Computer Support Forum

PC Infected now no longer loads out of safe Mode!

Question: PC Infected now no longer loads out of safe Mode!

Hi,

Had Issues for a while with being directed to random sites while using google and random pop ups,

Had the Yellow shield pop up in the task bar telling me i had to restart the system, after restart the Colour of the font in Firefox had changed to black and was running slow and freezing, 3-4 minutes in and the system would freeze only relief being the restart button.

3/4 restarts down the line im here , after the Windows XP loading screen goes off the screen just stays black no welcome page

EDIT EXTRA: It seems the wpa.dbl fil was modified at the time of the attack

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:42, on 15/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aportals.net/pubac/ac.php?aid=158&sid=clean12
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4d0bccc2-cd70-4d3c-9f14-9fc6d896a5d0} - C:\WINDOWS\system32\yigazifa.dll (file missing)
O2 - BHO: MSN helper - {4EFD3AEA-B660-4f24-8519-12531D2A3B0C} - khmx0.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vefazotinu] Rundll32.exe "C:\WINDOWS\system32\rafowonu.dll",s
O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [combofix] =\kmdcd:=\\Combobatch.bat
O4 - HKLM\..\RunOnce: [combofix] =\kmdhome:=\Combobatch.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - HKUS\S-1-5-21-776561741-1767777339-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Owner')
O4 - HKUS\S-1-5-21-776561741-1767777339-839522115-1003\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'Owner')
O4 - HKUS\S-1-5-21-776561741-1767777339-839522115-1003\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User 'Owner')
O4 - HKUS\S-1-5-21-776561741-1767777339-839522115-1003\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'Owner')
O4 - HKUS\S-1-5-21-776561741-1767777339-839522115-1003\..\Run: [Cognac] C:\DOCUME~1\Owner\LOCALS~1\Temp\b.exe (User 'Owner')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3F16B6-20CE-493A-9386-765AEC728A94}: NameServer = 192.168.1.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E3F16B6-20CE-493A-9386-765AEC728A94}: NameServer = 192.168.1.1,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E3F16B6-20CE-493A-9386-765AEC728A94}: NameServer = 192.168.1.1,4.2.2.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E3F16B6-20CE-493A-9386-765AEC728A94}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: reset5c - C:\WINDOWS\SYSTEM32\reset5c.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 10196 bytes

More replies
Relevance 100%
Preferred Solution: PC Infected now no longer loads out of safe Mode!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 75.85%

Windows XP will freeze after about 10-15 seconds after starting up. I cannot move the cursor or right-click. I have no other choice but to hold down the power button and shut down. However, it loads OK in Safe Mode. Where do I go from here to fix this?

Answer:Windows XP freezes on startup in normal mode, but loads OK in safe mode. What do I do?

Arrrgh! Now when I go into Safe Mode none of the icons appear, and I can't see the Start menu! It's a totally black screen except for "Microsoft ® Windows XP Build..." and "Safe Mode" in the four corners. Please help!

24 more replies
Relevance 73.39%

The problems started when I was watching a .avi file in windows media player 10, and the screen started blinking to black for about 2 seconds then it would go back to the video for about 2 seconds. The sound was freezing and unfreezing at the same time as the video. I could move the mouse around but only when the video and audio were unfreezed. So I tried restarting it and now whenever I boot up in normal mode, after the black screen with the Windows logo that says loading, my monitor turns off and says "no signal" as if it's been unplugged.

I can boot up in safe mode, but it's frozen up a couple times, over about 20 hours of usage, and I've had to restart.

I've tried running adaware, windows defender, housecall, kaspersky online scanner. They came up with 4-5 items but it didn't fix the problem.

I've got an amd athlon xp 1800, nvidia geforce 2 64mb, and 1gb of ram. And the computer is about 4.5 years old, the power supply is about 2 years old.

Answer:Win xp loads in safe mode but not normal mode

You might like to try this workaround (you will need your Windows? XP SP2 CD).

Insert the Windows? XP CD in your drive. (Hold down the Shift Key to prevent it from starting.)

Go Start > Run ...in the box type in sfc /scannow ?please take note of the space between the sfc and the /.

This is the System File Checker...it will scan all the Windows? core system files to ensure that they are in their respective correct places, and if not replace them from the CD.

