Tech Problem Aggregator

Malware infected PC and can't even run in safe mode.

Q: Malware infected PC and can't even run in safe mode.

Hi guys. I just joined this site and this is my first post. My desktop has been infected with Malware/Viruses and won't boot in any mode (safe, safe + networking, last good setting, or normal mode). The closest thing I get is when i go to safe mode and i get a total black screen with no start button or taskbar and on each of the four corners says "safe mode". However, I cannot do anything else on the screen. (Using laptop right now due to desktop being down)

After some research on the web I found that I could try the Avira Rescue CD and would hopefully remove the malware/virus. It's been almost a week but if memory suits me right, the virus was called Cleanup Antivirus. I also was experiencing google redirects. I have already finished most of the steps on the following Avira rescue cd instructions website:

http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

I am currently stuck on step 7 part 2&3. The reason for this is because in the command line, I type exactly what is instructed but the only thing it does is in the next line says:

"Devices" (text is in a neon greenish-blue font) (This is when i type in "ls /mnt")
When i type in " /mnt " it then says "/bin/ash: /mnt: Permission denied"

Not sure what to do because I have already restarted my computer and tried all modes including safe and normal but am still unable to get my normal computer settings.

I would get my log files with Hijack this and other programs but like i said, the problem is that i cannot run any programs since all i get is a black screen. If any of you could please help me with this problem including how exactly to proceed with step 7 and onward on the link above, I would GREATLY appreciate it.

please let me know if you need any other info, thx guys!

-doozi

More replies
Answer Match 75.18%

My laptop has been infected by malware/spyware. This is the first time i have joined any forum so look forward to your help. I have been working in safe mode since 2 days and need immediate help as this is my company laptop and i need access to programs that i cant get in safe mode.
Below is the HJT log report and attached is DDS. I could not run GMER in safe mode, let me know what to do. I also see that their is an "iexplore" process running in task manager which is a Trojan, as it launches itself after regular intervals even after i kill the process.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:25 PM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr... Read more

A:infected by malware/spyware.. running PC in safe mode since 2 days..need help

Hello and Welcome to TSF.


Quote:




this is my company laptop




We are sorry but this forum is intended for the home user.

Please contact your company's IT department for help and best of luck with your issues.

This thread shall now be closed.

------------------------------------------------------

1 more replies
Answer Match 73.5%

Sorry ahead of time - I'm not sure what the actual malware is.I cannot reach gmail (or if I can, it is very sporadic) - the page displays with the following error:Not FoundThe requested URL /accounts/ServiceLogin was not found on this server.Apache/2.2.3 (Red Hat) Server at www.google.com Port 443I am also not able to get to google reader - it brings me to google itself, and the header image doesn't load.Search results in google and yahoo do not resolve either, but redirect to another site with ads (such as searchclick8.com/....)Finally, if I try to reboot into safe mode, the system reboots again, so if I continue to go to safe mode, it's just a loop of failure and disappointment.I have downloaded combofix but have not yet run it, and I'm including my DDS and GMER logs in this post. Sorry I couldn't give more information, but I'd be happy to look into anything that could further clarify the issue.Thanks!Sorry! Forgot my DDS.txt log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Matt Kowalski at 20:38:18.28 on Wed 02/17/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.231 [GMT -5:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) Copyright Information 5============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files... Read more

A:Infected with malware - no gmail, search results do not resolve, and safe mode loop

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

17 more replies
Answer Match 65.1%

Just a general question:1. When doing a routine scan for viruses and malware, etc. (and just generally speaking), is it better to scan in safe mode or regular mode? 2. If you scan in safe mode, is there anything that wouldn't show up (that you could potentially miss) that *would* show up in regular mode? 3. Or is safe mode just better all around, and everything is covered (plus more) that you'd find with scanning in regular mode?(I'm referring to scanning with AVG A/V, AVG Anti-Spyware, SpyBot (old version), and Ad-Aware SE.)Thanks!

A:Better To Scan In Safe Mode Or Regular Mode For Virus/malware?

Safe Mode is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally run when Windows starts will not run.The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using "Safe Mode" reduces the number of modules requesting files to only the essentials to make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files. Using your anti-virus and anti-malware tools, in "Safe Mode" also speeds up the scanning process. Read "Beginners Guides: Windows XP Safe Mode Explained" and "What is 'Safe Mode' used for and why?"

4 more replies
Answer Match 60.9%

By the way all...This forum is the best and I have read dozens and dozens looking for an answer.

I have had the virus for several days now. I cannot connect to the internet. Malwarebytes finds the same two hijackers everytime I get it to run. Most programs are disabled. I cannot restore because its switched off and switches its self off. No bootrescue disk will run. taskmanager is disabled and everytime malwarebytes runs it is disabled again on startup so I have to change it once more. Sometimes it takes half an hour to boot up so constantly resetting it is a nightmare. Windows defender is disabled since my genuine windows is now labelled a fake. I have scanned countless thousands of files looking for the virus. Deleted the same ones over and over again but nothing has worked. Is it time to boot and nuke, something else I found on a forum.
My computer expertise is very limited. I have tried all the things on every forum I have trawled through. My infection is total and nothing anybody else has done works.

A:Safe Mode Malware

Hello, first of all, could you post me an MBAM log so I can see what keeps getting detected?

1 more replies
Answer Match 60.48%

Hi,My Computer which has Win Xp Sp3 is behaving like it is in safe mode , eventhough it is in normal mode .I noticed this because ,1. Avira Antivir Guard and Update cannot be launched bcz Scheduler is not running.2 . I tried to start scheduler ( under services.msc ) , but can't start it bcz of error 1084 ( safe mode situation ) .3 . I can't use Windows Update , bcz of error Error number: 0x8007043C ( same safe mode condition )4 . I ensured that BITS was set to automatic , but it can't run bcz of 1084 error.I have scanned with Malwarebytes, Spybot S&D , SuperAnti Spyware ( in real safe mode) - No DetectionHere is the dds log ,DDS (Ver_09-09-24.01) - NTFSx86 NETWORK Run by Administrator at 16:45:23.03 on Mon 09/28/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.112 [GMT 5.5:30]AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop�... Read more

A:Safe Mode Error, WinXpSp3 behaves like it is in safe mode even in normal mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 60.06%

Please help!

I have a lot of problems here,
I had pop ups and scratchy noises when I moved my mouse and settings being changed around , Im using Malware bites, Super Antispyware and Spybot and nothing was detected, even in safe mode.
I did a Panda scan and it picked up a trojan and malware which Nod 32 did not, I can not remove Nod32 fully so I can not reinstall a new antivirus.
Thanks

A:no antiviruIn safe mode now with s and a lot of malware

try and get through this-

http://www.techsupportforum.com/secu...oval-help.html

1 more replies
Answer Match 60.06%

A friend of mine asked me to take a quick look at his computer just before he went on holiday as he has picked up a nasty little bit of malware. Bascily its locked us out of the computer completely. On boot up the system (Win XP) goes through all the normal things and we can see the desktop etc. but right at the end of the process we get a full screen with some guff about illegal activity being found etc. and to get it released then we have to pay 100 using bitcash as a 'fine' to get it unlocked.

OK I thought just boot into safe mode and run the usual anti-vius, adware, or Spybot but it comes up even in safe mode. I cannot run any other program or get to the run command or anything as this programme just sites there. CTRL-ALT-DEL brings up the usual screen but if you try and run task manager it doesn't so its disabled that as well.

I tried booting into safe mode with command prompt but thta just hangs. Any ideas how I can stop this bloody thing loading or get to a point where I can access windows ?
 

A:Locked Out by Malware - even from safe mode

Hello shaygate,

Interesting one. I wonder if you can boot the machine from CD? If so try this:

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly



Download the following files to the desktop .. Right click the links and select save as...then select desktop

Rufus

OTLPE_standard

Right click OTLPE on your desktop and select ..Open as archive


Select OTLPE standard



Click Extract, ensure that desktop is selected



Insert the USB stick Then run Rufus

Select the ISO file on the desktop via the ISO icon.

Press Start Burn
Once the USB has burnt then

Download Farbar Recovery Scan Tool and save it to the flash drive.

Reboot your infected system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here
As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.
Locate the flash drive and run FSRT
The tool will start to run.

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

1 more replies
Answer Match 59.64%

I am trying to fix my father's desktop computer, which he seems to have sufficiently filled with Malware. I am having a very hard time dealing with this, and am hoping for some help. Here are some of the things I know so far: It is a Dell running XP. Currently, I cannot run task manager, either in normal or safe mode. I cannot install Hijack This, MalwareBytes, or any other program in an effort to remove anything. Some of the names I have run across are "AntiMalware Doctor", "Security Tool", as well as the "Microsoft Security Essentials Alert" (particularly when I try to run taskmgr or regedit in the normal mode). I have been able to access regedit when in Safe Mode with Command Prompt... That is as far as I have gotten. I found some junk that seems to be related, but each restart brings me the same "Microsoft Security Essentials Alert" when I reboot and try for the taskmanager. As I can't seem to run anything on the desktop, I am using my laptop to try to download any potentially useful programs and move them over with a jump drive, but nothing will load. Any thoughts or recommendations would be greatly appreciated!!!!!!!I was just able to run TDSS Killer in Safe Mode from the Command Prompt, which appeared to be successful. Here is the log... I hope I copied it in right, as it appears huge! TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:442010/09/25 10:48:32.0734 ===============... Read more

A:Computer infected can't even run in Safe Mode!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Answer Match 59.64%

Microsoft did a scan in safe mode, but my computer is still running slow. i cant figure it out. i have one care as my anti virus, and malware bytes. i've ran both and nothing is showing up, any suggs would be greatly appreated.

thanks,
Lindaga35

A:am i still infected? scanned in safe mode already

Please reboot your computer and update Malwarebytes. This time do a FULL scan and post the new log here

5 more replies
Answer Match 59.64%

Browser keeps crashing and PC still very slow. I couldn't do anything unless I was in safe mode. Initially, the icons on desktop were almost completely gone. System is 7 Premium, 3 GB RAM, AMD processor. Thanks for getting me started on getting out of this nightmare.

A:Slow Infected PC; ran JRT and ADW from safe mode

Let's start with a scan using DDS. See if you can get into 'safe mode with networking' :

Download DDS from one of these links:
DDS.com

DDS.pifDisable any script blocking protection
Double click the dds icon to run the tool.
When done, DDS will open two (2) logs: DDS.txt
Attach.txt <--- will be minimized in the task tray

Save both reports to your desktop.
Include the contents of both logs in your next post.

The scan will instruct you to post Attach.txt as an attachment.

