Tech Problem Aggregator

Slow Infected PC; ran JRT and ADW from safe mode

Q: Slow Infected PC; ran JRT and ADW from safe mode

Browser keeps crashing and PC still very slow. I couldn't do anything unless I was in safe mode. Initially, the icons on desktop were almost completely gone. System is 7 Premium, 3 GB RAM, AMD processor. Thanks for getting me started on getting out of this nightmare.

A: Slow Infected PC; ran JRT and ADW from safe mode

Let's start with a scan using DDS. See if you can get into 'safe mode with networking' :

Download DDS from one of these links:
DDS.com

DDS.pifDisable any script blocking protection
Double click the dds icon to run the tool.
When done, DDS will open two (2) logs: DDS.txt
Attach.txt <--- will be minimized in the task tray

Save both reports to your desktop.
Include the contents of both logs in your next post.

The scan will instruct you to post Attach.txt as an attachment.

9 more replies
Answer Match 64.26%

Hi,

About two months ago my HP Pavilion 6654y Win7, 8GB, etc.,
started running extremely slowly in Normal Mode. It takes several minutes to respond to mouse clicks, etc.
Basically, it just hangs. But it runs "ok" for a minute or two while still rebooting.

In Safe mode it runs just fine.
I've tried everything I can think of to narrow down the problem, to no avail,
including numerous scans such as AVG, Malwarebytes, Trend Micro Housecall.
Installed UnHackMe to check for rootkits. Even got Reimage and ran it several times.

I've used CCleaner to clean things up, and also to clear out Startup programs
and disable most scheduled tasks, as follows,
(though it is confusing to me since I still see some of the process when started up in Normal Mode):

Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Yes HKLM:Run KillProcess Orange Lamp Software Solutions "C:\Program Files (x86)\KillProcess\KillProcess.exe"
Yes HKCU:Run HydraVisionDesktopManager AMD "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
No Startup User Stickies.lnk Zhorn Software C:\PROGRA~2\Stickies\stickies.exe
No Startup User OpenOffice.org 3.3.lnk C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE
No Startup User 1-Click Answers.lnk Answers Corporation C:\PROGRA~2\1-CLI... Read more

A:Win7 fine in Safe Mode, extremely slow responses in Normal Mode.

Please run Minitoolbox and include the List Installed Programs. Check HP desktop if it comes with a diagnostic test within windows or BIOS utility for memory sticks and hard drive and try running the complete test. Please post back if there are no such features as they would be provided. Try also doing some house cleaning for some dust and bunnies to make sure thermal events is not contributing to the problem.

11 more replies
Answer Match 64.26%

Hello,
 
OS : WIndows XP SP3
 
My computer (actually on loan from my mother in law!) is taking ages to start and when it does, it is very slow to respond and even freezes. Eventually an Avast alert pops up and tells me it detected a rootkit called "Catchme". I didn't try to delete it, I don't know if I should have or even if Avast was right.
The PC was already slow when I first got it. I ran Malwarebytes before and it found a trojan.agent that was apparently deleted. I also ran JRT that found bad things too (tell me if you need the log).
When I run in Safe mode, the PC seems OK, more responsive.
 
Anyone to help me?
 
Thank you.

A:PC slow in normal mode, OK in safe mode, Catchme rootkit detected by Avast?

Hi,
 
I turned PC on this morning, it was still very slow to start, but the Avast message about the rootkit didn't come up this time! PC was still slow to respond though.
I decided to run AdwCleaner (saved on to USB key from my laptop and copied then on to the PC) just to see and it found 9 "bad" registry keys. I cleaned them and restarted the PC as prompted. PC seems a bit faster to repond now. I also ran Malwarebytes (quick scan) which didn't find anything.
Still think something is not right, can somebody help me check for rootkit or anything else please? Thank you

32 more replies
Answer Match 64.26%

Hi
 
I am looking for help 
 
My windows 7 start in normal mode is very slow.  System is in a loop or is hanging waiting for the hard disk to be free.  The hard disk indicator light is on  all the time ... 
When I start the system in safe mode with networking, the system is fine and nothing is holding the hard disk anymore.
 
I ran minitoolbox and got the following error indications 
 
MiniToolBox by Farbar  Version: 20-06-2014
Ran by Toshiba (administrator) on 21-06-2014 at 22:59:54
Running from "C:\Users\Toshiba\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************
 
========================= Devices: ================================
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapt... Read more

A:Windows 7 very slow in normal mode, runs fine in safe mode with networking

Could have crap ton of stuff starting up with windows.
perhaps corupt driver or installed the wrong driver.

2 more replies
Answer Match 64.26%

Hello, the computer I am concerned with is running Windows 7 with IE8, Microsoft Security Essentials and Malwarebytes Anti-Malware. I am currently in Safe Mode with Networking without issue.

The owner of the computer says that something happened earlier today while he was online that sounds like some false antivirus popup, but he's unsure. Here are the symptoms in normal mode. Every application, from moving through them to opening and closing them, runs exceptionally slow - one to three minutes to open, at least a minute to open internet pages. I noticed that, when in IE, as the pages are loading the IE page disappears and reappears. I am not very familiar with Windows 7 so I don't know if it is related. The computer seems to be getting slower as the day goes on. CPU usage is very high.

So far, I have disabled many startup items that were unnecessary. I ran CCleaner and cleaned up. MBAM was run in both normal and safe mode, full scans, and found nothing. This is also posted in Viruses and Malware, but I'm unsure where it should live.

If you can help, thanks!! I have to work on the Win7 computer from LogMeIn, and may have to get around in safe mode there.

A:Win7 runs extremely slow in normal mode, but nicely in safe mode

I suggest you wait for a response from the malware specialists before looking elsewhere.

2 more replies
Answer Match 64.26%

Hey guys I've checked through some of the tuts and what-not on this forum and still can't find a way to get me out of trouble..
i turned my computer on yesterday (23rd September) and there was an automatic update. Ever since the update my computer has been extremely slow (will take several minutes to open firefox -or anything for that matter). I booted safe mode and it's running fine. I opened up msconfig and did a clean boot but the problem was still there.
It's a fairly new build and I was stupid and forgot to get a virus protection i can't install it in safe mode either..

Can anyone help?
-cheers

A:Explorer running slow in normal mode, fine in safe mode.?

Windows Defender Offline

9 more replies
Answer Match 64.26%

Hello,
 
all of a sudden Windows 7 became extremely slow in normal mode. This doesn't happen in safe mode.
 
The laptop now also makes 3 beeps on startup, but the beeps disappear when Windows login page comes up. The only thing I did is updating Java and the beeps started.
 
I'm sending in attachment DDS, OTL and ComboFix logs.
 
Thanks in advance for your help!

A:Windows 7 runs fine in safe mode, but very slow in normal mode

Hello maestrale,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.  1.Download AdwCleanerDouble click on AdwCleaner.exe to run the tool.
***Note: Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select "Run as administrator"Click the Scan button.

Once the scan complete click Clean to finish cleaning any thing it has found.A logfile will automatically open after the scan h... Read more

28 more replies
Answer Match 64.26%

Hello everyone.  I am trying to fix my mom's computer but have so far been unable.  The laptop is running but it is incredibly slow.  When I first got on it a bunch of pop ops took over the screen.  The computer would randomly go to other sites on it's own.  It would go to a search sight called "clarosearch".  Worst of all, it's incredibly slow.  For example, from the desktop, it take about 45 seconds for the IE window to open when I click on the icon.  It takes about that long to navigate to a page and so fourth. I downloaded and ran a registry cleaner, spybot search and destroy, malwarebytes, and ad-aware.  These found a bunch of problems and cleaned some up, I guess.  The pop ups are gond and so is the strange search site, but the computer is still running just as slow.  It's a paperweight.  Getting another computer isn't really an option right now as my mom is unemployed and we're actually trying to get her resume online but we can't even do that right now with the way the laptop is acting.  I downloaded hijackthis and ran a scan.  Here is the log.    Oh, and as the subject says, the computer runs fast and fine in safe mode.  Please let me know if there is any other info that is needed as I'm not sure what to provide.  Thank you in advance for any help or suggestions you can provide.  Logfile of Trend Micro HijackThis v2.0.4Scan saved at 6:26:57 PM, on 4/26/2014Pl... Read more

A:Windows XP Laptop very slow in normal mode but fine in safe mode

Hello scoobyjax,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***1. Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***2. Download OTL to your desktop.Double click on the icon to run it.Vista / Windows 7/8 users right-click and select Run As Administrator.Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Check the boxes beside LOP Check and Purity Check... Read more

3 more replies
Answer Match 64.26%

I just did a clean re-install of Vista x64 on a new hard drive (old drive crashed). Here's the problem:

Using my ISP (Roadrunner Carolinas) speed test site; I get around 200 to 400 kbps download speeds using IE in normal mode. If I boot to Safe Mode, I get around 3500 to 4500 kbps, which is what it should be (this is what I used to get in normal mode before I re-installed Vista).

Running the same speed test with Firefox, I get around 1500 to 2000 kbps in normal mode, but if I try to download a file it transfers at only the 200 to 400 kbsp rate (if I'm lucky).

Here's more detail about the system and what I've done so far:

Installed all updates including SP2.
Using Windows Firewall, no anti-virus.
Updated network drivers directly from NVidia (Chipset is nForce750i)
Updated graphics card drivers directly from NVidia
Disabled all LAN protocols except for Client for Microsoft Networks and IPv4
Connected via ethernet cable directly to cable modem, no router.
I've deliberately refrained from loading anything but the basics until I can get this sorted out.

This really the second clean install I've done in 24 hrs. After the first one, I upgraded and added a lot of software and add-ons before I figured out the connection problem; so I decided the easiest fix would be to re-format and start over, checking each step to see what caused the slow-down. Unfortunately once I did the second clean install I tested right away and I had the connection problem from the get-go. Since then... Read more

A:Vista x64 new install: Slow internet connection in normal mode; fast in safe mode

run msconfig and uncheck startups that you are POSITIVE are safe to do so. See if your speed picks up. Then allow one startup at a time.

MSCONFIG: speeding up Windows Vista startup

7 more replies
Answer Match 64.26%

Sir I am using windows xp service pack3 for last 4 years, It was working fine. till past few days.. when sudden power failure caused it giving following error "windows cannot find local profile..." I created new profile and copied the files from old profile to this.
Though system was working fine. one of my software MPLAB IDE was not working  it used to give unspecified error and stop. So I used registry cleaner in safe mode and MPLAB IDE was started working properly. But window become slow at the start . It takes almost 5-10 minutes to get original screen. Also When I start explorer it holds up for a while (20-25 sec ).In safe mode everything works well. What may be the problem?