During the scan you may be asked to Insert the CD, if this happens just go retry and let it do its thing.

One important point: While sfc is running, it is not advisable to do any other work, or have any browsers/programs running on the computer, until the scan is complete. (This process will generally take around 45-65 minutes to complete).

Once finished, remove the CD and reboot your machine...all should be "Normal" (hopefully).

Please post back with the result, or if there are any further queries/concerns.

6 more replies
Relevance 73.39%

The problems started when I was watching a .avi file in windows media player 10, and the screen started blinking to black for about 2 seconds then it would go back to the video for about 2 seconds. The sound was freezing and unfreezing at the same time as the video. I could move the mouse around but only when the video and audio were unfreezed. So I tried restarting it and now whenever I boot up in normal mode, after the black screen with the Windows logo that says loading, my monitor turns off and says "no signal" as if it's been unplugged.

I can boot up in safe mode, but it's frozen up a couple times, over about 20 hours of usage, and I've had to restart.

I've tried running adaware, windows defender, housecall, kaspersky online scanner. They came up with 4-5 items but it didn't fix the problem.

I've got an amd athlon xp 1800, nvidia geforce 2 64mb, and 1gb of ram. And the computer is about 4.5 years old, the power supply is about 2 years old.
 

Answer:Win xp loads in safe mode but not normal mode

9 more replies
Relevance 72.98%

I am helping a co-worker get his daughter's Dell computer (running XP) up and running again. He only told me that it was running slowly. When I boot it up it never seems to load completely. Task list is not accessible, several error reports come up asking if I want to send them and then twice I got booted to the blue and white screen telling me that windows was shut down due to errors. Each time that I booted a virus scan found and deleted a Trojan or two. Currently running in safe mode. Where should I begin? Hijack log attached below. Thanks for any help with this. Currently running Trend Micro scan but I don't know if it accually works in safe mode. Has been running over 35 minutes now on a DSL connection showing 99 % done for most of that time.

Jeff

Logfile of HijackThis v1.99.1
Scan saved at 4:59:37 PM, on 10/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\Toolbar\TBPSSvc.ex... Read more

Answer:XP loads only in safe mode

16 more replies
Relevance 72.16%

Just out of nowhere, I turn on my computer, starts as usual with the Windows XP logo with the scroll underneath. Then at the welcome page a box pops up titles User Environment. In the box it says: Windows can not load user's profile but has logged you on with the default profile for the system. It goes through a countdown and acts like it is going to load but the screen is just blue, no screen saver, nothing. I tried turning it on and off a few times. Other times on the blue screen it would have my icons, but will not open any of them, an error box comes up. Now, when I reboot in Safe mode it works fine, although I noticed audio does not work. So why work in safe mode and nothing else? If anyone could help me it would be greatly appreciated!!!! Thank you!!! I have to add, my computer is getting up there, I got it in 2001 for college. People tell my I should get a new one, but everything is on there, files, music, etc... I really don't need a new computer at this point in time, this was still getting me by.

Answer:Window XP only loads in 'Safe Mode'

Tried creating a new user account yet?http://support.microsoft.com/kb/279783

1 more replies
Relevance 72.16%

I'm working on sons dell demnssion 4400 with xp home edition.

I can only boot up in safe mode all other times screen is blank.

I've checked bios. It does seem to boot normal but i get nothing on the screen unless I'm in safe mode.

help

Answer:windows xp only loads in safe mode

Quote:





Originally Posted by ken_janssen


I'm working on sons dell demnssion 4400 with xp home edition.

I can only boot up in safe mode all other times screen is blank.

I've checked bios. It does seem to boot normal but i get nothing on the screen unless I'm in safe mode.

help




its the os,

in safe mode get you windows cd

run a sfc /scannow from the command promt this will correct all system files
(most likly the reason for the blaack screen)

it could also be drivers so you may want to remove all drivers ( everything but the network card so you can download the drivers again)

Test that and post back

thanks
Wolf~

1 more replies
Relevance 72.16%

Windows security center and XP internet security 2012 still loads in safe mode so I cant get rid of it like i would any other virus? any suggestions?
 

More replies
Relevance 72.16%

Hi,

I have been fighting with my daughters computer for hours and hours.

It is an new model emachine with Windows XP.

