a trojan/virus blocker like Spybot S&D's TeaTimer?
Any examples? I would like to get comparative opinions of the effectiveness of one and the other.
 
Thanks for any feedback.
 
 

A:Spybot S&D TeaTimer vs. Malwarebytes

mvps.org is no longer recommending Spybot S&D (or Ad-Aware) due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products). Further, most people don't understand how to use Spybot's TeaTimer and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. If you don't have understanding how a particular security tool works, then you probably should not be using it. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and in some cases it will even prevent disinfection of malware by those tools.

More effective alternatives are Malwarebytes Anti-Malware and SUPERAntiSpyware Free.

The Malwarebytes Anti-Malware Protection Module in the full version uses advanced heuristic scanning technology to monitor your system and provide real-time protection to prevent the installation of most new malware. This technology runs at startup where it monitors every process and helps stop malicious processes before they can infect your computer. Keep in mind that this feature does not guarantee something will not slip through as no product can detect and prevent every type of malware. The da... Read more

3 more replies
Answer Match 53.76%

I think my Sony VAIO (Windows XP Home Edition Version 2002 Service Pack 3) is infected with rootkit.tdss. Today my PC started browsing weird websites by itself. The browser is not actually visiting these sites in front of my eyes, but when I look in my browser history, there are hundreds of strange websites listed (and more continue to appear few every seconds). My PC is slower now too. Every once in awhile, a game or porn site will pop up onscreen and I close it. I tried to download, install, run and use MalwareBytes and Spybot Search and Destroy. Downloading and installing seem to work. But neither runs more than three seconds. Three seconds into each program, the program closes. If I attempt to re-start and run it again, I am given a Windows prompt onscreen that says Windows cannot find C:/Program and I may not have permission to access.

I've tried safe mode, renamed .exe to .bat, nothing works. My computer has been turned into a zombie. I have Avira antivirus and it didn't see this. Kaspersky doesn't see it either. What is this and can someone help me?

A:Hijacked by something that won't let Spybot or Malwarebytes run

Hello and welcome to TSF.

1) Please download this file and save it in MBAM's folder.

2) Once the fr33.exe is saved in MBAM's folder - C:\Program Files\Malwarebytes' Anti-Malware\

3) Locate and then using your mouse, drag mbam.exe into fr33.exe. Hopefully, this shall free mbam.exe to run.



Make sure you update the scanner, and perform a full scan.

Click on the go to Main Menu and a Notepad will open.
Using Edit > Select all Copy/Paste the report back here.

9 more replies
Answer Match 53.34%

Thanks for looking. My daughter was on the computer earlier, and after she left I went to go on. An error message came up when I went to go on IE regarding "path file not found" etc. I shut the systen down and now when I start up it starts in safe mode. The only way I can start up normally is with a Norton disc ( a couple times). I am in the process of running CWshredder, adaware, spybot, etc. but thought someone could look at this hijack log and tell me if anything smells like a fish?

Logfile of HijackThis v1.97.7
Scan saved at 7:32:46 PM, on 20/06/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\MY DOWNLOAD FILES\HIJACK FILES\HIJACKTHIS.EXE

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206... Read more

More replies
Answer Match 53.34%

Hi guys,

My problem is somewhat complex so please bear with me. I had malware and adware on my laptop which was really annoying and I tried really hard to get rid of it. So I decided I was going to do a system restore. The system restore kept saying "System restore is initializing". I tried it three times and it didn't work. I looked around on the internet, and someone suggested to do the system restore while in safe mode. This is where I made my mistake. I set safe mode in msconfig.exe (not knowing you could go into safe mode while booting). msconfig forces the computer to boot into safe mode everytime, but my safe mode won't boot. I get a b;ack screen with a cursor. I have noticed that the cursor gets reset to the middle of the screen every five seconds or so. I also see the words safe mode flash in all four corners sometimes. I have tried re-installing windows 8.1 from a bootable usb, but whenever I change the boot priority, it doesn't seem to save my settings. Please tell me what my options are. Will replacing my hard drive do the trick. Thank you in advance.

A:I set safe mode in msconfig.exe and safe mode won't boot.

Can you restart and get into your log in screen ? If you can, enter safe mode by pressing the power button icon (lower right corner) then Shift + restart. That gets you to Advanced Settings where Safe Mode and, if that fails, Reset PC to orig settings. If you can't, try a hard reset by removing battery and all external usb attachments and then pressing and holding power button until it shuts down. Repeat a few more times to drain memory, then see if powering up will get you to log on screen.

A system restore in safe mode will just restore the malware. You need to boot into safe mode and run your anti-virus or malware program and have them quarantine and then remove them while in safe mode. Use Malwarebytes free or Adwcleaner or Hitman to clean the system. If that does the trick, manually create a system restore point that you know is clean after the system is to your satisfaction.