A:Computer is very slow in normal mode but fast in safe mode

The registry cleaner probably removed things that some startup programs needed, so now they get stuck and slow. Considering the problem and that you had to create a new user profile, I'd probably just reinstall windows fresh. (But maybe some other people have ideas for fixing it instead)

7 more replies
Answer Match 64.26%

Hi, this is my first post on SevenForums.

My internet speed is really slow. I'm lucky if I can reach 1Mbps when I start up Normally. However, when I start up in Safe Mode with Networking I can reach 12Mbps.

The computer is fairly old (8/9 years old maybe) and I've only just upgraded from XP to Windows 7 Ultimate 32bit. When I was running XP I connected to my router using a Linksys USB wireless network adapter. After upgrading to Windows 7 I couldn't use the Linksys anymore as I couldn't find any drivers so I installed a Belkin Desktop PCI Card F5D5000. I managed to connect to the internet straight away and this is when I first noticed the slow speed. I've updated the drivers directly from the Belkin site but it hasn't improved the speed .

I've tried connecting to the same router using WiFi on a laptop and the internet speed is fine (14Mbps). I contacted my ISP Talk Talk and asked them to test the connection but they didn't find any faults with either the line or hardware.

I've also tried switching off my Anti-Virus program but this doesn't make a difference either.

Could anything else be slowing the internet down? Any ideas would greatly appreciated.

Dave

A:Very slow internet in normal mode but fast in Safe mode

Hi Dave, and welcome to SevenForums!

I'm not an expert in this area but I suggest you try a Clean Boot as next step. You disable all non-MS services and reboot. If that works you can enable one service at a time to find out if it's a specific service that is causing the slow Internet.
How to perform a clean boot in Windows
Clean Boot assumes the problem is not with Windows itself but a 3rd party product or conflict, while Safe Mode loads minimum necessary drivers etc and without any start up programs.

It could also be caused by malware, that in Safe Mode isn't allowed to start during normal autostart procedures. So scan with a couple of good antivirus/antimalware products, for example Malwarebytes | Free Anti-Malware & Internet Security Software

8 more replies
Answer Match 63.42%

Hello everyone , i have read a lot of posts about slow pc in normal mode but i cant find any help. My PC Starts up very slow... WinRAR , Winamp .. starts also slow , for example i download a file which is rared. i press Open and then it stop responding for awhile ..
Here is my hijack log , any help is welcome.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:15, on 2008.05.21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Documents and Settings\Tomas\Desktop\hijackthis.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/... Read more

A:PC Slow in Normal Mode , Fast in Safe Mode

Loading windows quicker.
Try this, boot into normal mode.
Start > Run > type msconfig
Should bring up system configuration utility
Click on services and uncheck everything which doesn't have Microsoft Coperation as the manufacturer
 

3 more replies
Answer Match 63.42%

I have a Windows 7 Laptop (Home Edition) that boots fine in SAFE mode, but takes an extremely long time to boot in normal mode. When it does get into normal mode, it runs so slow it is unusable.
 
I have run Malwarebytes, SuperAntiSpyWare and Spybot S&D (all in Safe Mode - of course) and it doesn't find any issues.
 
What else can I try?
 
Thanks,
Scott
 
 

A:Windows 7 very slow in normal mode, ok in Safe Mode

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

11 more replies
Answer Match 60.48%

Hi,My Computer which has Win Xp Sp3 is behaving like it is in safe mode , eventhough it is in normal mode .I noticed this because ,1. Avira Antivir Guard and Update cannot be launched bcz Scheduler is not running.2 . I tried to start scheduler ( under services.msc ) , but can't start it bcz of error 1084 ( safe mode situation ) .3 . I can't use Windows Update , bcz of error Error number: 0x8007043C ( same safe mode condition )4 . I ensured that BITS was set to automatic , but it can't run bcz of 1084 error.I have scanned with Malwarebytes, Spybot S&D , SuperAnti Spyware ( in real safe mode) - No DetectionHere is the dds log ,DDS (Ver_09-09-24.01) - NTFSx86 NETWORK Run by Administrator at 16:45:23.03 on Mon 09/28/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.112 [GMT 5.5:30]AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop�... Read more

A:Safe Mode Error, WinXpSp3 behaves like it is in safe mode even in normal mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 59.64%

I am trying to fix my father's desktop computer, which he seems to have sufficiently filled with Malware. I am having a very hard time dealing with this, and am hoping for some help. Here are some of the things I know so far: It is a Dell running XP. Currently, I cannot run task manager, either in normal or safe mode. I cannot install Hijack This, MalwareBytes, or any other program in an effort to remove anything. Some of the names I have run across are "AntiMalware Doctor", "Security Tool", as well as the "Microsoft Security Essentials Alert" (particularly when I try to run taskmgr or regedit in the normal mode). I have been able to access regedit when in Safe Mode with Command Prompt... That is as far as I have gotten. I found some junk that seems to be related, but each restart brings me the same "Microsoft Security Essentials Alert" when I reboot and try for the taskmanager. As I can't seem to run anything on the desktop, I am using my laptop to try to download any potentially useful programs and move them over with a jump drive, but nothing will load. Any thoughts or recommendations would be greatly appreciated!!!!!!!I was just able to run TDSS Killer in Safe Mode from the Command Prompt, which appeared to be successful. Here is the log... I hope I copied it in right, as it appears huge! TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:442010/09/25 10:48:32.0734 ===============... Read more

A:Computer infected can't even run in Safe Mode!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Answer Match 59.64%

I have an infection in my DropBox.
I am hoping i disconnected before it got to my local box, but cannot tell because, I logged off/shutdown the system.
Windows 7, booting up, trying to go into Safe Mode, with networking.
As soon as it comes up, I try to log in (Still disconnected from the network, and it reboots the system.
Is this something new, or maybe unrelated?

A:Lucky Infected and No Safe Mode now?

Welcome to BC...
 
This is the second time this week that someone has posted not being able to boot into safe mode. Please
start a new topic in the Malware Removal forum and let the pros see if it is a new malware or just a coincidence.
 
Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
If you cannot complete a step, then skip it and continue with the next.
In Step 6 there are instructions for downloading and running FRST which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.
After doing this, please reply back in this thread with a link to the new topic so we can close this one.
 
DO NOT bump your new topic. Wait for a response from one of the Team Members.

1 more replies
Answer Match 59.64%

Hi, last fri I received an email via my yahoo account from UPS ( which I now now is not). I think this is a nasty virus has worms too.Avira scanned the file before I unzipped it, I did not get any warning, even though I had updated avira files before, then it went spirling downhill!!I had so many windows opening up, I immediately disconnected from the net then proceded to virus scan with Avira. At the end of the scan, it could not help as it was infected. I could not open the report, even though there were warnings.I tried Spybot scan which found a majority of problems which I allowed the fix. I did not think it wise to go on the net as I kept getting Internet Explorer pages opening up.All during this time I was getting Norton virus updates and warnings - I dont have nortons so ignored them and did not open any of the files. Just closed at the X them and made sure i was disconnected from net.After spybot cleaned up, I used ATF to clean my temp files and then turned off and re-started.Since then I can not log on to windows, even in safe mode and adminstrator. I tried and logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I cannot seem to get into windows and think I must have messed up somewhere. I have my external drive plugged in and was about to back up my monthly documents but decided to reply to my emails before! Hence now cannot access anything. I have spent the weekend reading forums and page... Read more

A:infected with UPS virus. Cannot log on even in safe mode

I tried ... logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I have spent the weekend reading forums and pages and pages of advise. I read this forum thread as well as thread: http://thinkinginpixels.com/quick-fixes/fi...onlog-off-loop/I really need my documents and cannot afford to loose them as there are files I need to send to my mortgage lender asap.mandyRe: LogOn/LogOff LoopGo ahead with the thinkinginpixels instructions: That is your best chance to get back in to Windows. It will take several hours to complete, and you should then be able to use Windows and retrieve the documents that you need. The instructions provide a series of logical steps that are relatively easy to follow and should lead to a positive result. Any problems, let us knowShould that fail (unlikely) we can help you get those documents by another means.Let us know how you are getting on.'Alien

81 more replies
Answer Match 59.64%

I'm not able to use internet in regular mode of windows xp. If i restart in safe mode with network support I can access the internet.I have checked everything concerning driver issues etc. The ip is correctly assigned. I have done several scans wit MBAM, I've used registry cleaners, etc. It all started a couple weeks ago when the pc started working very slow. I did a disk cleanup, defragmented the harddisk, did registry cleans, scanned for viruses etc. It was a bit better but not too much. After a few days the internet stopped working on my pc.Is there any solution to fix this problem?Hereby the DDS.txt log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Zjefne at 13:56:09,23 on vr 24/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.447.221 [GMT 2:00]AV: Panda Antivirus Pro 2010 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\A... Read more

A:Infected? No internet, just in safe mode

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 59.64%

Hi guys. I just joined this site and this is my first post. My desktop has been infected with Malware/Viruses and won't boot in any mode (safe, safe + networking, last good setting, or normal mode). The closest thing I get is when i go to safe mode and i get a total black screen with no start button or taskbar and on each of the four corners says "safe mode". However, I cannot do anything else on the screen. (Using laptop right now due to desktop being down)

After some research on the web I found that I could try the Avira Rescue CD and would hopefully remove the malware/virus. It's been almost a week but if memory suits me right, the virus was called Cleanup Antivirus. I also was experiencing google redirects. I have already finished most of the steps on the following Avira rescue cd instructions website:

http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

I am currently stuck on step 7 part 2&3. The reason for this is because in the command line, I type exactly what is instructed but the only thing it does is in the next line says:

"Devices" (text is in a neon greenish-blue font) (This is when i type in "ls /mnt")
When i type in " /mnt " it then says "/bin/ash: /mnt: Permission denied"

Not sure what to do because I have already restarted my computer and tried all modes including safe and normal but am still unable to get my normal computer settings.

I would get my log files with Hijack ... Read more

More replies
Answer Match 59.64%

I would be very grateful for some help sorting out a friend's PC please.

I've read the First Steps page but cannot carry out all of the suggested scans.

When I boot the PC normally, it works very slowly loading XP Home, then suddenly reboots itself before getting to the login screen. I discovered that it will run in Safe Mode with Networking and I'm using it now to create this thread!

I've run dds.scr and the scan result is pasted below. (Attach.txt is included here in a zipped file). When I try to run GMER nothing happens. The egg timer appears for a few seconds but nothing more. I have downloaded SPTDinst-v162-x86.exe. Executing this file results in a popup stating "No SPTD version was detected". The Uninstall button was greyed-out but the Install button looked inviting, so I clicked it and was prompted to re-start Windows. I restarted XP in Safe Mode and it appeared to load SPTD.sys.