9 more replies
Answer Match 59.64%

Hi, last fri I received an email via my yahoo account from UPS ( which I now now is not). I think this is a nasty virus has worms too.Avira scanned the file before I unzipped it, I did not get any warning, even though I had updated avira files before, then it went spirling downhill!!I had so many windows opening up, I immediately disconnected from the net then proceded to virus scan with Avira. At the end of the scan, it could not help as it was infected. I could not open the report, even though there were warnings.I tried Spybot scan which found a majority of problems which I allowed the fix. I did not think it wise to go on the net as I kept getting Internet Explorer pages opening up.All during this time I was getting Norton virus updates and warnings - I dont have nortons so ignored them and did not open any of the files. Just closed at the X them and made sure i was disconnected from net.After spybot cleaned up, I used ATF to clean my temp files and then turned off and re-started.Since then I can not log on to windows, even in safe mode and adminstrator. I tried and logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I cannot seem to get into windows and think I must have messed up somewhere. I have my external drive plugged in and was about to back up my monthly documents but decided to reply to my emails before! Hence now cannot access anything. I have spent the weekend reading forums and page... Read more

A:infected with UPS virus. Cannot log on even in safe mode

I tried ... logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I have spent the weekend reading forums and pages and pages of advise. I read this forum thread as well as thread: http://thinkinginpixels.com/quick-fixes/fi...onlog-off-loop/I really need my documents and cannot afford to loose them as there are files I need to send to my mortgage lender asap.mandyRe: LogOn/LogOff LoopGo ahead with the thinkinginpixels instructions: That is your best chance to get back in to Windows. It will take several hours to complete, and you should then be able to use Windows and retrieve the documents that you need. The instructions provide a series of logical steps that are relatively easy to follow and should lead to a positive result. Any problems, let us knowShould that fail (unlikely) we can help you get those documents by another means.Let us know how you are getting on.'Alien

81 more replies
Answer Match 59.64%

Hi, I had McAfee running and it found a trojan, so i removed it right? For some odd reason my PC restarted(blue screen of death, something about memory) Every time i try to boot normally it gives me the blue screen. so now im in safe mode typing this. I've done multiple full scans on Mcafee and it still says one or more errors could not be fixed because of an error. anyways it been like this all day. I just downloaded avast version 4.8 and currently scanning my system. Any suggestions of help? I'd rather not delete the entire contents of my hard drive and reinstall vista.

I tried downloading Malwarebytes but when i try to run it, it won't open.

Edit 1-avast! Virus Cleaner Tool - version 1.0.211 Ansi

Edit 2- Currently scanning with AVG 8.5 Free Trial Safe Mode

Edit-3 It seems that AVG has cleaned my computer right, i can now boot up normally and my mcafee says im secure.tt

Edit-4 Mcafee is on overload again, my computer got blue screen again. and i am currently scanning with mcafee.

Edit-5 Mcafee has been uninstalled by me and now running avg once more

A:Help, infected laptop, currently in safe mode.

Please help anyone?

10 more replies
Answer Match 59.64%

I'm not able to use internet in regular mode of windows xp. If i restart in safe mode with network support I can access the internet.I have checked everything concerning driver issues etc. The ip is correctly assigned. I have done several scans wit MBAM, I've used registry cleaners, etc. It all started a couple weeks ago when the pc started working very slow. I did a disk cleanup, defragmented the harddisk, did registry cleans, scanned for viruses etc. It was a bit better but not too much. After a few days the internet stopped working on my pc.Is there any solution to fix this problem?Hereby the DDS.txt log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Zjefne at 13:56:09,23 on vr 24/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.447.221 [GMT 2:00]AV: Panda Antivirus Pro 2010 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\A... Read more

A:Infected? No internet, just in safe mode

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 59.64%

I have Wxp Pro on a Dell pc. I get no pop-ups, but programs are slow to open and slow to run. I can't start the pc in safe mode by using F2, F8, F12, etc. When those keys are used, the pc ignores it and starts normally.
When a browser window is open, I can open a site, can scroll thru the site, but can't click on any links or buttons. It acts as if it is just a graphic.
One strange thing, if I minimize the browser window, then maximize it again, I can then surf inside the site.

I have run Ccleaner and Ada-ware. I then ran Rkill, then SuperAnti-spyware and Malwarebytes. Running a full scan on both. SuperAnti found 53 items, quarantined all, but no help. Malware did not find any issues.
I've tried a system restore, but keep getting "can't restore system.......".

Any fast help is appreciated, this is for a school secretary's pc.
Phil

A:Am I infected? Can't start Wxp in safe mode

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C... Read more

9 more replies
Answer Match 59.64%

I would be very grateful for some help sorting out a friend's PC please.

I've read the First Steps page but cannot carry out all of the suggested scans.

When I boot the PC normally, it works very slowly loading XP Home, then suddenly reboots itself before getting to the login screen. I discovered that it will run in Safe Mode with Networking and I'm using it now to create this thread!

I've run dds.scr and the scan result is pasted below. (Attach.txt is included here in a zipped file). When I try to run GMER nothing happens. The egg timer appears for a few seconds but nothing more. I have downloaded SPTDinst-v162-x86.exe. Executing this file results in a popup stating "No SPTD version was detected". The Uninstall button was greyed-out but the Install button looked inviting, so I clicked it and was prompted to re-start Windows. I restarted XP in Safe Mode and it appeared to load SPTD.sys.

Before looking at this forum I was going to attempt a Windows re-install and backed up My Documents onto a USB memory stick, which I then scanned with Avira on a another laptop. This revealed 16 music files, which had been downloaded with Limewire (I presume), all containing the same virus - EXP/ASF.GetCodec.Gen. I've uninstalled LimeWire now.

I have tried to install Avira AntiVir Personal (in Safe Mode) but, after extracting a load of files to a Temp folder, it gets part way through 'Preparing Installation...' then crashes(?).

I don't know what to try n... Read more

A:Infected PC only works in Safe mode - Help please

Please close this thread - I have wiped the system and re-installed XP. It seemed like the smartest thing to do...

1 more replies
Answer Match 59.64%

I have an infection in my DropBox.
I am hoping i disconnected before it got to my local box, but cannot tell because, I logged off/shutdown the system.
Windows 7, booting up, trying to go into Safe Mode, with networking.
As soon as it comes up, I try to log in (Still disconnected from the network, and it reboots the system.
Is this something new, or maybe unrelated?

A:Lucky Infected and No Safe Mode now?

Welcome to BC...
 
This is the second time this week that someone has posted not being able to boot into safe mode. Please
start a new topic in the Malware Removal forum and let the pros see if it is a new malware or just a coincidence.
 
Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
If you cannot complete a step, then skip it and continue with the next.
In Step 6 there are instructions for downloading and running FRST which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.
After doing this, please reply back in this thread with a link to the new topic so we can close this one.
 
DO NOT bump your new topic. Wait for a response from one of the Team Members.

1 more replies
Answer Match 59.64%

I get BSOD when I attempt to boot into safe mode, but can boot into normal mode win xp. Stop code 0x0000000A

DDS (Ver_10-10-21.02) - FAT32x86
Run by John Stacer at 13:54:51.26 on Sun 10/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.769 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
D:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\LxrJD31s.exe
D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\mfevtps.exe
D:\WINDOWS\sy... Read more

A:Can't boot in safe mode after removing malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

28 more replies
Answer Match 59.64%

Hi guys, I'm a long time lurker, first time poster. I've found the forums to be extremely informative here for a very long time and I appreciate everything you guys do.

Neither windows nor safe mode load up after a severe malware infection on a Windows XP SP3 pc.

Unfortunately, I am unable to run any apps in the "Read this first" thread because of this issue.

This occurred on my friend's computer and she asked me to fix it for her; usually I'm good with this, but this issue has me stumped.

- She was browsing a website (she doesn't remember which) when she suddenly got pop-ups and program installation notifications; the classic sign of a malware infection. Unfortunately, she either clicked "OK" on these pop-ups or clicked the X icons in them.
- She was notified that one or maybe two "Anti Virus" programs had been installed in her computer. She went into Add/Remove Programs and uninstalled these two new entries.
- When she rebooted her computer, she got a Windows Stop Error/BSOD just after the normal Windows XP loading screen.
- When she tried to log into "Last known settings that worked" or "Safe mode", these give her BSODs as well.

Here are the Stop Errors:

When trying to log onto Windows XP normally and "Last known good configuration":
(Windows XP screen and loading bar show for a few seconds, and then...)

Quote:




A problem has been detected and windows has been shut do... Read more

A:No safe mode or windows after malware infection

Bumping for reply.

Additional/revised details;

- The infection started while she was browsing Encyclopedia Dramatica.
- While the infection was saturating her desktop with pop-up windows, her desktop became a red screen (all desktop icons were gone), her taskbar was still present but the infection presented itself as a new icon on the taskbar (a red shield).
- During this process, she attempted to run a legitimate anti-malware program (probably Malware Bytes' Anti-Malware) which detected several infected entries.
- The malware pop-ups were covering her entire screen so she was forced to click into one of the windows to try to move it which asked her to reboot her system.....the rest is history. :(

After that point, she's been unable to access her desktop or safe mode and the Stop Errors are as detailed above.

She needs access to her computer ASAP so the sooner we can get it basic shape the better...