12 more replies
Answer Match 52.92%

worm.spybot found by Malwarebytes. Not able to get rid of it! Any counsel appreciated.

Files Infected:
C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmload.sys (Worm.Spambot) -> Delete on reboot.

A:worm.spybot found by Malwarebytes

Can I please get some help with this?
Thanks

2 more replies
Answer Match 52.92%

All past attempts to open any antispyware, malware, virus programs are unsuccessful. highly suspicious of something overriding them to not launch. multiple errors pop up, slow computer, etc. have been happening. any help would be great.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Jordan at 16:03:11.41 on Sun 08/16/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_05
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.3582.2694 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows�... Read more

A:Unable to open spybot, malwarebytes, etc.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 52.92%

Hi,

I have a pretty annoying, and seemingly impossible to remove, problem. Whenever I try to run Malwarebytes, RootRepeal, Spybot S&D, or any other malware/rootkit removal tool, the program will shut down. Immediately afterward, when I try to restart the programs I get the whole "Windows cannot access the specified file...you do not have permission to access the file" error message. I've tried renaming the programs and that did not work. My computer is running incredibly slow. I think I may have multiple problems, but this rootkit is preventing me from solving whatever other problems I might have by not letting me run spyware removal tools. Do you guys have any ideas?

Here is my Win32kdiag log:
Running from: C:\Documents and Settings\tim\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\tim\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS�... Read more

A:Malwarebytes, RootRepeal, Spybot S&D, etc. shut down

Hi,

Just letting you know that I've "resolved" this problem (a.k.a installed Linux until my cheap copy of Windows 7 comes to me).

Thanks anyway,

-D

2 more replies
Answer Match 52.92%

What would you recommend based on your experience?

A:MalwareBytes anti malware or spybot?

Originally Posted by dinesh


What would you recommend based on your experience?



spybot search and destroy and super anti spyware free edition ...get them both

they the 2 best free ones IMO

13 more replies
Answer Match 52.92%

Somehow I got one of those browser hijacker's on my windows 10 pro machine and this has happened once or twice before. In the past the steps were pretty much to go to the 'extensions' part of chrome and find it and disable/remove it and run ccleaner, Spybot S&D, and malbytes anti-malware and at least 1 of the 3 of those would fix it. However, I did those steps and it is still there. Present in Chrome and Edge.. limiting functionality and turning links into redirects.. Any help?

I also uninstalled the suspected program.

More replies
Answer Match 52.92%

Hey guys, I've had my Asus F6A laptop for about a month now and recently i got a blue screen for PAGE_FAULT_IN_NON_PAGED_AREA. Also, when i try to install Malwarebyes and spybot, malwarebyte's stops responding at the end of the installation, and spybot stop resopnding when i try to open the program. It is very strange. Also, I have a NJstar program which is for reading/typing chinese. Whenever i have this program on, and i try to use msn messenger, msn stops responding. Does anyone know what's wrong?

A:Unable to insatll malwarebytes, spybot etc...

If mbam won't install or runSome types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

4 more replies
Answer Match 52.92%

Hello, could you please help, my PC hard disk is constantly on, applications very slow. Malwarebytes Anti-Malware detects infections, but freezes when I try to quarantine. AVG finds a suspect'A.EXE' file in a TEMP folder, but when it tries to quarantine it cannot find the file. I have recently used a P2P application and suspect I have been infected with Malware Rootkit?? Can anyone please help??

Please be patient with me, I'm not very PC tech minded!

Operating Windows XP SP3
AMD Athlon 1.9GHz

Thanks.

A:Help - Infected - Malwarebytes/AVG/Spybot disabled.

Hello can you post the MBAM log/The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Now please Download this Utility and save it to your Desktop.Double-click the Utility to run it and and let it finish.When it states Finished! Press any key to exit, press any key to close the program.It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..

1 more replies
Answer Match 52.92%

are these two programs similar? do they do the same thing? which one is better?
 

A:MalwareBytes' Anti-Malware or spybot?

16 more replies
Answer Match 52.92%

My computer has recently been infected with something that will not allow Spybot to run. I have also tried to run MalwareBytes, but that was stopped from running as well. Additionally, I tried to run a Norton scan, but that was stopped prematurely as well.

Initially, I could get both programs to start a scan, but after a few seconds they would shut down. I have recently noticed that both shortcuts seem to have disappeared or may have even been uninstalled.

I tried to re-install the programs, but the same issue (as described above) takes place - programs run for a few seconds, stop running, then the programs mysteriously disappear from my desktop and Start Menu.

Any assistance would be appreciated.

A:Security programs (Spybot and MalwareBytes) will not run

well, i'm no expert with malware.. though one doesn't need to be for this tip.. there's an obvious thing to do,

And by the way, sometimes they won't even install either.

-TRY- running them from Safe Mode.