Before looking at this forum I was going to attempt a Windows re-install and backed up My Documents onto a USB memory stick, which I then scanned with Avira on a another laptop. This revealed 16 music files, which had been downloaded with Limewire (I presume), all containing the same virus - EXP/ASF.GetCodec.Gen. I've uninstalled LimeWire now.

I have tried to install Avira AntiVir Personal (in Safe Mode) but, after extracting a load of files to a Temp folder, it gets part way through 'Preparing Installation...' then crashes(?).

I don't know what to try n... Read more

A:Infected PC only works in Safe mode - Help please

Please close this thread - I have wiped the system and re-installed XP. It seemed like the smartest thing to do...

1 more replies
Answer Match 59.64%

I have Wxp Pro on a Dell pc. I get no pop-ups, but programs are slow to open and slow to run. I can't start the pc in safe mode by using F2, F8, F12, etc. When those keys are used, the pc ignores it and starts normally.
When a browser window is open, I can open a site, can scroll thru the site, but can't click on any links or buttons. It acts as if it is just a graphic.
One strange thing, if I minimize the browser window, then maximize it again, I can then surf inside the site.

I have run Ccleaner and Ada-ware. I then ran Rkill, then SuperAnti-spyware and Malwarebytes. Running a full scan on both. SuperAnti found 53 items, quarantined all, but no help. Malware did not find any issues.
I've tried a system restore, but keep getting "can't restore system.......".

Any fast help is appreciated, this is for a school secretary's pc.
Phil

A:Am I infected? Can't start Wxp in safe mode

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C... Read more

9 more replies
Answer Match 59.64%

Microsoft did a scan in safe mode, but my computer is still running slow. i cant figure it out. i have one care as my anti virus, and malware bytes. i've ran both and nothing is showing up, any suggs would be greatly appreated.

thanks,
Lindaga35

A:am i still infected? scanned in safe mode already

Please reboot your computer and update Malwarebytes. This time do a FULL scan and post the new log here

5 more replies
Answer Match 59.64%

Hi, I had McAfee running and it found a trojan, so i removed it right? For some odd reason my PC restarted(blue screen of death, something about memory) Every time i try to boot normally it gives me the blue screen. so now im in safe mode typing this. I've done multiple full scans on Mcafee and it still says one or more errors could not be fixed because of an error. anyways it been like this all day. I just downloaded avast version 4.8 and currently scanning my system. Any suggestions of help? I'd rather not delete the entire contents of my hard drive and reinstall vista.

I tried downloading Malwarebytes but when i try to run it, it won't open.

Edit 1-avast! Virus Cleaner Tool - version 1.0.211 Ansi

Edit 2- Currently scanning with AVG 8.5 Free Trial Safe Mode

Edit-3 It seems that AVG has cleaned my computer right, i can now boot up normally and my mcafee says im secure.tt

Edit-4 Mcafee is on overload again, my computer got blue screen again. and i am currently scanning with mcafee.

Edit-5 Mcafee has been uninstalled by me and now running avg once more

A:Help, infected laptop, currently in safe mode.

Please help anyone?

10 more replies
Answer Match 59.64%

after noticing that some pop-ups came up about downloading free spyware software, drive cleaners,etc i realised that i had a problem.
i tried to use the remove it myself using the self removal of malware thread.....but i couldnt even get into safe mode properly. it is a blank screen..

below is my log:

Logfile of HijackThis v1.99.1
Scan saved at 21:04:53, on 08/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissd... Read more

A:slow, no safe mode

Please rename Hijackthis.exe
It's currently located at C:\Documents and Settings\adrian\Desktop\CleanUp Tools\HijackThis.exe
Rename it from Hijackthis.exe to HJT.exe

Then post a fresh Hijackthis log

1 more replies
Answer Match 59.22%

A user came to me with a laptop that does not connect to the internet at all in normal mode. (Wired or wireless, DHCP or static IP, IPv4 or IPv6)
Connects to the network perfectly fine, but no internet connection.
Unless in safe mode then the internet works just fine. (which led me to think malware was the root of the problem)
Nothing else appears to be wrong/off; just lost internet connection.

disable/enable adapter... nothing
ipconfig /release /renew... nothing
ipconfig /dnsflush /dnsregister... nothing
Tried new drivers... nothing
reset winsock... nothing
Scanned with McAfee... Clean
Scanned with MBAM... Clean
rkill... clean
tdsskiller... clean
running a hjt now, but thought I would post here first and see if it may well be something else.

NOTE: If you think this should be posted in networking then let me know and i'll gladly create a new thread there. I will not post my HJT until recommended, and that will go into the appropriate thread

Thanks in advance for your help. I've been using this site for years, first time I couldn't find a fix and need to post.

A:Internet Connection In safe mode only. Am I infected?

Uninstall your antivirus and let us know if you can connect

1 more replies
Answer Match 59.22%

Hi - I am running a win 7 OS and am infected with the FBI moneypack virus. It is not allowing me to enter either 'safe mode' or 'safe mode w/ networking' or 'safe mode with command prompt'.

When I log in to the computer using a different user I don't have this issue.

Can you please help?

A:FBI Moneypack Virus - Infected even in safe mode

Hi gsms123

I will be handling your log to help you get cleaned up. Please give me some time to do up a fix and I will get back to you as soon as possible.

White Warrior

23 more replies
Answer Match 59.22%

hi i'm new to the forum, and need some serious help. i clicked the wrong thing, and now i have some virus on my computer, here is what i have tired so far

1. I ran my virus software AVG, but when it starts scanning, it goes like 5 mins then just shuts down, the program still stays open but the scanning window just shuts without completing the scan

2. I ran Ad-ware, and it scans till it gets to the HKEY scan then locks up.

3. I made system recovery disks through the AVG software, but i can;t get the computer to boot of the disk, and i don;t know how to get it to work.

4. I tired restarting in safe mode, to run the virus programs again and the computer will not go into safe mode, it says there was an error and i must start it normally.

following systoms:
-when i start internet explorer it goes right to google, and types in "free porn" and searches out....(no idea why it does this)
-when i open up my documents, windows freezes and has an error then shuts down
-when i start the computer a toolbar pops up on the right side with ads for spyware, porn, insurance and other things.
-also some other things, i can;t really explain

now i been reading on here about HijackThis, so i downloaded that and got the log file. I also got Ewido, i ahevnt; ran a scan yet. i know a little about computers but i can't get anything to work or get this thing off. so here is the log file
------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:50:45 PM, on 12/... Read more

A:Infected and wont restart in safe mode

14 more replies
Answer Match 59.22%

Hi,

Had Issues for a while with being directed to random sites while using google and random pop ups,

Had the Yellow shield pop up in the task bar telling me i had to restart the system, after restart the Colour of the font in Firefox had changed to black and was running slow and freezing, 3-4 minutes in and the system would freeze only relief being the restart button.

3/4 restarts down the line im here , after the Windows XP loading screen goes off the screen just stays black no welcome page

EDIT EXTRA: It seems the wpa.dbl fil was modified at the time of the attack

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:42, on 15/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.micros... Read more

More replies
Answer Match 59.22%

I've been in France the last 9 months studying and when I came back, my parents told me to look at their computer since it has been acting weird and they could only use it in safe mode. They had been using it without any virus protection it seems. So I dowloaded Super antiSpyware, MalwareBytes and Avast, and scanned the computer with each of them. Superanti spyware found about 1700 infections, malware bytes found 260 more, including koobface.worm, and avast found 4 viruses. I managed to be able to start the computer in normal mode but it freezes many times, so it is very ineffective to use it like that. I don't know what else is wrong with it as I've run out of knowledge of how to fix the problems. I managed to run DDS in normal mode, but was unable to run gmer, both in normal and safe mode. It said there was an unexpected error and it must close.Here is my dds log. Anything else you'd like me to do, just tell me.DDS (Ver_10-03-17.01) - NTFSx86 Run by David at 1:35:00.38 on Sun 06/06/2010Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.1915.1146 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLau... Read more

A:was infected with koobface.worm, must use safe mode

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore... Read more

3 more replies
Answer Match 59.22%

My XP machine has a problem.  It gave me the Moneypak page on boot up and won't boot into safe mode.
 
I made a ubuntu startup disk and used that to backup my data files.  Also, ran some antivirus boot disks (Kaspersky, Bitdefender, and AVG), but it did not fix the problem.  However, they did get rid of the Moneypak page that was showing on startup.  Now when doing a normal boot, I see my desktop for about 1 or 2 seconds, then get a beige screen which changes quickly to a white screen and hear the hard drive spinning - probably loading things.  When I hold the power button to reboot, the blank page shuts down and I can briefly see my normal desktop full of icons again. Not enough time though to run any programs.
 
Since I can access my files by booting into Ubuntu, I assume the problem could be fixed by manually removing the right files or making some other changes, but I don't know which.
 
Can anyone help me get my machine working again?  Your assistance is much appreciated.
 
 

A:Infected with Moneypak - can't boot into safe mode

Hello and welcome to Bleeping Computer. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.Are you booting Ubuntu from a CD? Do you have a USB flash drive available?

more replies
Answer Match 59.22%

Hi Guys,

My WinXP Sony Vaio VGN-215M has been infected by what the Dr. Web demo identified as 'NTRootkit.83'. The first symptom I noticed was .EXE files starting to disappear, including my Norton Antivrus. Another problem I noticed is my wireless network connection has disappeared (no networks show up anymore).

I have tried a variety of tools including the McAffeee Rootkit tool beta, but it seems this one is still sticking around. Dr. Web support indicated I should reboot in safe mode and then run Dr. Web to remove it, BUT; when I try a reboot in any form of safe mode, it:

a) reboots
b) shows the loading screen, and then goes through a list of drivers on the bottom of the screen
c) reboots itself back into normal mode

So effectively I cannot reboot into safe mode.

I have output the following Hijackthis logfile, if this helps:

Logfile of HijackThis v1.99.1
Scan saved at 8:19:25 PM, on 16/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Apoint\Apoint.exe
C:\Programme\ATI Technologies\ATI Co... Read more

A:Infected with NTRookit.83 - Can't reboot in safe mode

Still getting nowhere.

Installed Dr. Web antivirus, and just like my Norton, the .exe files for the program disappear. This is one nasty litte trojan.. please help!
 

1 more replies
Answer Match 59.22%

Hi all,

My computer started running verrrrrrrrrrrrry slowly two days ago. It's so slow that nothing is usable. I tried to do a system restore, but all restore points are gone before April 30. Restoring the April 30 restore point fails with an error.