1 more replies
Answer Match 59.64%

A couple days ago my laptop, a 7 year old Compaq Presario X1030US, running WinXP, began restarting itself after about 1 to 2 minutes. It booted up normally and I could browse & check email as normal but after a couple minutes it would restart/reboot. Then I could browse & work for another 2 minutes. Restarted in Safe Mode and problem goes away (until I go back to regular mode). Here is my HJT log:Logfile created: 2/9/2011 14:34:05Ad-Aware version: 9.0.2Extended engine: 3Extended engine version: 3.1.2770User performing scan: Phillip*********************** Definitions database information ***********************Lavasoft definition file: 150.270Genotype definition file version: UnknownExtended engine definition file: 8364.0******************************** Scan results: *********************************Scan profile name: Smart Scan (ID: smart)Objects scanned: 29059Objects detected: 75Type Detected==========================Processes.......: 0Registry entries: 0Hostfile entries: 0Files...........: 0Folders.........: 0LSPs............: 0Cookies.........: 72Browser hijacks.: 0MRU objects.....: 0Uncategorized...: 3Removed items:Description: http://www.infospace.com/info/people.htm Family Name: Possible Browser Hijack attempt Engine: 1 Clean status: Success Item ID: 0 Family ID: 538Description: http://www.infospace.com/_1_4NH4UK702CMT5H4__info/wp/index.htm?ver=25809 Family Name: Possible Browser Hijack attempt Engine: 1 Clean s... Read more

A:Possible malware--continuous reboot--OK in Safe Mode

I started a thread at 7:44PM yesterday, for this problem, but I didn't include the requested files. I'm sorry about that. I reread the instructions and hopefully will include the correct files this time. You can look at that thread for extra, possibly helpful, info. Close it when you wish.I can log in and work/read email, etc, for a minute or two then sys. reboots/restarts. This started last week when I took the laptop (Compaq Presario running WinXP) with me on vacation. I can work forever in Safe Mode.Thanks,Phil
 ark.txt   959bytes
  5 downloadsDDS log:DDS (Ver_10-12-12.02) - NTFSx86 NETWORK Run by Phillip at 19:19:45.26 on Wed 02/09/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1431 [GMT -10:00]AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOW... Read more

4 more replies
Answer Match 59.64%

Hi. I just found out that I can?t boot the computer in safe mode. Pressing F8 won?t do anything, it just keeps running in Normal Mode. Windows itself seems to be running fine. I was hoping anyone could help me "decoding" this Hijackthis log, before I try anything harsher, such as reinstalling windows. Please help me on this one, if you see why I can?t enter Safe Mode andhow to repair it, let me know. Thanks, NikmarkLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:26:37 PM, on 10/26/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\WINDOWS\Explorer.EXED:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeD:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeD:\PROGRA~1\AVG\AVG8\avgwdsvc.exeD:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeD:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeD:\WINDOWS\system32\nvsvc32.exeD:\PRO... Read more

A:Cannot Enter Safe Mode, Suspicion Of Malware

Hello Nikmark and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem. Sorry for the late reply, but as you can see we handle more than our fair share of logs. If you still have problems please follow these steps :Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Download gmer.zip and save to your desktop.alternate download site 1alternate download site 2Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.Double-click on Gmer.exe to start the program.Allow the gmer.sys driver to load if asked.If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.Click on "Settings", then check the first five settings:
*System Protection and Tracing
*Processes
*Save created processes to the log
*Drivers
*Save loaded drivers to the logYou will be prompted to restart your computer. Please do so.Run Gmer again and click on the Rootkit tab.Look at the right hand side (... Read more

11 more replies
Answer Match 59.64%

Hi there,

I've had my attention drawn to my sister in laws computer that appears to be causing major problems. it won't open IE or FF but will run Chrome. when trying to place the computer into safe mode the power cuts and it reverts back to booting up. this happens at all versions of safe mode.

I've run an avast boot scan and found several files infected with Win32:rootkit-gen. I've also run malware antibytes with no luck. i'm out of ideas :S


DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 7.0.5730.13
Run by Kathrin Wallace at 20:24:21 on 2011-07-17
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2039.1212 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenge... Read more

A:Unknown Malware preventing safe mode?

Hello and welcome to TSF Virus & Malware support. My name is Taylor and I'll be helping you with your fix.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

9 more replies
Answer Match 59.64%

I have a dell laptop the is infected with the ukash malware.
Only boots up to a rcmp (police) screen saying that it needs me to pay to unlock the computer.
I am unable to boot into safe mode, needs password that I don't have, this is in the computer not caused by ukash.
I have removed the hard drive and have connected it to my desktop computer via a sata to usb connector.
My thought was to work on the hard drive from my desktop.
I am unable to access the drive, it says that it needs to format the drive.
 

More replies
Answer Match 59.64%

My Windows XP laptop seems to be infected with malware and a possible rootkit at this point.First noticed the issue when the machine wouldn't boot up to the login screen.Went to safe mode and ran AVG. Didn't find anything. Ran superantispyware, and was able to update it(unlike avg which doesn't update from safe mode) but it found nil as well.Booted to safe mode with networking and noticed trying to go to google brought up 'kevinsmoneytree'. (frack you kevin)ok, sufficiently freaked out at this point. Manually cut off networking by switching off the wifi hardware button.Ran task manager but didn't see anything weird. I'm worried about my data now so I pull out the external hard drive.Windows backup doesn't work in safe mode. OK, so I manually start copying stuff to the external drive. I notice a folderI haven't seen before. c:\windows\pchealth . Explorer doesn't show much in it but I'm not trusting explorer at this point.I run cmd and drill down into a few of the pchealth folders and there are tons and tons of files in there (xml files). It's got a binaries folder with a dll in it. I finish copying critical files and unplug the external drive. I try to delete the pchealth folder but I cannot,something has the dll loaded. I run process explorer and search for the dll, pchsvc.dll. I find it running in a services.exe process. I kill that process, computer bluescreens. Cr*p. I boot from a XP CD into sys... Read more

A:PC Health malware or ? can only boot to safe mode

bump

1 more replies
Answer Match 59.64%

Didn't find bad drivers preventing safe boot so I'm back here hoping to find cause. Below is link to thread in XP forum:

http://www.bleepingcomputer.com/forums/topic359879.html/page__st__60__gopid__2082635#entry2082635

NTBTlog is last entry in that thread.

A:More can't boot safe mode after malware cleanup

For reference, previous topics, same issue faced by jstacer:Posted 11 September 2010 - 10:38 AM .... boopmehttp://www.bleepingcomputer.com/forums/topic346542.htmlPosted 19 October 2010 - 04:06 AM ...... boopme & Didier Stevenshttp://www.bleepingcomputer.com/forums/topic354506.htmlPosted 25 October 2010 - 06:18 AM .... myrti http://www.bleepingcomputer.com/forums/topic356014.htmlCan't boot safe mode after cleaning up malwarePosted 12 November 2010 - 05:18 AM ... in XP forum ... cryptodan & AustrAlienhttp://www.bleepingcomputer.com/forums/topic359879.html***************************Please do the following: Empty your temp folders using TFC (Temporary File Cleaner) in Safe ModePlease download TFC by Old Timer and save it to your desktop.
alternate download linkRun TFC:
Save any unsaved work. (TFC will close ALL open programs including your browser!)Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally to ensure a complete clean. Scan with SUPERAntiSpyware <<< I am assuming that SAS is still installed on your machineOpen SAS and update the definitions before scanning by selecting "Check for Updates".
(If you encounter any ... Read more

9 more replies
Answer Match 59.64%

I noticed b.exe some time ago would give me these random pop ups with audio. I would just sendthe process putting off a malwarebytes run until I "had time". Finally a few days ago, my entire computer shut down. Program by program. I have not been able to boot into Normal mode since. When I try, I get the black screen. I can boot into safe mode but not with networking as I cannot connect online. I am using another computer to download the things I need to a zip drive and implementing them to the affected computer.

I am a graphic designer and I absolutely must get rid of this virus as it is tremendously slowing down my productivity.

I have read a lot of posts but as instructed by the help forum, I didn't want to take any of the advice given to a specific person.

I have run the dds and have my two logs. I couldn't however run the gmer, it is just unresponsive on my computer as is the ability to run malwarebytes or anything that appears to try to fix the problem.

ANY help is greatly appreciated.

A:Malware (b.exe)- Can't Run Malwarebytes - Can only boot in Safe Mode

hi and welcome to TSF your first stop should be our security forum where a trained analyst can take you through the removal of your virus http://www.techsupportforum.com/f50/...lp-305963.html

4 more replies
Answer Match 59.64%

i was previously working with BOOPME in another forum in trying to clear up an infected PC. The post is called (AntiSpy2011Setup(4).exe - TR/Vilsel.badd and Java/Exdoer.BJ). I followed all of the steps i was asked to do but it seems to have only made the situation worse. Initially I could boot up the computer and run the internet but any attempt at running AV software failed. The virus would block any attempts to update my AV apps and if i attempted to run the AVs the virus would terminate the scan and power down my laptop. That was 2 days ago. Right now i'm at a point where I can only boot up in safe mode. If i try to boot in normal mode i get a black screen and a little scroll bar at the bottom the page. My O/S is Vista SP2. I can access the internet. I was asked to run Old timer and post the logs here.********here is OTL**************OTL logfile created on: 5/11/2011 11:08:33 PM - Run 1OTL by OldTimer - Version 3.2.22.3 Folder = G:\64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 7.0.6002.18005)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free8.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C: ... Read more

A:malware only allowing boot up in safe mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

2 more replies
Answer Match 59.64%

My parents have the OpenCloud Malware on their computer:
http://www.bleepingcomputer.com/virus-removal/remove-opencloud-security

However, when they try to load into Safe Mode they get a BSOD.

I've found a few threads of other people getting BSODs when trying to load into Safe Mode with the OpenCloud Malware.

Any tips for getting past the BSOD to run the linked instructions?

A:BSOD on Safe Mode - OpenCloud Malware

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

22 more replies
Answer Match 59.64%

The following file was loaded while in safe mode, because the viruses I have do not allow notepad to open, presumably for this reason exactly. I could only get this information from hijackthis while in safe mode, and then they wouldn't let me on this website either (404 error), so I am on another computer right now so that I can access this website. Most websites related to tech support and anti-spyware software are blocked right now. Because its in safe mode, all of the information may not be there, but any suggestions are GREATLY appreciated.

Download the original attachment
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:52:15 AM, on 5/20/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\xwusuhzh.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Pa... Read more

A:Tons of malware, log booted in safe mode

Hello facepalm.jpg and welcome,

Considering the issues you stated, and the fact it has been a week since you first posted, please let me know if you still require assistance.

1 more replies
Answer Match 59.64%

Hello my name is Austin,
 
As many other posters this past month, my father recently got infected with the Antivirus Security Pro Malware. I built this computer 8 months ago for my father, so I'm almost responsible for anything wrong with it. I'm a novice at most programming lingo, but I am really good at following processes, as it's what I do for a living. I WILL be donating to the person helping, my father needs his computer to do work this weekend. So before we start this process, I want to say "Thank You" in advance.
 
Any way, I tried doing the bleepingcomputer.com solution for the malware, but I have not been able to enter safe mode (shuts down soon after log in).
 
I read a post today on the first step of run the frst.exe file in the infected computer. Please let me know if you prefer for me to paste the report results within my post or attach the file. Here are the text results:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-IPBE6V6 on 18-10-2013 17:10:41
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msse... Read more

A:Antivirus Security Pro Malware - No Safe Mode

Justsalsa,
 
 
to BC Forums!!
 
Thanks for the FRST report. I am presuming it was run from a USB pen drive.
 
Let's see if the following works for you to remove the Antivirus Security Pro Malware ...

  Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below
Save it to the USB pen drive, and name it: fixlist.txt
 
start
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
HKLM-x32\...\Run: [] - [x]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\   \...\???\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\GoogleUpdate.exe"
C:\Users\RichardRice\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\pvqdkqkjvbllroblbxh.reg
end

Once again, run FRST64 as you did before.
When the tool opens click Yes to disclaimer.
Now, press the Fix button, just once, and wait.
 