The problem is I can load it everytime in safe mode and it works fine. Actually I use safe mode with networking for internet and it works fine.

When I just try to load windows normally it gets to the dark Windows screen and the blue loading thing runs across the screen for about 20 seconds then just stops and nothing happens. It just will not load.

The computer was bought refurbished so I do not have any kind of reload disk. I have used safe mode to restore to earlier points a month back and it still does the same thing. I just updated my video driver to make sure that was not the problem, same thing.

Could this be a virus or is it most likely drivers? I keep thinking it is a virus because safe mode works and I tried to load the computer normally with very minimal drivers and it still hung up.

Any help would be appreciated.
 

Answer:Windows XP only loads in safe mode?

How about trying a check disk repair from safe mode? This should correct any errors/corruptions in system files which would be a good start at eliminating some software possibilities. Here's how:

Disk/repair (Check Disk)
Left click on My Computer(open)
Right click on "C" or your OS drive if another letter.
Left click Properties and then click Tools Tab.
Left click on "Error Checking"> Check Now.
Left click to enter check mark in BOTH boxes offered.
Left click on "Start".
Computer will have to reboot to begin repairs.
Just leave alone (you're locked out anyway) 'til process finished.
If computer normal after process complete you might want to create a new
restore point and Label it POST ERROR REPAIR.
This is based on using an onboard copy of sys
files if copy is ok.
If copy is corrupted, it may tell you to insert XP or SP2(if patch applied) disk or to indicate location of SP2 info to get new,
clean copy inserted. Good to have disk at hand.

Could be CMOS battery but I would expect one to last 5 years from new (more or less by a month or two).
Also possible overheating (dead or clogged fans) or power supply dying. Likely if fans have never been cleaned. Check for this by removing side panels on unit and aiming a desk top fan at unit to help cooling. If symptom stops, overheat is likely problem
 

3 more replies
Relevance 71.34%

Hello, my Vista Home Premium 32 bit is fast on normal, but when it goes to boot into safe mode, and shows the files and drivers it's loading, it goes SUPER slow, and just loads 1 line at a time for like 5 seconds.

And even when I go to choose an advanced option, it takes a while for the choice screen to load, it will load like 1 line at a time, and its very annoying.

The Picture below... It will load 1 line at a time, and it will take like 10 mins to boot to safe mode.

Answer:Vista SLOWLY loads to safe mode?

Hi

Seems that your problem is the reverse of most that I have seen. I can only think of one suggestion. The absence of a process that normally loads is slowing you down. Why not do a clean boot, to determine the culprit. You can possibly fix the problem, once you know the source.

How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7

Hope that this helps.

1 more replies
Relevance 71.34%

I think my PC has a virus, right now I'm posting from my laptop. I can only boot up my PC into Safe Mode. If not the start up screen just counts down and reboots itself. I tried system restore (reversed it one day) but still no luck. When I turned it on today morning (when it did work) Zone Alarm pulled a warning up about LSASS. Which I denied the file acces because I remembered that it was the "sasser" virus title.
It's up to date on all microsoft updates but I think I have a several month old AV definition file

Answer:My desktop won't boot up..Only loads into safe mode

XP SP1 or 2? lsass.exe isnt the virus....You might want to try the windows repair. Check msconfig>startup and make sure nothing is in there that dont need to be. Download msconfig cleanup and remove everything but your antivirus and firewall entries and then try to boot

9 more replies
Relevance 71.34%

I've posted this whole story on another forum, but if anyone here has any suggestions then I'd love to hear them.

Basically, my computer seems to be fine, but I need to get into Safe Mode, and I can't! It runs the drivers down the page and then reboots itself!

http://www.techsupportforum.com/showthread.php?p=123358

Thank you everybody
 

Answer:Window XP loads... but Safe Mode doesn't

Have a gander here, but be very sure you know what you are doing if you choose to update the BIOS ...

http://www.mcpmag.com/columns/print.asp?EditorialsID=729

Find Ntbtlog.txt (in c:\windows) and see what the next driver is.

On my system it is: agp440.sys

Hangs here indicate a problem with the VGA drivers being loaded. I've seen this a few times and it can be resolved by updating the Video drivers.

http://support.microsoft.com/default.aspx?scid=kb;en-us;324764
 

1 more replies
Relevance 71.34%

Hi, I've searched around for quite a long time on this one, and although I've seen a few people with similar problems, I haven't seen anyone posting a solution. So here goes...