I did this for a friend, it solved it no problem. Used MBAM (malware bytes...)

if you google like Windows XP safe mode. I don't know vista, but if you google windows vista safe mode.. you should find lots of websites telling you how to get into safe mode.
Then it's just like windows but with less things loaded. And the malware can have less power , so you may be able to get them installed/running.

19 more replies
Answer Match 52.92%

I can't seem to run Malwarebytes Anti-malware, or Spybot Search & Destroy, everytime I try to run them it says that Windows cannot access this file.
I've tried re-installing both softwares, renaming them and everything, still same error. When I re-install Malware however it attempts to scan but as soon as it trys to attempt, it closes automatically then I can't re-open it at all.

GMER works fine and it detects rootkit activity, and also i'm using ESET NOD32 antivirus and it always seems to detect a threat in my memory but can never clean/get rid of it. All of this just started yesterday and occasionally has been slowing down my laptop quite a bit.

I forgot to add i'm running on Windows XP Professional SP3, I tried using Rootrepeal, and same thing happens. It begins to scan then shuts down, and when I try to reopen it *Windows cannot access this file*

How do I go about getting rid of this infection??

A:I can't run Malwarebytes, Spybot Search & Destroy etc

When I run GMER it detects these as being malicious:

10 more replies
Answer Match 52.92%

Hi all, first time poster here. Anyway, I have a pretty annoying, and seemingly impossible to remove, problem. Whenever I try to run Malwarebytes, RootRepeal, Spybot S&D, or any other malware/rootkit removal tool, the program will shut down. Immediately afterward, when I try to restart the programs I get the whole "Windows cannot access the specified file...you do not have permission to access the file" error message. I've tried renaming the programs and that did not work. My computer is running incredibly slow. I think I may have multiple problems, but this rootkit is preventing me from solving whatever other problems I might have by not letting me run spyware removal tools. Do you guys have any ideas?I'm running Windows XP Home Edition.Thanks for any help.

A:Malwarebytes, RootRepeal, Spybot S&D, etc. shut down

Ok, it looks like there is a rootkitvariant in this log. The rootkit itself is a protection module used to terminate a variety of security tools by changing the permissions on targeted programs so that they cannot run or complete scans. There are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team members or above.Download this Utility and save it to your Desktop.Double-click the Utility to run it and and let it finish.When it states Finished! Press any key to exit, press any key to close the program.It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible. Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the above Win32kDiag.exe log.Let me know how that went.

3 more replies
Answer Match 52.92%

Hi everyone. :D

Ok, I recently had this problem with my browser, I kept getting redirected when doing Google searches. So now I have to resort to using Safari.

I had AVG and Ad-Aware installed, ran them, but that didn't fix it. So I tried running Spybot, but it won't run or open.

I did some research and I found out that I might have to download MalwareBytes and/or HijackThis, so that's what I did. I was able to download both but whenever I try to run these programs, nothing happens. No window or anything.

What should I do? Any ideas?

A:Unable to run Spybot, MalwareBytes, and HijackThis

Hello,let's do it this way then..Please download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automatically open in Notepad.Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.If RSIT did not work, then reply back here.

1 more replies
Answer Match 52.92%

This notebook had antiviruspro2009 running.
I found this and removed.

I still have a red circle with white cross in the task bar that pop ups spyware detection messages.

I have tried to install all the above software with no luck! (I have also looked for Spyaxe and spyfalcon and found nothing)

If I double click the install of any of these programs nothing happens. The HDD buzzs for a moment and the popup appears telling me there is an infection again.

The browser also appears to be hijacked. Clicking the link from the search results of a google search, you are directed to anti virus or spyware sites.

Attached is the results of a month scan of the Random/random program. I hope it has some clues as to what is going on!

Thanks for your time!

Regards,

A:Cannot run HiJackThis, spybot, adaware, Malwarebytes.

Hi,Welcome to BleepingComputer HijackThis Logs and Malware Removal,BigBillyk. My name is sundavis, I will be helping you to deal with your Malware problems today.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.The log you presented had been a few days away. It may not show what it is. In the meantime, please refrain from making any changes to your computer. and please do in the following:Please go to Here and Download System Repair Engine by smallfrogs Extract it to Desktop & double click SREng.exe to run it Select 'Smart Scan' & tick "Verify the digital signature of process modules" Click on the Scan button Before scanning the computer, Close all browsers and other programs except SREng. When finished, click on the Save Reports button & save the log to DesktopIf you're experiencing the problem to run SREng, please right click SREng.exe, rename it to abc.com and rerun it.You can refer to this thread for your reference.In your next reply, please post back SREng log. Thanks

4 more replies
Answer Match 52.92%

Plus I keep getting redirected to sites like lowerprice$hopper.com.

Xp Home, all windows update done, avast anti virus software. Let me know if there is need for other info.

Spybot give me: error retrieving update info file

when I try to run the update software it doesn't run at all, same with malwarebytes.

A:Cannot run or update Malwarebytes or spybot software.

What operating system do you have?

36 more replies