When done, FRST produces Fixlog.txt on the USB pen drive.
 
>> Please provide the Fixlog.txt on your reply.
 
 
  If (which I doubt) the computer is still under the 'spell' of the Antivirus Security Pro Malware, look for its shortcut on your Desktop .
Next, go to Control Panel > Folder Options
Click the View tab
Select/check: Show hidden files, folders and drives
Click: Apply > OK
 
Right click on the Antivirus Security Pro icon on... Read more

3 more replies
Answer Match 59.64%

About 2 months ago I switched my laptop from Vista to XP and went to update my display drivers today from what turned out to be an untrustworthy site and was just overrun with malware. Never dealt with anything this over the top. I have symantec endpoint that has caught and supposedly removed several viruses. I have run spybot, superantispyware, malwarebytes anti-spyware all several times and they all supposedly remove everything everytime, but I will immediately scan after the last scan completes and the same viruses pop up.

I've tried launching in safe mode to try an wipe them out that way, but it won't let me. It just reboots when it should be loading. I've tried last known good configuration to no avail. Similar to when i try to run in safe mode. Any help or ideas at this point would be greatly appreciated. It's a personal laptop, but I use it for work and have a lot of info on here I really can't afford to lose at this point...so please, help!

More replies
Answer Match 59.64%

Referred from here: http://www.bleepingcomputer.com/forums/t/275732/help-removing-proquotaexe-from-system-tray/ ~ OBGood Afternoon BC,I have just recently starting getting this issue where I can't update any programs that require internet access to reach their servers. Some programs I've tried are Malwarebytes, SuperAnti Spyware, Windows Defender and even games like World of Warcraft for any patches, etc. The last thing I did prior to this was tried cleaning some junk files using ATF Cleaner but I can't say for sure that's the reason this issue has appeared. I followed the steps shown in the Prep Guide and as requested I am providing you with the scannings log I took today. Appreciate any time you take to look into my situation. Many Thanks!DDS (Ver_09-12-01.01) - NTFSx86 Run by PC at 11:28:30.37 on Tue 12/15/2009Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2413 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\IoctlSvc.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\... Read more

A:Can only update in Safe Mode...is this a virus? malware?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 59.64%

A few days ago, began experiencing slow ie explorer 7 issues-screen grayed out, links wouldn't work, etc. Ran usual anti-virus programs: eset, etc. Some showed no problem, others wouldn't finish running. I could not reboot in safe mode.  Can you help me? 

A:Virus/Malware-Won't boot in safe mode

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

45 more replies
Answer Match 59.64%

Hi, I was told that I should run my anti spyware etc.. in safe mode as it will be more effective. I tried with spybot and it found nothing new, so I was just wondering if I should use safe mode regularly, or only use it for stubborn malware as I see threads recommending it for specific problems.

I would be grateful for any advice

cheers.
 

A:Solved: malware removal in safe mode

7 more replies
Answer Match 59.64%

Hi guys, Not sure what happened here but basically all of a sudden i cannot run any spyware tools, i assumed this was some form of malware and tried to boot into safe mode, but this freezes while loading and wont continue. In addition i cannot install any other programs including Spybot S&D. There are also random issues when browsing, i am re-routed to various random sites when using search engines. For example everytime i click any link on Google i wind up somewhere totally different.I stupidly was running with no firewall or antivirus for a short period after a fresh XP install, hence this happening (doh!).Any advice for me?I can post a Hijack This log if it would help. ThanksEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Cannot run safe mode or any spyware tools - Malware?

Hello,due to the issue with safe mode it is probably best to post the HJT log. go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title Gnd post that complete log.Let me know if it went OK.

2 more replies
Answer Match 59.64%

HI,

I can't restart in safe mode. I know that I have malware/spyware. It appears as 3 icons on my desktop Error Cleaner, Privacy Protector and Spyware Protection - all with the url /shandler.php?id=502&aid=138&pn=5&sand=0&sg=2.

Does anyone know what files I must specfically look for in the registry to remove this trojan?

Thanks in advance.

A:Malware, Spyware - Can't Restart In Safe Mode

Some types of malware can delete or alter the safeboot key in the registry resulting in the inability to reboot into safe mode.Go to Start ? Run and type: regeditClick OK.On the left side, click to highlight My Computer at the top.Go up to File ? Export Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.Choose to save it to C:\Click save and then go to File ? Exit.Download SafeBootKeyRepair.exe by sUBs and save to your desktop.Double-click on it and follow the instructions.When finished, reboot and see if you can access safe mode.Then, if your using Win XP or 2000, do this:Please print out and follow the generic instructions for using "SmitfraudFix". Make sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.-- If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.If you still cannot use safe mode, then run the tool in normal mode.Please download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista)Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover and follow the pro... Read more

7 more replies
Answer Match 59.64%

I am running XP-sp2.

I can't boot to normal mode. BSOD, message eds with:

*** STOP: 0x0000008E (0xc0000005, oxE1917B95, 0xBACEF350, 0x00000000)

When booted to safe mode there is a system try pop-up with various messages and larg poos with sypware warnngs, all directed to window-privacy-protection.com

I have tried spybot search and destroy several times and smitfraud fix several time. Same problem.

Any assistance will be appreciated.

A:Can Only Boot To Safe Mode - Malware Problem

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

5 more replies
Answer Match 59.64%

I have been dealing with what i think is a Malware issue.  I have not been allowed to get into the Windows 7 most of the time.  It has taken me through Startup Repair and i had no luck with it.  Once on the windows, i try to click on anything, it just spins. 
 
Can someone help?
 
I have run Farbar Recovery Scan software and got the following:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2014
Ran by SYSTEM on MININT-JG79J06 on 03-01-2014 18:44:12
Running from G:\
WIN_7 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.
==================== Registry (Whitelisted) ==================
ATTENTION: Software hive is missing.
ATTENTION: Software hive is not loaded.
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]  [x]
HKLM\...\Winlogon: [Shell]  [ ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [ ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
========================== Drivers MD5 =======================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
=========... Read more

A:Boot Loop, no safe mode - Malware or something

Did i not do this correctly?

45 more replies
Answer Match 59.64%

After downloading a program, AVG reported that it blocked an attempted attack and deleted the file. However, I started getting more AVG alerts. I ran Malwarebytes, but it crashed halfway (blue screen of death). When it restarted, I got to just before the login screen and it stopped with only the mouse on the screen. I rebooted into safe mode, and it worked, and ran Malwarebytes and Spybot, both of which removed multiple "threats". I also removed Windows Antivirus 2009 files and registry entries, but I still get browser redirects on Firefox. When I ran AVG, it froze my computer halfway through scanning an iTunes localization file. I ran Malwarebytes and it also froze halfway, though I don't know which file it got stuck on. Sybot, however, found nothing else. I still cannot boot normally, even if I only use services and programs used in safe mode through msconfig. I ran rootrepeal but it also gave me a blue screen, right after clicking "Scan". I ran HijackThis but I don't know if anything will show up because I can only run it in safe mode.

A:Unknown malware, only starts in safe mode

Hello fetchcomms,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

3 more replies
Answer Match 59.64%

Hi Folks, Yes I've got the privacy protection Malware, currently running windows XP on a dell laptop and I cannot start up in the safe mode, no Internet start up or execution of any programs allowed. Looks like I can strip documents & information off but thats about it. Can anyone share my options to cure this problem?

Thanks in advance - L

A:OK I've got the Privacy protect malware & no safe mode

Hello LarsLind,I moved this to Am I Infected.For the connection try these...Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.ORGo to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process..Please follow our Removal Guide here Remove Privacy Protection (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.

1 more replies
Answer Match 59.64%

Hi. I just found out that I can?t boot the computer in safe mode. Pressing F8 won?t do anything, it just keeps running in Normal Mode. Windows itself seems to be running fine. I?ve already uninstalled Nero InCD as I read it might have interfered with the booting process. It didnt work. I have Norton Internet Security, Lavasoft Software, Unhackme, running and they don?t detect anything. I was hoping anyone could help me "decoding" this Hijackthis log, before I try anything harsher, such as reinstalling windows. Please help me on this one, if you see why I can?t enter Safe Mode andhow to repair it, let me know. Thanx in advance PauloLogfile of Trend Micro HijackThis v2.0.2Scan saved at 19:01:01, on 18-07-2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exeC:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exeC:\Programas\Norton Internet Security\ISSVC.exeC:\Programas\Ficheiros comuns\Symantec Shared ... Read more

A:Cannot Enter Safe Mode, Suspicion Of Malware.can You Please Help?

Hello HellsBells81We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privilege... Read more

3 more replies
Answer Match 59.64%

I get BSOD when I attempt to boot into safe mode, but can boot into normal mode win xp. Stop code 0x0000000A (0xF799A354,0x000000FF,0x00000001,0x804E2E51). It always hangs up at drivers/mup.sys. I have not installed any new hardware or software other than suggested malware detectors and cleaners, along with new version of McAfee (which I uninstalled a couple of days ago) and Web Root Security Complete which I am running now.

I cleaned up various malware infections a couple of months ago which involved using safebootkey to access safe boot. Computer seemed to be normal then except was unable to boot into safe mode after cleanup. I then suffered another infection a couple of weeks ago which I cleaned up with MBAM but still unable to boot safe mode. A BC adviser had me send various logs and did some further cleaning with ComboFix and scripts, then declared me clean and suggested I post in Windows forum for help with safe boot problem (http://www.bleepingcomputer.com/forums/topic356014.html/page__pid__2000208#entry2000208).

I have used chkdsk and found no errors on boot disk. I am afraid to use MSCONFIG to force boot in safe mode for fear I will not be able to boot normally.

Any suggestions?

A:Can't boot safe mode after cleaning up malware

Where did you get malware removal assistance?

more replies
Answer Match 59.22%

Hey guys,So my girlfriends computer had a virus on it called Windows System Defender. It installed itself while browsing the internet, no we don't remember what site it was. I looked up ways to remove it and I did everything it said to do and even removed an instances of it from the Registry. It still persists and continues to come back,we think. After running a bunch of virus scanners it appears that I have gotten rid of the original virus but now have a new one that we can't figure out what it is and won't pop up on virus scanners. It also won't let us boot up in safe mood. It gives us a blank blue screen when we try to do so. I have posted a HJT log to see if that will show anything. Any help is much appreciated. Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:20:16 PM, on 11/3/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system... Read more

A:Infected With Virus and Can't Boot to Safe Mode

Problem has been resolved.

2 more replies
Answer Match 59.22%

I am visiting my kids and my ex-in laws got scammed by a FakeAV.  The person they talked to installed windows 8 and now it boots only to safe mode. 
 