My computer works! However, I really want to change some of the security settings and to do this I need to start in Safe Mode, which won't work.

(If anyone knows how to change the security in Windows XP Home without Safe Mode I'd like to know, but I really want to fix the Safe Mode problem).

When I boot up in Safe mode, it starts to load, runs a list of drivers down the screen, then just stops and freezes (at one called mup.sys, although I have a hunch the problem is caused by the driver immediatley following this one) and then restarts the computer.

I have been through a long toruous process of buying a new harddrive and reinstalling windows because this problem got worse (although that was probably my fault) and having reinstalled all of my software from scratch... it's there again!!!

There must be something different about the way that Safe mode uses the
drivers than a normal boot, which is causing this!

My best guess it's a hardware problem (I recently bought a mains powered 4-port usb hub) but I don't seem to be able to stop it be removing the hardware. It could also be a software thing, so to ease the process here's a list of the main things I run: (Windows XP SP2 Home, Panda Titanium 05, Zonealarm, Nero (all of it) and a whole bunch of (I think) harmless other stuff.

P... Read more

Answer:Window XP loads... but Safe Mode doesn't

have you an ups, as mups can be the advanced settings in it

11 more replies
Relevance 71.34%

Hi

My Dads PC recently started freezing when loading windows XP (at the splash screen before the login screen). This seems to be an intimitant error at the moment. Windows also apears to load without problems in Safe Mode.

I have attempted a clean re-install of windows XP and he has informed me that the problem persists. Any help and suggestions in troubleshooting and solving this problem would be apreciated. Below is a list of the PC's hardware.

ASUS A8N-SLI Premium
AMD Athlon 64 X2 Dual Core @ 2.2GHz
2GB RAM
WDC WD2500AAKS-22VSA0
ATI Radeon HD 3400
Creative SB Audigy 2

Thanks in advance.
An Amateur
 

Answer:Win XP freeze before login, loads ok in safe mode

7 more replies
Relevance 71.34%

Topic says it all. Event viewer says msvcr80.dll faulting module. Lot of bsods lately. Run malwarebytes on every download. Zonealarm firewall. File properties show some 300 mb of files in my user folder that it can't account for when asking for visible and hidden files directly. I'm a pretty good geek, but this one has me in tears. No backups.

Answer:msvcr80.dll errors, FSX only loads in safe mode

Hello?

43 more replies
Relevance 70.52%

Hello and thank you in advance to anyone who takes the time to assist me with my problem.

Specs:
A8N32 SLI Deluxe mobo
Enermax 400w ATX PSU
1024mb Corsair Memory
Jaton 118PCI GeForce2 MX400 32MB
Win XP Pro SP 2

The story is about a week ago my computer that has been great for the past year started rebooting when the desktop would begin to load (all desktop icons would show, programs start to appear in system tray, and then it reboots). I adjusted some settings and the problem seemed to go away, only to reappear the next day.

Now, it happens every single time, in the same way that I described. I tried loading safe mode and it works fine, ran an online virus scan and apparently there were 5 viruses on my computer, unfortunately I can't install or update any AV software while in safe mode. I took turns removing both memory sticks from the system to see if that was the cause, and nothing changed. I tried uninstalling my video card drivers (in safe mode), and nothing changed. Could it be the PSU is dying? If it were wouldn't the computer reboot when using safe mode as well?

Much appreciation for anyones input...thank you.

EDIT
HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:29:47 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
... Read more

Answer:(XP SP2) reboots after desktop loads, safe mode works okay.