Tried various spyware and rootkit removal software and nothing helps. Desperate...

Here's my HijackThis log:

Thanks! Bob

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:35 PM, on 5/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http... Read more

A:Computer infected? Only runs OK in safe mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as... Read more

2 more replies
Answer Match 59.22%

XP Pro SP3 machine boots fine normally but can not get past the driver loads in safe mode. It just starts over. Seems to stop at the MUP.sys line. I've copied in a different MUP.sys file but it didn't help.
Original problem is something is starting up about 9 instances of Windows Explorer in full screen on multiple advertising sites and hanging the PC for a while. Also get memory location errors popping up at regular intervals. Memory test is good and the sticks are now 4 days new but still get the errors that don't hang anything but the messages just reoccur.  
Ran Malwarebites and deleted old user profiles, temp files and got Windows updates current. Didn't see any odd programs installed or notice any crazy processes but haven't sorted each little one out yet. Have antivirus on it but not detecting anything.

A:XP Pro Infected boots OK but not booting into safe mode

Video card or internal?

2 more replies
Answer Match 59.22%

I am visiting my kids and my ex-in laws got scammed by a FakeAV.  The person they talked to installed windows 8 and now it boots only to safe mode. 
 
Here are the Hijack This logs, DDS logs.
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:12:54 PM, on 8/29/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17028)

Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Ron and Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89NEVL99\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSear... Read more

A:Not exactly sure what computer is infected with but boots only to safe mode

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/546184 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 59.22%

Hey guys,So my girlfriends computer had a virus on it called Windows System Defender. It installed itself while browsing the internet, no we don't remember what site it was. I looked up ways to remove it and I did everything it said to do and even removed an instances of it from the Registry. It still persists and continues to come back,we think. After running a bunch of virus scanners it appears that I have gotten rid of the original virus but now have a new one that we can't figure out what it is and won't pop up on virus scanners. It also won't let us boot up in safe mood. It gives us a blank blue screen when we try to do so. I have posted a HJT log to see if that will show anything. Any help is much appreciated. Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:20:16 PM, on 11/3/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system... Read more

A:Infected With Virus and Can't Boot to Safe Mode

Problem has been resolved.

2 more replies
Answer Match 59.22%

Hi,
My computer is running windows 7 64bit and got infected with win32.sality.bh. I am not able to run any program except kaspersky. I had a full scan and removed all threats it could find but apparently the so called anti virus is not as powderful as it described. i still cant open any program. I tried to run in safe mode but cant do it without msconfig. any idea how can i run in safe mode? thanks in advance.

More replies
Answer Match 59.22%

Today, my laptop became infected with the FBI malware.  It has disable my ability to use Safe Mode in any way. 
 
Through reading on this site and Norton, I found initial instructions on downloading FARBAR Recovery Scan Tool.
 
I urgently need assistance.   Thanks.
 

A:Infected with FBI Virus - Safe Mode is not accessible

Hello anewbie1! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems.Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions. Please download Farbar Recovery Scan Tool and save it to a flash drive.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Plug the flashdrive into the infected PC. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.If you are using... Read more

3 more replies
Answer Match 59.22%

I am available Mon - Thur, but will monitor my post and go to the computer if necessary over the weekend. This is an elderly woman's laptop done as a volunteer project and I will receive no compensation for my services.
 
I get redirected trying to go to bleeping computer and had to use safe mode to download and post.
 
Here is my log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17344
Run by Judy Gilman at 9:28:45 on 2014-11-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4008.3250 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wbem\wmiprvse.exe... Read more

A:Win 7 infected with redirect. Can only use Chrome in safe mode.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554855 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 59.22%

Hello,

I'm using a spare computer to try and resolve an issue with my laptop.

Earlier I was using Firefox but Internet Explorer suddenly began to pop up. After a few tries using Task Master, I was able to shut off IE. But I wanted to search for any trojans or viruses and attempted to scan using Malwarebytes. This program shut down after a few seconds of scanning. When I attempted again, it said "Windows cannot access the specified device, path, or file."

I tried to run HijackThis in Safe Mode to try and get a log but got the exact same message as above about Windows not being able to access.

Any assistance would be GREATLY appreciated!
 

A:Badly Infected - Cannot Run HijackThis in Safe Mode

16 more replies
Answer Match 59.22%

I recently re-formatted my Sony VAIO since it was starting to run super slow. Now that I re-installed Windows 7 on it through recovery disks, it worked fined for about a day but then the problem came back. The computer is slow at bootup and runs super slow while freezing so many times. I am running it on safe mode right now and its working fine.

I ran hardware diagnostics and everything is fine (Memory, Hard Disk etc.)

I installed Norton Antivirus and Windows Live Messenger after the re-install.

Please help me.

A:Computer runs really slow in normal mode, but runs fine in safe mode

anyone?

9 more replies
Answer Match 58.8%

Scanned and cleaned with AVG, Spybot, and Bazooka. Still having serious startup problems including an occasional BSOD. Logfile of HijackThis v1.98.2Scan saved at 8:15:18 PM, on 8/22/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\EXPLORER.EXEC:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R0 - HKCU\Software ... Read more

A:Sometimes safe mode but always slow startups

Can you post a new log as the list of processes looks unusally short for the amouint of autoruns you have

12 more replies
Answer Match 58.8%

My Windows 8.1 Laptop (Lenovo G510) boots-up very slowly. The slowdown occurs just after BIOS startup. Instead of "Lenovo" logo loading screen it's simply black and my computer seems dead. No HDD activity, even the fan seems dead because the case becomes quite hot. After VERY long time (120 - 180 seconds), I finally see the main Lenovo screen and quickly after that the login screen. After that everything happens normally. According to Windows lore between BIOS Init and Winlogon Init happens Session Init phase. In this phase kernel is loaded as well as drivers. The problem is I can't pinpoint what causes this slowdown. I tried using Msconfig bootlog. It showed that dxgkrnl.sys is loaded several times, but it loads correctly only the first time. Basically something during Session Init takes A LOT of time. Since it takes so long and the computer seems dead, I thought that some kind of timeout my be happening. I also suspect that I may have some kind of rootkit installed which messes up the kernel and/or drivers. Of course, scans using Comodo and Anti-malware show nothing.

What should I do when my boot is still VERY slow in Safe Mode? It appears that it's a Session Init phase slowdown (kernel/drivers heavy).

I also tried unplugging everything from my laptop (external mouse, keyboard, monitor, ethernet, usb disk, etc.). Nothing helps.

More replies
Answer Match 58.8%

Hi, I'm not sure if I'm posting this in the right place, but as this is a fairly new pc and isn't running any heavy applications, I have a sneaky suspicion there might be a virus or something else on this pc.I'm currently running in safe mode (plus networking) and everything is ridiculously slow. For example, right-hand mouse clicking on my computer and selecting Properties takes about 5 minutes.I've ran DDS and attached the file "attach.txt" (possibly multiple times as the webpage doesn't seem to refresh properly and I can't see the list of attached files).When DDS runs, it doesn't seem able to create the file DDS as that process seems to take forever. I've been waiting for half an hour and the DOS window is still visible and is indicating it's still running.So, I'm afraid at this point I can't attach it.The pc is a Compaq CQ1110UK, AMD E-450 APU 1.65 GHz, installed RAM 2.00 GB, 64 bit.Again, I hope I've posted this in the right place.Please let me know if I need to provide anything else.Thanks in advance

A:windows 7 very slow, even in safe mode

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Download OTL to your Desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\system32\drivers\*.sys /90
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
proquota.exe
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows... Read more

19 more replies
Answer Match 58.8%

Hi, recently i tried to download a file and as soon as i did my windows defender said it was a backdoor trojan and deleted it and i didnt think about it as much. Later my cpu began running at 100% and i couldnt access the internet when i wasnt in safe mode. I've scanned my pc with  different software and all i found was 1 trojan with superantispyware and a few tracking cookies. 
Please help ive not been able to get any relief so far  Im sure its a virus or something. No software ive used as detected anything at all and ive scanned multiple times with each software. I've tried unticking the proxy box on my internet and without safemode i still cant access the internet. I really don't know what to do

A:Slow cpu , no internet when not in safe mode.

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

3 more replies
Answer Match 58.8%

Can sumone please help me,my computer is running slow and freezes up on me...i also cant log onto Internet Explorer except for when im in safe mode,also when i click on a desktop icon it opens up to the properties page,here is a hijackthis log.....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:09:00 PM, on 10/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\TSI32\tsircusr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\HiJackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=usR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo!... Read more

A:Computer Is Slow And Can Only Log Onto Ie In Safe Mode

Go to Start > My ComputerGo to Tools > Folder OptionsClick on the View tabUntick the following:Hide extensions for known file typesHide protected operating system files (Recommended)You will get a message warning you about showing protected operating system files, click YesMake sure this option is selected:Show hidden files and foldersClick Apply and then click OKBackup Your Registry with ERUNTPlease use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.phpFor version with the Installer:
Use the setup program to install ERUNT on your computerFor the zipped version:
Unzip all the files into a folder of your choice.Click Erunt.exe to backup your registry to the folder of your choice.Note: to restore your registry, go to the folder and start ERDNT.exeCopy the contents of the following codebox to a notepad windowREGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001Save it to the desktop as fix.reg, making sure save as type is set to all filesCopy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is turned off.sc stop hg1sc delete hg1Save it to your Desktop as cleanup.bat. Save it as:File Type: All Files (not as a text document or it wont work).Name: cleanup.batRun HijackThisClick on ... Read more

1 more replies
Answer Match 58.8%

PLEASE HELP!! This problem is driving me nuts! (May be a short trip).
My Computer is taking up to 5 mins to boot and then another 2-3 mins to complete the process. Norton Scan is clean; Ad-Aware SE Plus is clean; Spybot is clean. I can not boot to safe mode. When I try, the screen flashes blue however it is so fast I can not read it. It then reboots. The Hijack this file was just obtained. Thanks for any help!

Logfile of HijackThis v1.98.2
Scan saved at 1:05:03 AM, on 9/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\WINDOWS\System32\EXSHOW95.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Yahoo!\Messen... Read more

A:Slow boot, can not go to Safe Mode

Greetings! There isn't much in the log (looks can be deceiving, so we'll fix a couple of things here and then look for the most common "invisible" infection.

With all browser windows closed, open a new HJT log and fix the following:

O2 - BHO: (no name) - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414

Reboot.

Tehn, please go to the Lavasoft website and download the add-in "VX2 Cleaner".

After you have done that, open Ad-aware, click on "add-ons", then select the cleaner and run it. Have it repair anything that it finds.

Reboot and post a new log, along with a report of the results.