Here are the Hijack This logs, DDS logs.
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:12:54 PM, on 8/29/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17028)

Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Ron and Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89NEVL99\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSear... Read more

A:Not exactly sure what computer is infected with but boots only to safe mode

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/546184 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 59.22%

Hi,

Had Issues for a while with being directed to random sites while using google and random pop ups,

Had the Yellow shield pop up in the task bar telling me i had to restart the system, after restart the Colour of the font in Firefox had changed to black and was running slow and freezing, 3-4 minutes in and the system would freeze only relief being the restart button.

3/4 restarts down the line im here , after the Windows XP loading screen goes off the screen just stays black no welcome page

EDIT EXTRA: It seems the wpa.dbl fil was modified at the time of the attack

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:42, on 15/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.micros... Read more

More replies
Answer Match 59.22%

Hi all,

My computer started running verrrrrrrrrrrrry slowly two days ago. It's so slow that nothing is usable. I tried to do a system restore, but all restore points are gone before April 30. Restoring the April 30 restore point fails with an error.

Tried various spyware and rootkit removal software and nothing helps. Desperate...

Here's my HijackThis log:

Thanks! Bob

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:35 PM, on 5/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http... Read more

A:Computer infected? Only runs OK in safe mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as... Read more

2 more replies
Answer Match 59.22%

Hi - I am running a win 7 OS and am infected with the FBI moneypack virus. It is not allowing me to enter either 'safe mode' or 'safe mode w/ networking' or 'safe mode with command prompt'.

When I log in to the computer using a different user I don't have this issue.

Can you please help?

A:FBI Moneypack Virus - Infected even in safe mode

Hi gsms123

I will be handling your log to help you get cleaned up. Please give me some time to do up a fix and I will get back to you as soon as possible.

White Warrior

23 more replies
Answer Match 59.22%

Hi,
My computer is running windows 7 64bit and got infected with win32.sality.bh. I am not able to run any program except kaspersky. I had a full scan and removed all threats it could find but apparently the so called anti virus is not as powderful as it described. i still cant open any program. I tried to run in safe mode but cant do it without msconfig. any idea how can i run in safe mode? thanks in advance.

More replies
Answer Match 59.22%

My XP machine has a problem.  It gave me the Moneypak page on boot up and won't boot into safe mode.
 
I made a ubuntu startup disk and used that to backup my data files.  Also, ran some antivirus boot disks (Kaspersky, Bitdefender, and AVG), but it did not fix the problem.  However, they did get rid of the Moneypak page that was showing on startup.  Now when doing a normal boot, I see my desktop for about 1 or 2 seconds, then get a beige screen which changes quickly to a white screen and hear the hard drive spinning - probably loading things.  When I hold the power button to reboot, the blank page shuts down and I can briefly see my normal desktop full of icons again. Not enough time though to run any programs.
 
Since I can access my files by booting into Ubuntu, I assume the problem could be fixed by manually removing the right files or making some other changes, but I don't know which.
 
Can anyone help me get my machine working again?  Your assistance is much appreciated.
 
 

A:Infected with Moneypak - can't boot into safe mode

Hello and welcome to Bleeping Computer. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.Are you booting Ubuntu from a CD? Do you have a USB flash drive available?

more replies
Answer Match 59.22%

Today, my laptop became infected with the FBI malware.  It has disable my ability to use Safe Mode in any way. 
 
Through reading on this site and Norton, I found initial instructions on downloading FARBAR Recovery Scan Tool.
 
I urgently need assistance.   Thanks.
 

A:Infected with FBI Virus - Safe Mode is not accessible

Hello anewbie1! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems.Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions. Please download Farbar Recovery Scan Tool and save it to a flash drive.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Plug the flashdrive into the infected PC. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.If you are using... Read more

3 more replies
Answer Match 59.22%

Hi Guys,

My WinXP Sony Vaio VGN-215M has been infected by what the Dr. Web demo identified as 'NTRootkit.83'. The first symptom I noticed was .EXE files starting to disappear, including my Norton Antivrus. Another problem I noticed is my wireless network connection has disappeared (no networks show up anymore).

I have tried a variety of tools including the McAffeee Rootkit tool beta, but it seems this one is still sticking around. Dr. Web support indicated I should reboot in safe mode and then run Dr. Web to remove it, BUT; when I try a reboot in any form of safe mode, it:

a) reboots
b) shows the loading screen, and then goes through a list of drivers on the bottom of the screen
c) reboots itself back into normal mode

So effectively I cannot reboot into safe mode.

I have output the following Hijackthis logfile, if this helps:

Logfile of HijackThis v1.99.1
Scan saved at 8:19:25 PM, on 16/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Apoint\Apoint.exe
C:\Programme\ATI Technologies\ATI Co... Read more

A:Infected with NTRookit.83 - Can't reboot in safe mode

Still getting nowhere.

Installed Dr. Web antivirus, and just like my Norton, the .exe files for the program disappear. This is one nasty litte trojan.. please help!
 

1 more replies
Answer Match 59.22%

Hello,

I'm using a spare computer to try and resolve an issue with my laptop.

Earlier I was using Firefox but Internet Explorer suddenly began to pop up. After a few tries using Task Master, I was able to shut off IE. But I wanted to search for any trojans or viruses and attempted to scan using Malwarebytes. This program shut down after a few seconds of scanning. When I attempted again, it said "Windows cannot access the specified device, path, or file."

I tried to run HijackThis in Safe Mode to try and get a log but got the exact same message as above about Windows not being able to access.

Any assistance would be GREATLY appreciated!
 

A:Badly Infected - Cannot Run HijackThis in Safe Mode

16 more replies
Answer Match 59.22%

hi i'm new to the forum, and need some serious help. i clicked the wrong thing, and now i have some virus on my computer, here is what i have tired so far

1. I ran my virus software AVG, but when it starts scanning, it goes like 5 mins then just shuts down, the program still stays open but the scanning window just shuts without completing the scan

2. I ran Ad-ware, and it scans till it gets to the HKEY scan then locks up.

3. I made system recovery disks through the AVG software, but i can;t get the computer to boot of the disk, and i don;t know how to get it to work.

4. I tired restarting in safe mode, to run the virus programs again and the computer will not go into safe mode, it says there was an error and i must start it normally.

following systoms:
-when i start internet explorer it goes right to google, and types in "free porn" and searches out....(no idea why it does this)
-when i open up my documents, windows freezes and has an error then shuts down
-when i start the computer a toolbar pops up on the right side with ads for spyware, porn, insurance and other things.
-also some other things, i can;t really explain

now i been reading on here about HijackThis, so i downloaded that and got the log file. I also got Ewido, i ahevnt; ran a scan yet. i know a little about computers but i can't get anything to work or get this thing off. so here is the log file
------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:50:45 PM, on 12/... Read more

A:Infected and wont restart in safe mode

14 more replies
Answer Match 59.22%

I am available Mon - Thur, but will monitor my post and go to the computer if necessary over the weekend. This is an elderly woman's laptop done as a volunteer project and I will receive no compensation for my services.
 
I get redirected trying to go to bleeping computer and had to use safe mode to download and post.
 
Here is my log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17344
Run by Judy Gilman at 9:28:45 on 2014-11-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4008.3250 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wbem\wmiprvse.exe... Read more

A:Win 7 infected with redirect. Can only use Chrome in safe mode.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554855 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 59.22%

XP Pro SP3 machine boots fine normally but can not get past the driver loads in safe mode. It just starts over. Seems to stop at the MUP.sys line. I've copied in a different MUP.sys file but it didn't help.
Original problem is something is starting up about 9 instances of Windows Explorer in full screen on multiple advertising sites and hanging the PC for a while. Also get memory location errors popping up at regular intervals. Memory test is good and the sticks are now 4 days new but still get the errors that don't hang anything but the messages just reoccur.  
Ran Malwarebites and deleted old user profiles, temp files and got Windows updates current. Didn't see any odd programs installed or notice any crazy processes but haven't sorted each little one out yet. Have antivirus on it but not detecting anything.

A:XP Pro Infected boots OK but not booting into safe mode

Video card or internal?

2 more replies
Answer Match 59.22%

A user came to me with a laptop that does not connect to the internet at all in normal mode. (Wired or wireless, DHCP or static IP, IPv4 or IPv6)
Connects to the network perfectly fine, but no internet connection.
Unless in safe mode then the internet works just fine. (which led me to think malware was the root of the problem)
Nothing else appears to be wrong/off; just lost internet connection.

disable/enable adapter... nothing
ipconfig /release /renew... nothing
ipconfig /dnsflush /dnsregister... nothing
Tried new drivers... nothing
reset winsock... nothing
Scanned with McAfee... Clean
Scanned with MBAM... Clean
rkill... clean
tdsskiller... clean
running a hjt now, but thought I would post here first and see if it may well be something else.

NOTE: If you think this should be posted in networking then let me know and i'll gladly create a new thread there. I will not post my HJT until recommended, and that will go into the appropriate thread

Thanks in advance for your help. I've been using this site for years, first time I couldn't find a fix and need to post.

A:Internet Connection In safe mode only. Am I infected?

Uninstall your antivirus and let us know if you can connect

1 more replies
Answer Match 59.22%

I've been in France the last 9 months studying and when I came back, my parents told me to look at their computer since it has been acting weird and they could only use it in safe mode. They had been using it without any virus protection it seems. So I dowloaded Super antiSpyware, MalwareBytes and Avast, and scanned the computer with each of them. Superanti spyware found about 1700 infections, malware bytes found 260 more, including koobface.worm, and avast found 4 viruses. I managed to be able to start the computer in normal mode but it freezes many times, so it is very ineffective to use it like that. I don't know what else is wrong with it as I've run out of knowledge of how to fix the problems. I managed to run DDS in normal mode, but was unable to run gmer, both in normal and safe mode. It said there was an unexpected error and it must close.Here is my dds log. Anything else you'd like me to do, just tell me.DDS (Ver_10-03-17.01) - NTFSx86 Run by David at 1:35:00.38 on Sun 06/06/2010Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.1915.1146 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLau... Read more

A:was infected with koobface.worm, must use safe mode

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore... Read more

3 more replies
Answer Match 58.8%

I have a scenario where I will want to boot into safe mode (FBI Virus) and run Malware Bytes from a USB drive. My concern is that in Safe Mode I will not be able to execute the install because of the limited functionality. Will this work?

A:Installing Malware Bytes from USB Drive in Safe Mode

Hi and welcome to SevenForums!

Don't know, haven't tried. But Malwarebytes have a special program for this kind of scenario: Malwarebytes | Chameleon - Free Malware Removal Tool

"Malwarebytes Chameleon technologies gets Malwarebytes Anti-Malware installed and running when blocked by malicious programs."