You may still be infected with viruses, spyware and malware. Safe Mode doesn't require much to load... You could have damaged Windows files that aren't loaded in Safe Mode
 

1 more replies
Relevance 70.52%

o, i was cleaning my sister notebook because it was full of unwanted programs,alot of unnecessary startup programs, so i downloaded tuneup utilities 2011(with registration key) and did all tuneup availables.
I also unninstalled like 40 programs plus++
I performed full avast scan, Full malwarebytes scan, Full trojan remover scan.
I had like 30+ restarting requests from the programs I was going to do them all in only one.
So after all the cleaning I've made, I decided to reboot it, But after that loading screen that says "Microsoft corporation", when it is going to enter account selection(doesn't show nothing) it gets black, blink, and then reboot.
I choosed to system not reboot in case of fail, then just stay a black screen, nothing else.
I can use safe mode normally(I'm posting from the notebook)
So I would apreciate some help, cuz if my sister know this, she would kill me because everything is always my fault.
And I don't have the vista installation CD(If there's no option i can download it no problem)
Things done so far:
-CHKDSK
-Prevent system from rebooting in case of system fail(Before this was just a reboot loop)
-Scan for Virus,Malware
-Driver update(Actually video driver only)
-Let it cooldown turned off
-Disable all startup programs at msconfig(Even thinking this wouldn't work because it doesn't even load windows)
Note: Tune up utilities made me delete alot of unused files, like old backups and system restores, and it cleaned alot of registr... Read more

Answer:Vista Loads only safe mode-BLACK SCREEN

Use Windows DVD or HDD recovery partition and boot into Recovery. Select "Windows System Restore" - choose restore point prior to commencement of cleanup.

4 more replies
Relevance 70.52%

Hi, my computer wont load. it gets as far as teh loading screen, and at the poin where i would expect teh desktop to load, it resets. the only way i can get it running is in safe mode. i have scanned my comp using the newest definitions of my scan programs, but nothing works, here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 21:58:52, on 23/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program file... Read more

Answer:Computer continually resets, only loads in safe mode

Let's have a look at Windows Event Viewer. It might give us a clue as to what is causing these issues

Go to Start > Run - type in eventvwr <Press Enter>


This is a picture of what the event viewer looks like. You will see Application, Security & System listed in the left pane. In the left pane click on System. Click the gray title “Type” at the top of the source name column in the right pane to sort by type name
Look for “Error” & double-click on recent events, and evaluate the event description for any indication of the cause of the problem.
Make note of the Description, EventID and Source of these Event Properties.
From the right pane, doubleclick on the line where it says error & you should get a window like the example below


In the upper right corner of this picture, you should see 2 arrows. One is pointing up & the other, pointing down. There is another button below the 2 arrows. Click once on it. (this will copy some information to clipboard)
Open notepad & paste the info there. Then, show me your findings

19 more replies
Relevance 70.52%

Whenever I startup it locks up during the Windows XP Home Screen where the thing goes back and forth.

I really don't want to format but let me know if that's my only option. I can startup in Safe Mode with Networking so I know the problem can't be that serious since I'm posting from the computer right now.

I looked at my Event Viewer and here's what I found:

The following boot-start or system-start driver(s) failed to load:
cdudf_XP
Fips
intelppm
NPPTNT
UdfReadr_xp
VET-FILT
VET-REC
VETEFILE
VETMONNT

For more information, see Help and Support Center at
---------------------------------
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
------------------------------
The server could not bind to the transport \Device\NetBT_Tcpip_{9B1032C8-F9AD-4936-96AE-A41FFA75065A}.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
------------------------------
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
---------------------------
The TCP/IP NetBIOS Helper servic... Read more

Answer:Windows XP Locks During Bootup - Only Loads in Safe Mode

Two choices
1) Do a System Restore to when it was last working.
2) Do an in place install as Rick's post.
 

1 more replies
Relevance 70.52%

Hello all,

My wife's laptop (which is running Windows XP service pack 2) recently got hit with super anti virus pro. I ran malware bytes on the computer and on restart the computer would hang on a black screen with the cursor. I restarted in safe mode and was able to get back into normal mode after I used msconfig to disable all the programs that were running on startup. After re-starting I was able to log in, in normal mode. I also used msconfig and changed the startup selection to diagnostic startup.

Now windows explorer wasn't running, so I restarted in safe mode. Windows explorer won't run now in safe mode either. I restarted one last time in safe mode with command prompt. The command prompt works and when I tried to use that to run explorer.exe it came up for a second under windows task manager and immediately closed. I'm pretty much at a loss of what to do now.

Answer:Windows Explorer neither loads in regular or safe mode

<<I also used msconfig and changed the startup selection to diagnostic startup.>>Did you ever take the system out of diagnostic startup mode, using MSCONFIG?http://support.microsoft.com/kb/310560Louis

3 more replies
Relevance 69.7%

I have a relatively new HP Pavilion p6610f w/ Windows 7 Home Premium. Nothing has been installed in it but I have tons of documents and pics.