5 more replies
Answer Match 58.8%

I have a Toshiba Portege laptop running Windows XP Professional SP3 that's in its last legs. I'd like to back up my files before it conks out, but I'm having difficulty doing so because the laptop's cursor/trackpad is very slow/unresponsive. I tried running in safe mode to see if it would run faster, but it was still the same.
I was able to open the C drive and select all files/folders inside, but I am unable to remove the system files and program files folders from the selection because the cursor doesnt respond immediately (if at all). Left clicking does nothing (folders/files can't be selected/opened), and I've had to resort to right clicking the using the arrow pads to scroll up or down to the action I want (such as open). Which of course makes it near impossible to select multiple files for backup. Can anyone help me with this issue, as well as give instructions on how to scan and speed up my laptop?

A:Laptop slow even in safe mode

Please download MiniToolBox  , save it to your desktop and run it.
 Checkmark the following checkboxes:  List last 10 Event Viewer log  List Installed Programs  List Users, Partitions and Memory size.
 Click Go and paste the content into your next post.
 Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post. 
Louis

1 more replies
Answer Match 58.8%

My PC was hit by csrssc.exe. It denied access to RegEdit.exe and it stopped picturs from displaying on the PC. I searched through internet for 3 weeks trying to get rid of it. Finally, csrssc.exe stopped showing on the "Windows Task Manager" after I did the followings:
1. ran combofix.exe in normal mode (because Safe Mode freezes) twice and ran "Windows Defender" once. One of the three times (I don't remember which) reported that 2 malwares were deleted. The 3rd one was half deleted.
2. deleted all cookies, history files, temporary files and an entry containing csrssc.exe in Registry.
3. ran EFRCSetup.exe (to clean the registry?)
4. Clicked control panel, clicked Internet Options, selected Advance tab and then pick "Show pictures" in MultiMedia.

The system was still very slow. After downloading MicroSoft Internet Explorer 8, it is as quick as it should be in Normal Mode.

However it still freezes in Safe Mode : After it is booted, it displays all users. Once a user is clicked, it displays "safe mode" on all 4 corners and "Microsoft (R) Windows XP (R) (Build 2600.xpsp_sp2_rtm.040803-2158: Service Pack 2" on the top of the screen. The screen is dark without icons or task bars.

david.lee.q@gmail.com

A:XP Safe Mode slow to a halt

Hello & welcome to TSF,

okay you need to remove you e-mail address from your post

it gives spamers the way to spam you

also

what you need to do is follow this link

http://www.techsupportforum.com/secu...oval-help.html

for this to work properly you must follow all instructions

if you can not compleat a step make a note and then move to the next step

save all logs to the desktop for ease of reposting

when you have compleated the steps do not post back here you must start a new post in the (Highjackthis Forum log help forum) of this site

stand strong for the techs there are busy

also tell the techs about this thread and what you have stated

name the post the name of the infection and you will get a faster response

as rule we are not suppose to help with infections because it takes special tool to remove the infection compleatly

3 more replies
Answer Match 58.8%

Hi,
My issue is that upon startup my computer is extremely slow. I like to think of myself as a little tech savvy so have tried a few things.
Booted into safe mode (computer works fine in safe mode) and have run Malwarebites and have removed all the issues found to no avail. I have also checked CPU temps which are fine (idling at 28oC).
Here is my system:
Windows Seven
Intel i5 3570k
Nvidia Geforce GTX 660
Asus PB z77-v lx2
Toshiba 5200RPM 1Tb drive.

A:Extremely slow when not in safe mode.

Hello -
Please download these prograns to Desktop, and Copy and Paste all logs back here.
 
  Download Screen317 Security Check from Here or Here and save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please Copy/Paste the contents of that document.
NOTE 1:: If any security program requests permission to access the Internet, allow it to
NOTE 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! (or similar) message, restart computer and Security Check should run
If the program will still not run, ignore it and move to the next step.
 
 
  Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:
List content of Hosts
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
 Click Go and Copy / Paste the result. (result.txt)
 
 
 
  Please download and run RKill by Grinler.
A black DOS box will appear for a short time and then disappear.
This is normal and indicates the tool ran successfully.
At most the tool will usually run for about 2 minutes
Please Copy and Paste the log back here.Do not reboot your computer until you complete the next step.
  NOW :
Download AdwCleaner by Xplode and save to your Desktop.
Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users rig... Read more

1 more replies
Answer Match 58.8%

Several months ago a virus infected my computer. It hijacked my desktop and did some other things. Something similar had happened once before so I got rid of it the same way. Since then, however, both Internet Explorer and Mozilla Firefox run very slowly. I've been running Firefox in safe mode as it seems to run fine. Still, I'd like to be able Firefox outside of safe mode.

I think something worth mentioning would be that upon finding the virus, I updated McAfee on my computer.

Any help is greatly appreciated.

A:Slow Browsing Unless in Safe Mode

Hello,

Have you did the usual maintenance? (run disk cleanup,delete temp files,clear cookies)

You can download ccleaner. (Not recommended to run the registry cleaner)

http://www.ccleaner.com/

Mcafee will sometime slow the overall performance of the computer.

System is could still have malware/ virus installed.

To make sure that system is clean

I recommend that you visit the security forum.

To get expert help with malware removal see the link below. Follow the steps

http://www.techsupportforum.com/secu...oval-help.html

After completing the steps you will be advised to post a log for one of

the experts to examine. Please use the link provided to post the log not

back here.

1 more replies
Answer Match 58.38%

okay... so i was trying to get into safemode so i could run an antivirus scan, problem is whenever i tried going in safemode the blue screen would pop up and computer would restart. now for some dumb reason i thought maybe i could get in safemode if i used msconfig and selected safe mode from the boot menu. so the computer restarted and now it boots in safemode but the blue screen and restart happen everytime now. ive tried "start windows normally" but that boots in safemode.... ive tried "last known good config..." and that too boots in safemode. so now im stuck, i cant get on windows. any help please?

im willing to start over but i dont know how to do that from here
 

A:STUCK in safe mode boot, safe mode doesnt work and restarts, REPEAT

11 more replies
Answer Match 58.38%

I am working for someone and using their computer. I have accidentally infected this computer and do not have access to the Administrator account to change/revert things. I am in safe mode now and can access the internet. I have tried calling places like Symantec to get help over the phone and there is not much they can do without admin access. I will post the DDS log at the end. The GMER was not able to scan my computer, most likely because of the infection.

I apologize, I do not remember the exact names of the infection or the "antispyware program" that was running after. The virus started with an S and sounded like syndavi. The "antispyware program" was called AntiSpyware _______. I have Symantec Endpoint protection on this computer. I can restart out of safe mode to find these but I would rather not make anything worse as it is not my computer. Is this possible to fix without admin access? Will pay well if it is able to be resolved. Thank you so much for your help!
DDS (Ver_10-11-27.01) - NTFSx86 NETWORK
Run by vevans at 13:00:33.75 on Fri 12/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1367 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Pr... Read more

A:Infected with no admin access, running in safe mode now

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

3 more replies
Answer Match 58.38%

I've tried everything I. The F8 menu, I'm in a reboot/launch repair loop.
I've tried kaspersky recovery disk and advair boot disk and can not get the virus off so I can atleast boot into windows and fix this.
Ideas? Should I try FRST64?

A:Infected with a virus can't boot windows even into safe mode

 

Should I try FRST64?

 
Please do and post its report.

3 more replies
Answer Match 58.38%

Hi folks,

I'm on windows XP.

When computer first loads up I get this message:
"avgwdsvc.exe encountered a problem and needed to close"

internet explorer and firefox do not work. However, IE works when started "with no add ons" and firefox works in safe mode. Email works.

I'm worried I have a virus. I'm not able to run avg to do a virus check because it crashes every time it is loaded.

I've installed and run three anti malware programs but the problem is still present

Would really appreciate some help.

Cheers,

More replies
Answer Match 58.38%

Hi, Suddenly today our PC shut down spontaneously.  I can turn it on and sometimes get to the safe mode screen, but when I hit enter to get safe mode, the computer once again shuts down.  If I immediately try to restart, the computer won't even get to the first page without shutting down.  What to do?
thanks!  Barbara

A:Infected? Computer won't start long enough to get into safe mode

Is Safe Mode with Networking any better? What is your Operating system? Did you notice if you had any malware pop up or you were removing some before this happened.

4 more replies
Answer Match 58.38%

Can anyone help? This is an old computer- but I have always been able to use it. My daughter decided to "borrow it" and it hasn't been the same. I downloaded "hijackThis" and here is what it showed: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:05:20 PM, on 11/2/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18319)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files\Gamevance\gamevance32.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\IObit\Advanced SystemCare 3\Awc.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\Sear... Read more

A:Computer Infected? Keeps showing desktop in safe mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Answer Match 58.38%

Hello,I am dealing with a problem a few days now and I can't find a solution for it.When i boot my pc, windows load to desktop and after a minute or so i get a blue screen with the error message:QUOTESTOP: 0x0000008E (0xC0000005, 0x80635AC1, 0xB490796C, 0x00000000)Also nod32 icon was red but i couldn't click on it (windows were buzy loading other programs).I booted pc in safe mode and tried to run nod32 but it wouldn't start. I uninstalled it and tried to install Kaspersky but due to safe mode i couldn't install it. I then downloaded malwarebytes and run a full scan.This is the log from the scan:QUOTEMalwarebytes' Anti-Malware 1.44Database version: 3554Windows 5.1.2600 Service Pack 2 (Safe Mode)Internet Explorer 6.0.2900.218014/1/2010 12:46:54 ???mbam-log-2010-01-14 (00-46-54).txtScan type: Full Scan (C:\|G:\|H:\|)Objects scanned: 554114Time elapsed: 1 hour(s), 37 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 6Registry Values Infected: 3Registry Data Items Infected: 1Folders Infected: 2Files Infected: 4Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft&#... Read more

A:Infected, Blue Screen, PC only Boots in Safe Mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 58.38%

The compter is locked.  I have tried to restore system earlier date- did not work.  I get into the advance boot options window but when I chose either of the safe modes-  it shuts down before I can get to anything-Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum, at the request of Malware Removal staff. ~ Animal

A:fbi money pak virus removal- has infected my safe mode- HELP

Don't give up on System Restore after one try!  I have removed this virus twice this week for people and they have a newer version than anyone talks about on forums or can see in removal videos on Youtube. 
 
My solution was to run system restore more than once trying a couple different restore points till one completed successfully.  In one case, it said it was unsuccessful but when the computer rebooted normally afterwards, it actually was successful.
 
Press F8 when rebooting to bring up boot options and select "Repair Your Computer".  Log in as administrator and select system restore and try again if you can on an available restore point before the infection.  It may take a few tries.
 