9 more replies
Answer Match 58.8%

Hello guys,I am just wondering whether can you guys help me to get rid of this pest? I think it's called Razespyware. I am not sure but that's the one that keep popping up. Not to mention a dozen of others. I think i have more than 1 malware cause i remembered i search with spybot before and it returned with 6 identified spware. Help .. I can't seem to get rid of it and worst of all, I CAN'T boot in safe mode. I tried to go in but something like 'mlti//ard ..disk .. dunno what partition' came out instead. I can boot in normally but i can't access another program or another website other than RAZESPYWARE !!!! But luckily for me, i have downloaded HijackThis earlier on and i am posting my log here. Please teach me what to do. Million of thanks in advance :DLogfile of HijackThis v1.99.1Scan saved at 7:19:03 AM, on 12/1/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBB... Read more

A:Terrible Malware - Razespyware? Xp Won't Start In Safe Mode

Hello,I have bad news for you. Your system is badly compromised. Razespyware is only a small detail if I compare with the rest what is going on on your system.You don't have only several variants of stubborn spyware/adware present, You also have several trojans/viruses/worms/backdoors present as well which already damaged a lot, collected your passwords and other personal info... your system is no longer trustworthy and you infect other systems as well.I think none of your scanners are up to date.So you really need to decide what to do here. If we clean this up, I can't promise we could restore all the damage it already caused. I can't promise we'll be able to find and clean everything, because this type of malware hides deeply in your system, so I can't promise you'll be able to trust your system again afterwards.So the decision is yours, but if I were you, I would reformat my system and reinstall windows. Please update immediately to Service Pack2, because I see you're still having Service Pack1 installed, which leaves your system vulnerable.So, what do you decide?

2 more replies
Answer Match 58.8%

Hi,

Vista SP2, had a Malware attack and the Laptop shutdown.

I can no longer reboot into normal mode BSOD just after Ctrl Alt &Del apprears and it will only let me reboot into safe mode.

When I run Malwarebytes in Safe mode it finds Adware.MyWebsearch Registry entries, but on each reboot they are stll there.

When starting in Normal Mode I get a BSOD STOP:0x0000008e error just after the Ctrl, Alt & Del screen comes up.

Tried last known good from F8 and still the same.

Any ideas?

A:BSOD on normal startup, Safe mode OK, after Malware

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

2 more replies
Answer Match 58.8%

I was recently called to help a friend with a spyware attack. The visible threat was a version of the Internet Security Suite 2010.

Safe-Mode was disabled, taskmanager was disabled, the installed AV/Firewal/Spyware product was "running" but had obviously been compromised (Trend Micro Internet Security Suite).

MBAM was having trouble getting installed, even after re-naming the file (I see now that your 'site has added an "mbam.exe" download). I had previously found a link to your ComboFix app, and had downloaded it (I see now that you guys have added a lot of warnings about using it). I ran ComboFix and it worked superbly (Thanks!). And I will be getting MBAM running on it to double-check the cleaning process, as ComboFix reported rootkit issues.

Upon returning to your site I now see all the warnings about using ComboFix. I'll certainly be a lot more circumspect about using it in the future. But after all that I have a few questions.

1. What issues are you seeing as a result of ComboFix being run on Windows XP systems?
2. Is Vista more tempermental than XP for a ComboFix attempt?
3. If the threat worked-around the installed Trend Micro Internet Security Suite in the first place, is that software any good now, post-infection? Or does it have to be replaced/re-installed to have any chance of being effective again?
4. Are you seeing any problems with AVG 9.0 / ZoneAlarm/ Ad-Aware/ MBAM (free)?
5. Do you recommend doubling/tripling-... Read more

A:Malware suite disables safe-mode & MBAM

Forgot to ask: Are you seeing any issues with using USB drives to install the fix-it tools? Can the USB drive be compromised itself?

I used to burn CD's of the tools, figuring it was a safe method to use to install the tools, but with the updates coming so fast, I was going CD's like mad, and the USB drive is so dang handy...

1 more replies
Answer Match 58.8%

simple question, is it technically possible for malware to hide itself such that even in windows safe mode it is not detectable by scanners? 

A:question about whether malware can hide itself from scans even in safe mode

Simple answer...
 
Yes, many malware instances can only be identified manually, by the right person who knows what they are looking for.

4 more replies
Answer Match 58.8%

Hello,

First I'd like to say good job to all you dedicating your time into helping out others. Services like these don't come free outside so thanks so much!

Well, I'm almost certain I have a malware/spyware on my laptop. Visiting this website with ads, Avast picked up a potential virus and it seemed like it blocked it however afterwards, my laptop wasn't the same. I've been noticing web browsing was slower, each page I went to would freeze for 15 seconds or so. Then I tried browsing my own computer and I can't do that at all. If I try to open up "My Documents," the computer would just end up freezing and I would have to restart.

I also tried doing an Avast scan however it wouldn't finish since the computer would freeze in the process. So I'm having to do EVERYTHING in safe mode.

Tried:
- Using Ad-Aware
- SUPER AntiSpyware
- CCleaner

Computer Spec:
- Windows XP
- 105 GB HDD (58GB used)
- 1 GB Ram

I did/used those in safe mode though so not sure if it would work fully. Please help me out with this issue, Thanks in advance!


DDS (Ver_09-02-01.01) - NTFSx86 MINIMAL
Run by Alex at 19:55:10.85 on Wed 03/04/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.789 [GMT -8:00]

AV: avast! antivirus 4.8.1335 [VPS 090304-0] *On-access scanning enabled* (Updated)
AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Outdated)
FW: PC-cillin Internet Securit... Read more

A:Running Safe Mode // Suspected Malware Issue

Thought I might bump this thread, it's been just about 72 hours. Here's hoping to get help, if not, I will have to go with re-format however I'm afraid of losing important applications and whatnot.

So, 'normal' mode is unstable and basically unusable and I can only use Safe Mode. Currently I'm using another computer to access the net.

15 more replies
Answer Match 58.8%

Hi anyone.
I have a Dell Dimension 2400 running XP home edition. I am now running safe mode after downloading service pack 3.
Had the blue screen run. I have run the diagnostics in the BIOS and everything passed.
Cannot download and run SuperAntiv. as the computer just reboots whenever it feels like.
Cannot run Combo fix either.
Ran Killbox to delete temporary files.
Ran CCcleaner and cleaned everything out.
Ran Malwarebytes and cleaned out everything there.
Including some scan files and actually hoping I have a way out of this loop hole. I cannot upload from exporer so I will post files later from Firefox
Cheers Jan
 

A:Bluescreen, now must work in safe mode. Malware or bad computer?

I have enclosed my Hijackthis log and Malwarebytes log. I did find some malware which has been removed.
Thanks Jan
 

2 more replies
Answer Match 58.8%

Hi,

I've got a little problem (why else would someone post here).

I am stuck in safe mode (thought it doesn't say safe mode in the corners)

Malwareantibytes & superantispyware seem to have taken care of the causes, but now I am left in safe mode and have no internet connection. I guess this falls under the heading of "what do I do".

As usual, I need this fixed right this second! (just kidding, this machine usually just sits. It was infected/attacked buy just being connected and not being used.)

If its not to inconvenient, I would like to know not just what to do, but why and what expected results should be.

Please let me know what info you need to help me sort through this "little challenge".

oops forgot: XP Pro, Intel p4 2.8, 1gig ram, intel pro onboard network card. More? just ask.

tia,

I fully accept responsibility for this machine going down, and have a sense of humor about it. I just cannot take computer problems that seriously, its just not the end of the world, but I know when I am licked!

Andy

A:Stuck in safe mode, Viruses/malware removed (I think)

Right click on the C drive in Explorer and go Properties > Tools > Check Now (under Error Checking). Check both boxes then click "Start Now". A message will pop up saying that Error Checking will run after you restart the computer. Restart the computer and Error Checking will run automatically after the restart. After it?s finished it will restart into Windows automatically.

9 more replies
Answer Match 58.8%

I used Malwarebytes 1.41 and Norton 360 to clean numerous infections including trojan.dropper and infostealer.gambass. Internet was working but the virus kept redirecting internet explorer to maliciouscodeblock.com. Malwarebytes got rid of it but now the internet only works in safe mode.
I will paste 2 sets of logs. First taken during safe mode scans the next 2 while XP is regularly loaded.
DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by ibm at 20:02:26.94 on Wed 11/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.214 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ibm\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\le... Read more

A:Some Malware caused internet to work only in Safe Mode

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Answer Match 58.38%

okay... so i was trying to get into safemode so i could run an antivirus scan, problem is whenever i tried going in safemode the blue screen would pop up and computer would restart. now for some dumb reason i thought maybe i could get in safemode if i used msconfig and selected safe mode from the boot menu. so the computer restarted and now it boots in safemode but the blue screen and restart happen everytime now. ive tried "start windows normally" but that boots in safemode.... ive tried "last known good config..." and that too boots in safemode. so now im stuck, i cant get on windows. any help please?

im willing to start over but i dont know how to do that from here
 

A:STUCK in safe mode boot, safe mode doesnt work and restarts, REPEAT

11 more replies
Answer Match 58.38%

I've tried everything I. The F8 menu, I'm in a reboot/launch repair loop.
I've tried kaspersky recovery disk and advair boot disk and can not get the virus off so I can atleast boot into windows and fix this.
Ideas? Should I try FRST64?

A:Infected with a virus can't boot windows even into safe mode

 

Should I try FRST64?

 
Please do and post its report.

3 more replies
Answer Match 58.38%

The compter is locked.  I have tried to restore system earlier date- did not work.  I get into the advance boot options window but when I chose either of the safe modes-  it shuts down before I can get to anything-Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum, at the request of Malware Removal staff. ~ Animal

A:fbi money pak virus removal- has infected my safe mode- HELP

Don't give up on System Restore after one try!  I have removed this virus twice this week for people and they have a newer version than anyone talks about on forums or can see in removal videos on Youtube. 
 
My solution was to run system restore more than once trying a couple different restore points till one completed successfully.  In one case, it said it was unsuccessful but when the computer rebooted normally afterwards, it actually was successful.
 
Press F8 when rebooting to bring up boot options and select "Repair Your Computer".  Log in as administrator and select system restore and try again if you can on an available restore point before the infection.  It may take a few tries.
 
Post back here if it is not.

15 more replies
Answer Match 58.38%

Hi all - this is my first ever post to a forum - normally I google my problems and find the solution, however this one seems pretty gruesome. I have checked around various forums for a day now, with no luck so far. As I am new to this, please excuse any gross violations of etiquette Here is the scenario:

A friend of mine from work approached me about some of his computer problems (frequent pop-ups, etc...), as I installed AVAST! Home for him a few months back. (His PC specs are: - compaq presario desktop, windows XP home SP2, AMD Sempron 3200+, 1ghz, 512m RAM, 80gb HD)
I suspected that he had not kept his free registration current, and that Avast expired and he had accumulated some viruses, spyware, trojans, etc... So trying to help out, I met him at the computer store, recommended that he purchase Zone Alarm Internet security (antivirus, anti-spyware, firewall...) and installed it for him. After installation, a dialog box opened suggesting I restart the computer, which I did(thinking back to my own machine, I do not recall having to restart after installing zone alarm - I think I may have inadvertently messed up here, because I had not even scanned for viruses/spyware, yet once the computer restarted, it would not boot normally) - I had to start in safe mode with networking. I figured that I would scan for viruses in safe mode anyway, and that should get rid of whatever was causing the problem. Found 39 infected files - Zone Alarm cleaned all but one of them - it reported... Read more

A:Severely infected computer - will now only boot into safe mode

6 more replies
Answer Match 58.38%

Hello,
 
I have a Dell laptop which is infected with Infected Antivirus Security Pro, will not let me start in safe mode:
Windows 7 Home Premium, P4 Dual Core T4300 2.10GHz, 4.00 GB,  64Bit 500GB HD.
 
I tried running malwarebytes and all .exe file execution are blocked by Antivirus Security Pro, tried to restart in safe mode as soon as it gets to desktop it shuts down and restarts.
 
Need help removing please, Thank you

A:Infected with Antivirus Security Pro, will not let me start in safe mode

Before you do anything just try and "activate" it using this code, its a longshot but sometimes it works and you will be able to run malwarebytes and other tools
 
AA39754E-715219CE
 
See video for help on to do this
http://www.youtube.com/watch?v=y58O8bqx9sQ

6 more replies
Answer Match 58.38%

Can anyone help? This is an old computer- but I have always been able to use it. My daughter decided to "borrow it" and it hasn't been the same. I downloaded "hijackThis" and here is what it showed: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:05:20 PM, on 11/2/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18319)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files\Gamevance\gamevance32.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\IObit\Advanced SystemCare 3\Awc.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\Sear... Read more

A:Computer Infected? Keeps showing desktop in safe mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Answer Match 58.38%

Hi, Suddenly today our PC shut down spontaneously.  I can turn it on and sometimes get to the safe mode screen, but when I hit enter to get safe mode, the computer once again shuts down.  If I immediately try to restart, the computer won't even get to the first page without shutting down.  What to do?
thanks!  Barbara

A:Infected? Computer won't start long enough to get into safe mode

Is Safe Mode with Networking any better? What is your Operating system? Did you notice if you had any malware pop up or you were removing some before this happened.

4 more replies
Answer Match 58.38%

I have a relatively new Vista Home system which was running fine until last night, when running an exe windows showed the command prompt listing keygen.exe, and serial.exe. Then another was listed, and Windows said something had stopped responding, and it would shut down in 1 minute. It restarted, and after the boot screen, microsoft loading bar the screen usually just remains black, and eventually reboots. Sometimes you see the vista logon scree and it says please wait, only to go black and do the same. Although there's also a short delay with a black background only with a cursor, I can load in safe mode. Here I've run a full AVG anti spyware (formerly ewido) scan which some stuff, unfortunately I can't find reports of that or Avast AV I ran, but I thin it picked up a keygen archive, and deleted 1/2 trojans, moved some other stuff to the chest. In add/remove programs I've found an un-installed some oberon media entries, including big kahuna reef 2, galapago, and others. It's still the same, desperate for help, thanks in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:22, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Minefield\firefox.exe
C:\Users\Kristian\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Pa... Read more

A:Infected with trojan, Vista won't start aside from safe mode

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.




Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

----------------------------------------------------------------------------------------


I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.


Installed Programs

Please could you give me a list of the programs that are installed.Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and ... Read more

3 more replies
Answer Match 58.38%

I have a relatively new Vista Home system which was running fine until last night, when running an exe windows showed the command prompt listing keygen.exe, and serial.exe. Then another was listed, and Windows said something had stopped responding, and it would shut down in 1 minute. It restarted, and after the boot screen, microsoft loading bar the screen usually just remains black, and eventually reboots. Sometimes you see the vista logon scree and it says please wait, only to go black and do the same. Although there's also a short delay with a black background only with a cursor, I can load in safe mode. Here I've run a full AVG anti spyware (formerly ewido) scan which some stuff, unfortunately I can't find reports of that or Avast AV I ran, but I thin it picked up a keygen archive, and deleted 1/2 trojans, moved some other stuff to the chest. In add/remove programs I've found an un-installed some oberon media entries, including big kahuna reef 2, galapago, and others. Tried system restore which couldn't log in, with same black screen problem. I'd rather not re install as I the systems nicely setup, plus I don't have Vista Home Premium CD, only an ultimate which. It's still the same, desperate for help, thanks in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:22, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network suppor... Read more

More replies
Answer Match 58.38%

Hello, I have probably 20 hours into trying to repair a Dell Inspiron 6400 running Windows XP Pro. The most frustrating part of this is that tools that I believe might help, such as Malwarebytes AntiMalware, Hijack This and RootRepeal are being blocked from installation or running by something...even in Safe Mode. I have tried the rename files names to get them to work...they still do not open. It is the "something" that I have been unable to find.
I was able to load Spyware Doctor, but when scanning it would hang up on one program...so it never finished. I was able to run Virut (it cleaned files, unable to open some) and right now Symantec Trojan.Vundo Removal Tool is running.
I have done a Windows Repair Installation which means I rolled back to SP1. I can get Internet access in Safe Mode, not in regular mode. When I try to update Windows it stops in the middle and says I have an error. I get a "spoolsv" error when the machine starts. From reading it appeared this is a Windows update issue. I did look for excessive SPL's and there were none. When in Internet Explorer I get the red letter warnings that I am infected with 18 trojans and should scan my machine. I did not click on scan my machine. Typically when trying to go to a antivirus/malware site I am blocked or Explorer/Mozilla closes.
I got regedit to work by renaming it reg-edit. The other above mentioned programs did not work even when renamed. Another program that will not work... Read more

More replies
Answer Match 58.38%

Hello,

Could someone please help, I have lost control of my laptop. If I boot into normal mode the computer freezes and I have to turn it off manually. In safe mode I cant run Hijackthis or Avast. Microsoft Security Essentials cannot update.

Malwarebytes Anti-Malware has not found any infections.

I have ran TDSSKiller and pasta the log below. It found 8 threats but dont know what to do it them.

Im running Win 7 Pro.

Any help would be much appreciated, thanks
15:00:04.0499 2600 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
15:00:04.0619 2600 ============================================================
15:00:04.0619 2600 Current date / time: 2012/06/21 15:00:04.0619
15:00:04.0619 2600 SystemInfo:
15:00:04.0619 2600
15:00:04.0619 2600 OS Version: 6.1.7601 ServicePack: 1.0
15:00:04.0619 2600 Product type: Workstation
15:00:04.0619 2600 ComputerName: Scorpio
15:00:04.0619 2600 UserName: Administrator
15:00:04.0619 2600 Windows directory: C:\Windows
15:00:04.0619 2600 System windows directory: C:\Windows
15:00:04.0619 2600 Running under WOW64
15:00:04.0619 2600 Processor architecture: Intel x64
15:00:04.0619 2600 Number of processors: 4
15:00:04.0619 2600 Page size: 0x1000
15:00:04.0619 2600 Boot type: Safe boot with network
15:00:04.0619 2600 ============================================================
15:00:05.0039 2600 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder... Read more

A:Badly Infected - Cannot Run Avast or HijackThis in Safe Mode

Hello again, I was reading through other posts and installed combo fix. Maybe this might be of some help too

Thanks

ComboFix 12-06-21.01 - Administrator 21/06/2012 15:44:35.1.4 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.353.1033.18.8089.6972 [GMT 1:00]
Running from: c:\users\Administrator.AccessCentre-PC\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Access Centre\AppData\Local\TempDIR
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\instsrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 13:50 . 2012-06-21 13:50 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BFA3D38-DCC1-4969-9747-699DB7E1B76A}\offreg.dll
2012-06-18 11:27 . 2012-06-18 19:33 -------- d-----w- c:\users\Administrator.AccessCentre-PC\AppData\Roaming\EndNote
2012-06-18 11:27 . 2012-06-18 11:27 -------- d-----w- c:\program files (x86)\Co... Read more

2 more replies
Answer Match 58.38%

Hello,I am dealing with a problem a few days now and I can't find a solution for it.When i boot my pc, windows load to desktop and after a minute or so i get a blue screen with the error message:QUOTESTOP: 0x0000008E (0xC0000005, 0x80635AC1, 0xB490796C, 0x00000000)Also nod32 icon was red but i couldn't click on it (windows were buzy loading other programs).I booted pc in safe mode and tried to run nod32 but it wouldn't start. I uninstalled it and tried to install Kaspersky but due to safe mode i couldn't install it. I then downloaded malwarebytes and run a full scan.This is the log from the scan:QUOTEMalwarebytes' Anti-Malware 1.44Database version: 3554Windows 5.1.2600 Service Pack 2 (Safe Mode)Internet Explorer 6.0.2900.218014/1/2010 12:46:54 ???mbam-log-2010-01-14 (00-46-54).txtScan type: Full Scan (C:\|G:\|H:\|)Objects scanned: 554114Time elapsed: 1 hour(s), 37 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 6Registry Values Infected: 3Registry Data Items Infected: 1Folders Infected: 2Files Infected: 4Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft&#... Read more

A:Infected, Blue Screen, PC only Boots in Safe Mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 58.38%

I am working for someone and using their computer. I have accidentally infected this computer and do not have access to the Administrator account to change/revert things. I am in safe mode now and can access the internet. I have tried calling places like Symantec to get help over the phone and there is not much they can do without admin access. I will post the DDS log at the end. The GMER was not able to scan my computer, most likely because of the infection.