Post back here if it is not.

15 more replies
Answer Match 58.38%

I have a relatively new Vista Home system which was running fine until last night, when running an exe windows showed the command prompt listing keygen.exe, and serial.exe. Then another was listed, and Windows said something had stopped responding, and it would shut down in 1 minute. It restarted, and after the boot screen, microsoft loading bar the screen usually just remains black, and eventually reboots. Sometimes you see the vista logon scree and it says please wait, only to go black and do the same. Although there's also a short delay with a black background only with a cursor, I can load in safe mode. Here I've run a full AVG anti spyware (formerly ewido) scan which some stuff, unfortunately I can't find reports of that or Avast AV I ran, but I thin it picked up a keygen archive, and deleted 1/2 trojans, moved some other stuff to the chest. In add/remove programs I've found an un-installed some oberon media entries, including big kahuna reef 2, galapago, and others. It's still the same, desperate for help, thanks in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:22, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Minefield\firefox.exe
C:\Users\Kristian\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Pa... Read more

A:Infected with trojan, Vista won't start aside from safe mode

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.




Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

----------------------------------------------------------------------------------------


I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.


Installed Programs

Please could you give me a list of the programs that are installed.Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and ... Read more

3 more replies
Answer Match 58.38%

W32/Blaster.worm has infected laptop. Can't get on web. Can't get in safe mode.
From my cell phone I have been researching and it seems to be an old virus.
I am getting security warning/malicious program.
Firewall warning: Hidden file transfer to remote host has been detected. There is a remote host transfer IP: 25.92.229.139.
And it make a pig squeal sound when I start it up!
Please help! Thank you!

A:W32/Blaster.worm has infected laptop. Can't get on web. Can't do safe mode.

Please do the following:Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst.exe (for x64 bit version type e:... Read more

2 more replies
Answer Match 58.38%

I'm trying to help fix a friend's infected machine. I don't know what caused it but i can not run most of the malware removal tools.

The XP SP2 PC is getting continuous bad image errors pointing to a file called "UACxtcujhcadh.dll" - not a valid Windows Image.
Can not run any program without these error messages and the standard malware tools won't run.

The machine will only boot into safe mode, otherwise will get a blue screen with Driver_IRQL_Not_Less_or_Equal after login.
I've run a RootRepeal and will include the log.

Thank you in advance for any suggestions. Any idea which infection I might be dealing with here?

A:Infected, Can't run removal tools, only boot into safe mode

Go ahead and close this. I can not get any programs to run. RootRepeal can not access the boot sector and it throws up an error that it can not read the registry.

I'm going to wipe this machine so this can be closed.

2 more replies
Answer Match 58.38%

Hi all - this is my first ever post to a forum - normally I google my problems and find the solution, however this one seems pretty gruesome. I have checked around various forums for a day now, with no luck so far. As I am new to this, please excuse any gross violations of etiquette Here is the scenario:

A friend of mine from work approached me about some of his computer problems (frequent pop-ups, etc...), as I installed AVAST! Home for him a few months back. (His PC specs are: - compaq presario desktop, windows XP home SP2, AMD Sempron 3200+, 1ghz, 512m RAM, 80gb HD)
I suspected that he had not kept his free registration current, and that Avast expired and he had accumulated some viruses, spyware, trojans, etc... So trying to help out, I met him at the computer store, recommended that he purchase Zone Alarm Internet security (antivirus, anti-spyware, firewall...) and installed it for him. After installation, a dialog box opened suggesting I restart the computer, which I did(thinking back to my own machine, I do not recall having to restart after installing zone alarm - I think I may have inadvertently messed up here, because I had not even scanned for viruses/spyware, yet once the computer restarted, it would not boot normally) - I had to start in safe mode with networking. I figured that I would scan for viruses in safe mode anyway, and that should get rid of whatever was causing the problem. Found 39 infected files - Zone Alarm cleaned all but one of them - it reported... Read more

A:Severely infected computer - will now only boot into safe mode

6 more replies
Answer Match 58.38%

I have a relatively new Vista Home system which was running fine until last night, when running an exe windows showed the command prompt listing keygen.exe, and serial.exe. Then another was listed, and Windows said something had stopped responding, and it would shut down in 1 minute. It restarted, and after the boot screen, microsoft loading bar the screen usually just remains black, and eventually reboots. Sometimes you see the vista logon scree and it says please wait, only to go black and do the same. Although there's also a short delay with a black background only with a cursor, I can load in safe mode. Here I've run a full AVG anti spyware (formerly ewido) scan which some stuff, unfortunately I can't find reports of that or Avast AV I ran, but I thin it picked up a keygen archive, and deleted 1/2 trojans, moved some other stuff to the chest. In add/remove programs I've found an un-installed some oberon media entries, including big kahuna reef 2, galapago, and others. Tried system restore which couldn't log in, with same black screen problem. I'd rather not re install as I the systems nicely setup, plus I don't have Vista Home Premium CD, only an ultimate which. It's still the same, desperate for help, thanks in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:22, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network suppor... Read more

More replies
Answer Match 58.38%

Hi,
 
I have a laptop running windows 7 that has been infected with Antivirus Security Pro.  When I try to start in Safe Mode the computer keeps restarting before I can do anything.
 
I can not download any malware removal or any other software.
 
I can not seem to start any programs.

A:Infected with Antivirus Security Pro, will not let me start in safe mode

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with FRST (Recovery Environment)To run FRST on Vista and Windows7:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into ... Read more

36 more replies
Answer Match 58.38%

My cousin's mouse stopped working on his computer after installing a game expansion. He asked me to try to fix it and I noticed his computer was heavily infected with viruses. I've removed a lot of malicious files through Malwarebytes' Anti-Malware; however, the mouse still doesn't work, and I think there are still viruses. I also tried to reinstall the drivers for the mouse off the manufacturer's website(Logitech), but it didn't help. Since the mouse only works in safe mode, I can only run GMER in safe mode.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Administrator at 19:10:45.24 on Mon 09/20/2010Internet Explorer: 7.0.6000.16643Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2813.2149 [GMT -7:00]AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svcho... Read more

A:Mouse only works in safe mode, infected with viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

11 more replies
Answer Match 58.38%

Ok I will list the problems in order that they occured...

-Went to a site, suddenly I get the infamous fake spyware icon (the blue shield) and it says I have all these viruses and starts scanning

-I try to open up AVG and it's locked. I try MBAM and it's locked. Thankfully super antispyware works. and finds 4 of the trojan dropper and gen combo

- I delete and restart my computer in safe mode when I GET A BIG BLUE screen telling me that there was a problem (something like hardware problem or changes). This has never happened to me! I usually run safe mode and run my scans and boom my problem is solved but somehow it seems to be blocked!

-On the bright side my computer WILL load in regular mode but I seem to have the yahoo redirect problem. I ran trend micro, AVG, MBAM, and super antispywar and they dectect NOTHING. Please help! I'm really out of ideas on what to do. I ran a combo fix but it didn't take long and really had nothing in the log that stood out. If I need to post a hijack log I will gladly but I'll have to get back to the infected computer.

Please help! Thanks! I hope I don't have to reformat!

More replies
Answer Match 58.38%

Hello,
 
I have a Dell laptop which is infected with Infected Antivirus Security Pro, will not let me start in safe mode:
Windows 7 Home Premium, P4 Dual Core T4300 2.10GHz, 4.00 GB,  64Bit 500GB HD.
 
I tried running malwarebytes and all .exe file execution are blocked by Antivirus Security Pro, tried to restart in safe mode as soon as it gets to desktop it shuts down and restarts.
 
Need help removing please, Thank you

A:Infected with Antivirus Security Pro, will not let me start in safe mode

Before you do anything just try and "activate" it using this code, its a longshot but sometimes it works and you will be able to run malwarebytes and other tools
 
AA39754E-715219CE
 
See video for help on to do this
http://www.youtube.com/watch?v=y58O8bqx9sQ

6 more replies
Answer Match 58.38%

I am infected with numerous items. Can only boot in SafeMode. Removed multiple items multiple times.EMachines, T6412, AMD Athlon 64, 3400+, 2.19 GHz, 1.37 GB of Ram, Windows XP SP2Can only boot in Safe Mode.Booted without Internet. And Unplugged Ethernet from computer.Pop-ups include:Your computer is not protected against spyware....Internet attack attempt detected......your computer is infected with spyware...Your Computer is working slowly.....Windows Security Center System Warningfull screen "Threat: CoolWebSearch"Windows Security Centerfull screen "Threat Name: TrojanDownloader.XS"SpyBot (updated to the latest) has removed the following but they do not stay removed and I have removed them again many times. Wait 10 minutes, ran SpyBot again, they return again without rebooting.:ClientManCoolWWWSearchCoolWWWSearch.008kCoolWWWSearch.Aff.ledllCoolWWWSearch.AffWinshowCoolWWWSearch.BlowSearchCoolWWWSearch.BootconfCoolWWWSearch.DreplaceCoolWWWSearch.GonnasearchCoolWWWSearch.LeftoversCoolWWWSearch.SmartSearchCoolWWWSearch.SvcinitCoolWWWSearch.WCADWCoolWWWSearch.WinResCoolWWWSearch.WinSearchCoolWWWSearch.YexeMicrosoft.WindowsSecurityCenter.TaskManagerSmitfraud-C.Smitfraud-C.genericSmitfraud-C.gpToolbarCCWin32.Small.nyRan AVG Antivirus numerous times - Vault items. Some repeat:Trojan horse Downloader.Purityscan.yTrojan horse Downloader.Agent.15.ATrojan Horse Sheur.BJSJTrojan horse Generic10.VYBTrojan horse Downloader.Generic7.MCBTrojan horse Downloader.Generic7.... Read more

A:Infected With Numerous Items. Can Only Boot In Safe Mode

Hi, PaulDH Welcome.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Please post the "C:\ComboFix.t... Read more

12 more replies
Answer Match 58.38%

Hello,

Could someone please help, I have lost control of my laptop. If I boot into normal mode the computer freezes and I have to turn it off manually. In safe mode I cant run Hijackthis or Avast. Microsoft Security Essentials cannot update.

Malwarebytes Anti-Malware has not found any infections.

I have ran TDSSKiller and pasta the log below. It found 8 threats but dont know what to do it them.

Im running Win 7 Pro.