I apologize, I do not remember the exact names of the infection or the "antispyware program" that was running after. The virus started with an S and sounded like syndavi. The "antispyware program" was called AntiSpyware _______. I have Symantec Endpoint protection on this computer. I can restart out of safe mode to find these but I would rather not make anything worse as it is not my computer. Is this possible to fix without admin access? Will pay well if it is able to be resolved. Thank you so much for your help!
DDS (Ver_10-11-27.01) - NTFSx86 NETWORK
Run by vevans at 13:00:33.75 on Fri 12/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1367 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Pr... Read more

A:Infected with no admin access, running in safe mode now

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

3 more replies
Answer Match 58.38%

Ever since I got that virus my computer has only been able to start in safe mode with networking. Whenever I boot up my comp, the typical windows xp screen would load and then a blue screen would flicker for a mili sec (too fast for me to read!) and then I am presented with the option of booting it into safe mode. I have ran Malwarebytes anti malware and it seems to have gotten rid of most of them, but one or sometimes two keep coming back. The trojan "HKEY_Local_Machine\software\tdss" would come back every time I reboot and run malware. If I dont get rid of it, it will re direct me to a different site (about viruses) whenever I click on links. When I get rid of it, links work fine. And I was unable to run adware and and spybot in sm, I have ran stinger though...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:45:20, on 10/23/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Internet Explorer\Iexplore.exeC:\Program Files\Trend Micro\Hija... Read more

A:infected with xp anitvirus 2009 and can only access safe mode

Hello, Imaloser. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We Need to Run ComboFixNote to readers of this post other than the starter of this thread:ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.About 1 in 100 times the computer will not longer be able to boot after running Combofix. This requires experienced hands to restore the system to bootability.There are several malware infections that "target" Combofix. Experienced Helpers are aware of these infections, and take steps to remove them prior to the use of Combofix. If you do not, various things can happen depending on the infection -- from Combofix being unable to run, to the dele... Read more

13 more replies
Answer Match 58.38%

I'm trying to help fix a friend's infected machine. I don't know what caused it but i can not run most of the malware removal tools.

The XP SP2 PC is getting continuous bad image errors pointing to a file called "UACxtcujhcadh.dll" - not a valid Windows Image.
Can not run any program without these error messages and the standard malware tools won't run.

The machine will only boot into safe mode, otherwise will get a blue screen with Driver_IRQL_Not_Less_or_Equal after login.
I've run a RootRepeal and will include the log.

Thank you in advance for any suggestions. Any idea which infection I might be dealing with here?

A:Infected, Can't run removal tools, only boot into safe mode

Go ahead and close this. I can not get any programs to run. RootRepeal can not access the boot sector and it throws up an error that it can not read the registry.

I'm going to wipe this machine so this can be closed.

2 more replies
Answer Match 58.38%

W32/Blaster.worm has infected laptop. Can't get on web. Can't get in safe mode.
From my cell phone I have been researching and it seems to be an old virus.
I am getting security warning/malicious program.
Firewall warning: Hidden file transfer to remote host has been detected. There is a remote host transfer IP: 25.92.229.139.
And it make a pig squeal sound when I start it up!
Please help! Thank you!

A:W32/Blaster.worm has infected laptop. Can't get on web. Can't do safe mode.

Please do the following:Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst.exe (for x64 bit version type e:... Read more

2 more replies
Answer Match 58.38%

My cousin's mouse stopped working on his computer after installing a game expansion. He asked me to try to fix it and I noticed his computer was heavily infected with viruses. I've removed a lot of malicious files through Malwarebytes' Anti-Malware; however, the mouse still doesn't work, and I think there are still viruses. I also tried to reinstall the drivers for the mouse off the manufacturer's website(Logitech), but it didn't help. Since the mouse only works in safe mode, I can only run GMER in safe mode.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Administrator at 19:10:45.24 on Mon 09/20/2010Internet Explorer: 7.0.6000.16643Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2813.2149 [GMT -7:00]AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svcho... Read more

A:Mouse only works in safe mode, infected with viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

11 more replies
Answer Match 58.38%

I am infected with numerous items. Can only boot in SafeMode. Removed multiple items multiple times.EMachines, T6412, AMD Athlon 64, 3400+, 2.19 GHz, 1.37 GB of Ram, Windows XP SP2Can only boot in Safe Mode.Booted without Internet. And Unplugged Ethernet from computer.Pop-ups include:Your computer is not protected against spyware....Internet attack attempt detected......your computer is infected with spyware...Your Computer is working slowly.....Windows Security Center System Warningfull screen "Threat: CoolWebSearch"Windows Security Centerfull screen "Threat Name: TrojanDownloader.XS"SpyBot (updated to the latest) has removed the following but they do not stay removed and I have removed them again many times. Wait 10 minutes, ran SpyBot again, they return again without rebooting.:ClientManCoolWWWSearchCoolWWWSearch.008kCoolWWWSearch.Aff.ledllCoolWWWSearch.AffWinshowCoolWWWSearch.BlowSearchCoolWWWSearch.BootconfCoolWWWSearch.DreplaceCoolWWWSearch.GonnasearchCoolWWWSearch.LeftoversCoolWWWSearch.SmartSearchCoolWWWSearch.SvcinitCoolWWWSearch.WCADWCoolWWWSearch.WinResCoolWWWSearch.WinSearchCoolWWWSearch.YexeMicrosoft.WindowsSecurityCenter.TaskManagerSmitfraud-C.Smitfraud-C.genericSmitfraud-C.gpToolbarCCWin32.Small.nyRan AVG Antivirus numerous times - Vault items. Some repeat:Trojan horse Downloader.Purityscan.yTrojan horse Downloader.Agent.15.ATrojan Horse Sheur.BJSJTrojan horse Generic10.VYBTrojan horse Downloader.Generic7.MCBTrojan horse Downloader.Generic7.... Read more

A:Infected With Numerous Items. Can Only Boot In Safe Mode

Hi, PaulDH Welcome.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Please post the "C:\ComboFix.t... Read more

12 more replies
Answer Match 58.38%

Hi folks,

I'm on windows XP.

When computer first loads up I get this message:
"avgwdsvc.exe encountered a problem and needed to close"

internet explorer and firefox do not work. However, IE works when started "with no add ons" and firefox works in safe mode. Email works.

I'm worried I have a virus. I'm not able to run avg to do a virus check because it crashes every time it is loaded.

I've installed and run three anti malware programs but the problem is still present

Would really appreciate some help.

Cheers,

More replies
Answer Match 58.38%

Ok I will list the problems in order that they occured...

-Went to a site, suddenly I get the infamous fake spyware icon (the blue shield) and it says I have all these viruses and starts scanning

-I try to open up AVG and it's locked. I try MBAM and it's locked. Thankfully super antispyware works. and finds 4 of the trojan dropper and gen combo

- I delete and restart my computer in safe mode when I GET A BIG BLUE screen telling me that there was a problem (something like hardware problem or changes). This has never happened to me! I usually run safe mode and run my scans and boom my problem is solved but somehow it seems to be blocked!

-On the bright side my computer WILL load in regular mode but I seem to have the yahoo redirect problem. I ran trend micro, AVG, MBAM, and super antispywar and they dectect NOTHING. Please help! I'm really out of ideas on what to do. I ran a combo fix but it didn't take long and really had nothing in the log that stood out. If I need to post a hijack log I will gladly but I'll have to get back to the infected computer.

Please help! Thanks! I hope I don't have to reformat!

More replies
Answer Match 58.38%

Hi,
 
I have a laptop running windows 7 that has been infected with Antivirus Security Pro.  When I try to start in Safe Mode the computer keeps restarting before I can do anything.
 
I can not download any malware removal or any other software.
 
I can not seem to start any programs.

A:Infected with Antivirus Security Pro, will not let me start in safe mode

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with FRST (Recovery Environment)To run FRST on Vista and Windows7:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into ... Read more

36 more replies
Answer Match 58.38%

Hi Members,I have a computer that was redirecting google searches and I couldn't find hat was causing it. Today it Blue Screened on start-up after the install of the microsoft defender update. I was able to unistall that update, but now it blue screens when loading safe mode, but not when i boot normally. Sounds to me like some type of malware after googleing the stop code: 0x0000007e (0xC00000005, 0x80537009, 0xf789e508, 0xf789e204). I noticed some suspect entries in the log. Can you help?ThanksuamuserLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:19:29 PM, on 2/11/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exeC:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exeC:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exeC:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\... Read more

A:Malware-Safe Mode Blue Screen & Google redirect

Is there no one to help with my issue?===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been respon... Read more

3 more replies
Answer Match 58.38%

I'm at my wits end here. I'm infected with at least Virtuomonde and Smitfraud. Here is what's happening.

All antivirus and HJT that I've tried (spybot, HJT, Avast, etc) start to run and then die. When I try to restart I get a dialog box that says, cannot access, file, drive, path--you may have insufficient rights.

clicking on browser links redirects to a random page.

booting in safe mode gives me a quick BSD and then starts over

Active desktop has died--I deleted an html "warning" image from the recovery console on a Win XP CD.

Can ANYBODY help or am I doomed to reformatting?

Currently running Win XP Home Edition--SP-3

Thanks so much!

Chuck

A:Malware Blocks All Antivirus and Stops Safe Mode Boot

You have the new rootkit that's out thereWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.-----------------If the scan doesn't run or won't complete, just select Drivers to scan

1 more replies
Answer Match 58.38%

Hello helpful people of Bleeping Computer!
My younger sister has managed to get her computer infected with the uKash Metropolitan Police malware, nasty little bugger that it is. I've been reading all the guides I can find and trying all their suggestions but it comes down to one issue in the end.
I cant access safe mode, I don't know if it's the virus or something else but whenever I log into safe mode (with or without networking/command prompt) the moment the desktop loads the computer shuts down and reboots into normal mode where the virus instantly locks the computer down. I've exhausted all my malware fighting knowledge and now I turn to you, the experts.
Please, any advice is gladly welcomed and hugely appreciated.

A:uKash Metropolitan Police Malware, Safe Mode Locked Out

Hello and welcome.
What is the Operating System?

Can you run these in Normal mode?

5 more replies
Answer Match 58.38%

Hi. I'm afraid I botched my system by using multiple malware programs and then finding that I was unable to connect to the internet (but still can see the router). I have an acer laptop with win8.1 installed. I am able to connect to the net in safe mode with networking but not in ordinary user mode. I've tried some things based on other posts, but I've been out of the tech world for too long to figure this out. I'm hoping to get some help so I don't have to do a reset and go back to start.

The system has been working great for over a year, but last week i began having some random audio stuff play with no apparent reason. So I figured it was malware and I began loading malware sw and doing scans. In the heat of the moment, I did whatever the malware sw said to do. Then, poof, no internet. Later uninstalled the malware scan sw but still no net in normal mode.

I am using the ethernet adapter to connect to my router, but I have the same problem using the wifi adapter. I figure that since this thing works in safe mode, there must be a way to solve the problem without a complete reset. Tried to restore an older backup and the backup file was unreadable. Yipes! I'm pulling out all my hair! Thanks for any help you can give!

Here is my ipconfig from normal mode:

Windows IP Configuration

Host Name . . . . . . . . . . . . : acerlt
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS ... Read more

A:Solved: Can Connect to internet only in safe mode Win 8.1 - after some malware remova

8 more replies