Any help would be much appreciated, thanks
15:00:04.0499 2600 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
15:00:04.0619 2600 ============================================================
15:00:04.0619 2600 Current date / time: 2012/06/21 15:00:04.0619
15:00:04.0619 2600 SystemInfo:
15:00:04.0619 2600
15:00:04.0619 2600 OS Version: 6.1.7601 ServicePack: 1.0
15:00:04.0619 2600 Product type: Workstation
15:00:04.0619 2600 ComputerName: Scorpio
15:00:04.0619 2600 UserName: Administrator
15:00:04.0619 2600 Windows directory: C:\Windows
15:00:04.0619 2600 System windows directory: C:\Windows
15:00:04.0619 2600 Running under WOW64
15:00:04.0619 2600 Processor architecture: Intel x64
15:00:04.0619 2600 Number of processors: 4
15:00:04.0619 2600 Page size: 0x1000
15:00:04.0619 2600 Boot type: Safe boot with network
15:00:04.0619 2600 ============================================================
15:00:05.0039 2600 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder... Read more

A:Badly Infected - Cannot Run Avast or HijackThis in Safe Mode

Hello again, I was reading through other posts and installed combo fix. Maybe this might be of some help too

Thanks

ComboFix 12-06-21.01 - Administrator 21/06/2012 15:44:35.1.4 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.353.1033.18.8089.6972 [GMT 1:00]
Running from: c:\users\Administrator.AccessCentre-PC\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Access Centre\AppData\Local\TempDIR
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\instsrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 13:50 . 2012-06-21 13:50 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BFA3D38-DCC1-4969-9747-699DB7E1B76A}\offreg.dll
2012-06-18 11:27 . 2012-06-18 19:33 -------- d-----w- c:\users\Administrator.AccessCentre-PC\AppData\Roaming\EndNote
2012-06-18 11:27 . 2012-06-18 11:27 -------- d-----w- c:\program files (x86)\Co... Read more

2 more replies
Answer Match 58.38%

Hello, I have probably 20 hours into trying to repair a Dell Inspiron 6400 running Windows XP Pro. The most frustrating part of this is that tools that I believe might help, such as Malwarebytes AntiMalware, Hijack This and RootRepeal are being blocked from installation or running by something...even in Safe Mode. I have tried the rename files names to get them to work...they still do not open. It is the "something" that I have been unable to find.
I was able to load Spyware Doctor, but when scanning it would hang up on one program...so it never finished. I was able to run Virut (it cleaned files, unable to open some) and right now Symantec Trojan.Vundo Removal Tool is running.
I have done a Windows Repair Installation which means I rolled back to SP1. I can get Internet access in Safe Mode, not in regular mode. When I try to update Windows it stops in the middle and says I have an error. I get a "spoolsv" error when the machine starts. From reading it appeared this is a Windows update issue. I did look for excessive SPL's and there were none. When in Internet Explorer I get the red letter warnings that I am infected with 18 trojans and should scan my machine. I did not click on scan my machine. Typically when trying to go to a antivirus/malware site I am blocked or Explorer/Mozilla closes.
I got regedit to work by renaming it reg-edit. The other above mentioned programs did not work even when renamed. Another program that will not work... Read more

More replies
Answer Match 58.38%

Ever since I got that virus my computer has only been able to start in safe mode with networking. Whenever I boot up my comp, the typical windows xp screen would load and then a blue screen would flicker for a mili sec (too fast for me to read!) and then I am presented with the option of booting it into safe mode. I have ran Malwarebytes anti malware and it seems to have gotten rid of most of them, but one or sometimes two keep coming back. The trojan "HKEY_Local_Machine\software\tdss" would come back every time I reboot and run malware. If I dont get rid of it, it will re direct me to a different site (about viruses) whenever I click on links. When I get rid of it, links work fine. And I was unable to run adware and and spybot in sm, I have ran stinger though...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:45:20, on 10/23/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Internet Explorer\Iexplore.exeC:\Program Files\Trend Micro\Hija... Read more

A:infected with xp anitvirus 2009 and can only access safe mode

Hello, Imaloser. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We Need to Run ComboFixNote to readers of this post other than the starter of this thread:ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.About 1 in 100 times the computer will not longer be able to boot after running Combofix. This requires experienced hands to restore the system to bootability.There are several malware infections that "target" Combofix. Experienced Helpers are aware of these infections, and take steps to remove them prior to the use of Combofix. If you do not, various things can happen depending on the infection -- from Combofix being unable to run, to the dele... Read more

13 more replies
Answer Match 58.38%

I am currently working on a Gateway Laptop for my wife's friend who has reported problems of it running extremely slow. Just to boot up it literally takes 10 minutes. After the Windows XP logo with the blue bars underneath the screen goes black and stays that way for 3-5 minutes with the mouse showing up periodically. Finally when you can see the desktop the CPU remains running at 100% for another 3-5 minutes.

When you try and open Internet Explorer it does nothing for about a minute than slowly loads IE. Running any program or opening any windows such as an explorer window takes ridiculous amounts of time. Once a program is running is seems to do okay. For example when I install something, once the installation has finally started it runs like it should.

So far my problem solving has led me to these steps:

1) Watched the Task Manager for where the CPU load was going, nothing necessarily unusual besides everything taking longer than it should.

2) Ran 2 separate Anti-Virus programs (only 1 installed currently) and deleted everything they found, although mostly it was "non-threatening" cookies.

3) Ran Spy Bot Search and Destroy and got rid of the couple files it found.

4) Re-installed / Updated drivers for Video, Audio, Motherboard, and Touchpad

5) Used a Start Up Manager program to remove all programs except the essential ones from starting up with boot up.

6) Used RegSupreme to clean up my system Registry with a deep scan

7) Disabled sound... Read more

A:Windows XP Extremely Slow Unless in Safe Mode

is it doing any type of scanning at startup - antivirus, antispyware or other?

3 more replies
Answer Match 58.38%

My computer is sooooo slowwwww when i start it up. I cant use it other then in safe mode. Can anyone Help me?

Heres my hijack this log. (my computer is in safe mode)

Logfile of HijackThis v1.98.2
Scan saved at 4:28:58 PM, on 12/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Lois\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=cache-min.midco.net:3128;gopher=cache-min.midco.net:3128;http=cache-min.midco.net:3128
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: ww.www2.browsertoolbar.com
O1 - Hosts: 1 www.www2.browser
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: C... Read more

A:Computer is super slow. I have to run in safe mode to even get anywhere

Please do not duplicate post. Reply here:

http://forums.techguy.org/showthread.php?t=304829
 

1 more replies
Answer Match 58.38%

I have an HP laptop that is about three years old. I has had issues over the years, but Windows suddenly bogged down to the point that I can't even use it.

In Safe Mode, the machine runs much better but still has issues.

I have run scans for Malware, but that hasn't helped. Strangely, I don't have any available restore points either. I have also removed the most recent software that might have created issues.

What is the next step in diagnosing this problem?
 

A:Suddenly very slow, fine in Safe Mode

9 more replies
Answer Match 58.38%

I wonder if anyone can help please?

I was unsure whether to post this in networking or the XP forum. I am fairly computer literate, but have hit a stumbling block.

For over the last month I have been getting download speeds of 1-2mb on my 10mb connection via speedtest and other speed checkers. However, if I use safe mode, I get 10mb straight away. Virgin Media (my ISP) have been out and plugged a laptop into my connection and they get 10mb straight away.

I have tried both IExplore and Firefox.

I have zonealarm firewall and avast antivirus. I have ran a boot-time AV check. I have also ran spybot and malwarebytes which all found nothing.

I have tried completely disabling my anti virus & firewall and running speed tests - still the same.
I have tried using msconfig and disabling all but core components - still the same.

My pingtest just came up with this:-
Packet loss test: FAILED (I do have java installed), fails on IExplore and Firefox.
Ping: 895ms
Jitter: 1413ms

Any help appreciated,
thanks,
Rich
 

A:Slow Internet 1-2MB BUT 10MB in Safe Mode!!!

7 more replies
Answer Match 58.38%

My laptop is taking forever to startup, and when I try to start in safe mode I get error 0000007B. The computer is also slow all the time.

I could not find the Supplementary.txt file.


ComboScan v20070226.18 run by SStrickland on 2007-03-01 at 11:23:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as SStrickland.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:24:17 AM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\D-Link\RangeBooster G WNA-2330\acs.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\opcenum.exe
C:\Program Files\Comm... Read more

More replies
Answer Match 58.38%

Any ideas?

Here is a hijack list in SAFE MODE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:02 PM, on 12/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?L... Read more

A:FAST IN SAFE Mode slow otehrwise

Hello and Welcome.

A slow machine is not always a product of infection. I don't see any sign of active infection

Please see this sticky topic:

http://www.techsupportforum.com/f174...ow-247567.html


That said, if you need further assistance for a malware removal issue...


We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Logs are best taken from Normal Mode, this shows what is active at the time of the scan. In Safe Mode, many processes are not active, so it's not an accurate portrayal of the situation.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 58.38%

Hi, I've been having some issues with a very sudden slow startup after removing some viruses from my computer. I'm running windows XP with media edition 2005 SP2 and sources of this startup issue may be related to the following other issues I have found:

1.) Cryptographic service error 1068: dependency issues

2.) Missing taskbar (managed to fix this error somehow, although there is still no taskbar showing in safemode)

3.) Attempts to download windows updates fails due to crpytographic service error (clearly due to issue 1)

4.) System Restore is very buggy and unuasable

5.) Cannot copy/paste files anywhere

6.) In Administration Tools cannot adjust startup properties of any services

7.) Cannot enter Help and Support by any means

8.) Search Companion does not work

9.) Computer does not read printer or USB audio headset anymore

I've found solutions to similar problems here and there while browing help forums but all have been to no avail! Any input would be greatly appreciated
 

A:XP slow startup in normal and safe mode

Your PC might still be infected. So please post a topic in the security forum, and explain ur problem, and post a HiJackThis log there. An expert will guide you then.

Meahwhile, you can scan with antivirus(which i think u did), and some good antispywares. Some antispywares are SuperAntispyware, Malwarebytes Antimalware, Spyware Doctor Starter Edition. Download them, update them and run scans. Hope ur PC will be rid of virus/spywares.
 

1 more replies
Answer Match 58.38%

my computer is slow and wont go into safe mode i have a windows xp. when i try to run msconfig and get into safe mode ill get the following error. 'An access error was returned while attempting to change services. you may need to log onto the adminsrtators account to make specific changes. i am on the admin account. when i restart my computer ill hit f10 to bring up the menu ill try to get into safe mode from there but a bsod comes up. I also can hear clicking noises as if something is loading in the background or a double click. random ads will pop up once in awhile.

A:Slow Computer Unable to get into safe mode

Run this file and then see if you can get into Safe Mode:http://download.bleepingcomputer.com/sUBs/...otKeyRepair.exe

21 more replies
Answer Match 58.38%

I came home one day logged on to find my laptop slower than ever. hijack file attached..I have ran differ scans and cant come up with any thing.
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:47:31 PM, on 1/13/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16599)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\AWIRUTH\Desktop\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =... Read more

A:slow even in safe mode cant find virus

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more

16 more replies
Answer Match 58.38%

posting from safe mode with networking

A person on steam forums told me to put this into a notepad, and save it as msifix.cfg, run it, and then reset my comp twice, i did this
I did this because Vista sucks with TF2, and he said this would fix it

THE CODE HE TOLD ME TO PUT INTO THE NOTEPAD
@echo on
cd /d c:\temp
if not exist %windir%\system32\wbem goto TryInstall
cd /d %windir%\system32\wbem
net stop winmgmt
winmgmt /kill
if exist Rep_bak rd Rep_bak /s /q
rename Repository Rep_bak
for %%i in (*.dll) do RegSvr32 -s %%i
for %%i in (*.exe) do call :FixSrv %%i
for %%i in (*.mof,*.mfl) do Mofcomp %%i
net start winmgmt
goto End

:FixSrv
if /I (%1) == (wbemcntl.exe) goto SkipSrv
if /I (%1) == (wbemtest.exe) goto SkipSrv
if /I (%1) == (mofcomp.exe) goto SkipSrv
winmgmt /RegServer

:SkipSrv
goto End

:TryInstall
if not exist wmicore.exe goto End
wmicore /s
net start winmgmt
:End
Now whenever I start up my computer in Normal mode, it is almost unusable. Does anyone know how to fix this?

I have done a system restore to 3 hours before the incident, but it didnt work
 

A:computer extremely slow, unless in safe mode

9 more replies
Answer Match 58.38%

Hi I was "Bumped" to the "Am I Infected forum on Sunday Night. I had posted incorrectly into the Windows XP Forum due to my own in experience?I have received no reply yet, I was just wondering if I am now in the Right Forum or should I re-post the issue here again? sorry about the Windows XP forum mix-up Cheershttp://www.bleepingcomputer.com/forums/forum103.html/page__prune_day__100__sort_by__Z-A__sort_key__last_post__topicfilter__all__st__90

A:Computer So Slow Cannot Start in Safe Mode

Topic Handled here
http://www.bleepingcomputer.com/forums/topic471873.html/page__st__15

Closed this

1 more replies
Answer Match 58.38%

Hi all I have a Virus but cannot run Safe Mode to fix or locate it it just comes up Blue screen "If you have seen this screen before.. Etc. I have done many Avast Boot Scans and whilst scanning I see numerous file's as marked Corrupted but I can find no sign of it in the Boot-Scan Log?

No reports of Problems on Normal weekly "Full Scans" either with Avast or Malwarmalbytes

I have other symptom's

1) Any Word 2007 Page takes ages to Load and close whether its a saved Doc or New file and will Snail Trail down the screen on closing

2) Web pages are slow to Load and slow to close and will Snail Trail down the screen on closing

3) Some setting's for my Mouse revert back to default on Reboot
Hope someone out there can save me Cheers for now cop u later

The Computer is a DELL desk top Inspiron 2003
Intel Pentium 4 CPU,// 2.4 GB // 2.80 Gig + 512 Meg Ram with
Intel Graphics Controller’ 82845G/GL/GE/PE/GV
File System / NTFS /
Capacity / 149.0 GB / 160.031,015,425 bytes
Weston 1 Terabyte HDD partitions are / E, F,G,H /
2003 – Dell Inspiron Desk Top with LCD 20" Screen and MS Wireless Keyboard and Mouse. ,
Running Firefox, Gmail, Windows XP P3? Home Edition // MS Office 2007 //
I am connected to Internode B/Band ADSL- 512- 246 60gig “
I have VoIP via Uniden Dig 5.8GHz Cordless Phone (2) Handsets and Base (connected into the Linksys 3102 and ADSL Internode next to the Desktop) and to ‘MyNetFone VoIP’ Via the ... Read more

A:Computer So Slow Cannot Start in Safe Mode

Hello,let's do these first in Normal mode/Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again. >>>>Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on the renamed file to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an... Read more

20 more replies
Answer Match 58.38%

My desktop was slowing down for a while and now will only boot and be functional from the safe mode. When attempting to boot normally when i finally reach the desktop its moving so slow it's pretty much frozen.

A:slow computer-now only starts in safe mode

Hi, ewsmith. Welcome to TSF.

Boot in regular mode. I know it's slow, but bare with me. Go to processes and list them for me. Or take a screenshot.

1 more replies
Answer Match 57.96%

i have windows home xp edtion on parkard bell.in safe mode it is fine,but when on normal bootup mode it will hang up after 2mins aprox(then restart saying crit error,check hardware etc and being to dump files kernel),on a blue screen.

i tried a different graphics card,but no joy.so i replaced the hdd drive and put a fresh copy of windows xp pro edtion on,but it loads all the files(i have not pressed f6)i just let it run its course on the disc,then it hangs up on the blue screen again with the words(crit error 0x0000007f)check hardware etc and if this is the first time you have seen it try starting windows again.

Thankyou for all your time.
 

A:Solved: xp safe in safe mode fine...mormal mode blue screen

Start in Safe Mode and look in C:\Windows\Minidump for crash log files with a dmp extension, like Mini071008-01.dmp. Zip 4-5 of the latest ones and post here as a ZIP or RAR attachment. The log file contains information useful to determine what caused the error, most likely hardware.
 

2 more replies
Answer Match 57.96%

I'm new here and in hopes of getting this resolved. I just installed the new Norton Systemworks 2005 and rebooted after installation. When the boot screen got up to the blue screen with the Windows XP logo before displaying the login names where you put in your password, it just stops. I restarted a few times and waiting a few more times thinking it may need to 'finish' installing. But each time gave the same results. Finally, I went in with 'Safe Mode' and got in with no problems. Tried again in normal mode after looking around for any obvious problems (none found)... back to square one. Tried again in 'Safe Mode with Networking' and it failed like normal mode so I suspected a networking problem??? The last thing I tried which made me mad is that I tried to uninstall Norton Systemworks in 'Safe Mode' and that failed!! Anyone in these forums know the cure? :dead:
 

A:Unable to get to login screen, works in Safe Mode but in Safe Mode w/ Networking

Just a thought

Safe-Mode
Start \ Run \ msconfig \ diagnostic startup
disable any services attached to your most recent install and restart
should get warning next boot about using msconfig, its ok
One key service that needs to be available is the installer service
Try the uninstall, if doesn't complete
Try the uninstall string in the registry only if you know what you are doing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Under it you will see a list of installed programs. Some don?t show up as words but you can figure out what they are by looking at their values. What you are looking for is the uninstall string. Double click that key as if you were going to modify its value. Do a CTRL + C to copy and then exit the registry editor.

Go to START \ RUN and paste the uninstall sting and hit enter. This should launch the uninstall.

Just a thought though as I am not infront of a test system at the moment. You should research this a little further so you have a clear understanding of what you can and can't do with msconfig.

or simpler yet

Safe-Mode

Start \ Programs \ Access. \ System Tools \ System Restore

Select restore point prior to install of whats giving you the problem.

Again, Good Luck

PS If you try to install it again, turn of antivirus and other open programs etc..
 

1 more replies
Answer Match 57.96%

My laptop has been infected by malware/spyware. This is the first time i have joined any forum so look forward to your help. I have been working in safe mode since 2 days and need immediate help as this is my company laptop and i need access to programs that i cant get in safe mode.
Below is the HJT log report and attached is DDS. I could not run GMER in safe mode, let me know what to do. I also see that their is an "iexplore" process running in task manager which is a Trojan, as it launches itself after regular intervals even after i kill the process.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:25 PM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr... Read more

A:infected by malware/spyware.. running PC in safe mode since 2 days..need help

Hello and Welcome to TSF.


Quote:




this is my company laptop




We are sorry but this forum is intended for the home user.

Please contact your company's IT department for help and best of luck with your issues.

This thread shall now be closed.

------------------------------------------------------

1 more replies
Answer Match 57.96%

Hi - I was following another post where Afflack (splng?) was helping someone with the same issue.  I was able to create a FRST text file as he instructed.  However, in the post I was following, Afflack took this info and created a fix file for the user's computer.  I am hoping the same can be done for me.  Here is the contents of the FRST scan.  If I need to provide anything else, please let me know.
Thanks - Dinx
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by SYSTEM on MININT-K0HBV6E on 01-11-2013 14:12:54
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2010-06-09] (Symantec Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Micr... Read more

A:Infected with Antivirus Security Pro and cannot start Windows 7 in Safe Mode

Sorry for the mis-spelling - the person who was helping was Aaflac.

3 more replies
Answer Match 57.96%

My computer started displaying the System Tool pop up and the dreadful blue screen that said there was an error within the computer and the program was closing to save it (paraphrased of course-the screen came and went so fast)it then said if recent hardware had be installed try uninstalling it then it restarted. It went from that to now only being able to boot in safe mode. Now the wireless network is disabled...it says connection status unknown- the dependency service or group failed to start.
DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL
Run by msladydebbie at 23:09:48.71 on Wed 03/02/2011
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2813.2347 [GMT -6:00]

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Users\msladydebbie\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

==... Read more

A:Infected With System Tool Computer Only Boots In Safe Mode

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

26 more replies
Answer Match 57.96%

I am having the same issue posted by KellyV6726.  I have the "Antivirus security pro" virus but can't follow the fix instructions because it won't let me boot in Safe Mode of any form.   I followed the instructions from Aaflec in KellyV6726's  post and created a FRST.txt file, which I'll paste below.  Since Aaflec took Kelly's FRST file and created a fix file, I am hoping someone can do the same for me - or tell me how to do it.  (I initially posted this issue in the "Am I infected" forum, but received no replies so I'm assuming that was not the right place!) 
 
The contents of my FRST file:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by SYSTEM on MININT-K0HBV6E on 01-11-2013 14:12:54
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [ccApp] - C:\Program Files\Common F... Read more

A:Infected with Antivirus Security Pro and cannot start Windows 7 in Safe Mode

Hello Dinx I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", th... Read more

26 more replies
Answer Match 57.96%

Hi,
 
I am infected with the System Care Antivirus on a Windows XP machine. When I try to boot into Safe Mode (both with or w/out Networking), I get a Windows blue screen of death. I have removal instructions that I can follow, but those depend on launching Safe Mode. Any suggestions? Is there a rescue disc that I could try?
 
[Note: The machine does boot into normal Windows mode].
 
Thanks!
 
FrisB

A:Infected w System Care Antivirus -- Can't Boot Into Safe Mode

I'll report this topic to appropriate helpers.
Hold on there....

4 more replies