All of a sudden, the PC stops loading completely. With safe mode and regular mode, it loads to the welcome screen (the light-blue screen displayed just before the logging icons), and it just stops there. The PC is not frozen because I can move the mouse and the caps/num keys turn on and off, but it just displays that screen.

I tried booting with another Windows DVD I have, and it also gets stuck.

What else can I do?

I was thinking that it could possibly have a virus, but I'm not sure how to run an AV if Windows doesn't load.

Any help is appreciated.

Thanks.

Answer:Win7 Home Premium never loads completely. Happens in safe mode also...

Howdy,

So absolutely nothing has been installed and only files have been transferred to it. How young is this system, and is it from retail? Are there any peripherals or extraneous USB devices (like an external HD) attached to the system?

Have ya tried running SFC at boot-up to ensure everything is in working order? You may wanna do that, as well as /chkdsk r while you're in the recovery console.

7 more replies
Relevance 69.7%

Hi everyone.I have strange issue with windows 7 32bit. I have tried searching for similar issues, but I couldn't find anything relevant to my problem.So here is my problem.

When I turn on the computer it loads windows, then the deskop & the taskbar icons starmenu icon, the clock etc but the tray items don't.

When I try to click over something it shows the loading mouse cursor (hourglass) ... and I cant click anywhere.
I also cannot enter ctrl+alt+del to enter task manager.

Then after I restart the computer from the button and I enter in safe mode ... after I shut it down from safe mode I turn the computer once again, and I enter in windows without any problems. But if I shut it down again the next time I boot, the same problem happens again .. so any ideas ?

Thanks.

Answer:Windows 7 only loads properly after i boot on safe mode previously

Do you have an antivirus software? If so which? Have you tried Microsoft Security Essentials (FREE)? If you want to, disable or remove any old antivirus and install it (You cannot run two AVs together; I am not sure if you can install it in safe mode or not either). Let it update and then do a full scan (will take some time).

If you have no viruses, you can try this: Optimize Windows 7
(remember, no one is asking you to buy anything or to change settings you do not feel comfortable changing. This is just an exhaustive list)

If none of these options work, let me know. Have you previously removed viruses or have changed important windows settings?

6 more replies
Relevance 69.7%

I have a relatively new HP Pavilion p6610f w/ Win7 Home Premium. Nothing has been installed in it but I have tons of documents and pics.

All of a sudden, the thing stops loading. With safe mode and regular mode, it loads to the welcome screen (the light-blue screen displayed just before the logging icons), and it just stops there. The PC is not frozen because I can move the mouse and the caps/num keys turn on and off, but it just stays in the screen.

I tried booting with another Windows DVD I have, and it also gets stuck.

What else can I do?

I was thinking that it could possibly have a virus, but I'm not sure how to run an AV if Windows doesn't load.

Any help is appreciated.

Thanks.

Answer:Win7 Home Premium never loads completely. Happens in safe mode also...

Have you tried a startup repair ?

1 more replies
Relevance 69.7%

I have a dell Inspiron 9100 (Intel Pentium 4 CPU 3.00GHz) desktop running Windows XP SP3 only. I have one fixed 160GB Hard Drive. I have not changed any settings/ installed/removed any programs recently. My last shut down was normal.
When i started up the pc i got as far as the xp splash screen which i believe it would have stayed on indefinitely. The scroll bar was still scrolling. So I attempted restart and tried again and the same problem occurred. I then attempted to start in safe mode were the BSOD occurred at what appeared to be the end of the driver loading. I got the message unmountable_boot_volume with the error code 0x000000ED (0X869C45CO, 0XC00000BS, 0X00000000, 0X00000000)
The first thing i did was dissemble my pc, unplug/replug all the insides, remove all dust and i even reinserted the drive battery. I tried restarting again and the same issue.
I then went on to google the issue to read what felt like hundreds of similar but never the same issue.

As i usually use my tv as a monitor i thought this could be the issue. So i put in an ordinary monitor and took out all my usb peripherals. Same issue again.
At the stage i thought i would post for help. Not wanting to seem like a newbie i went through all the steps that i did before so i could get the exact error messages to post when i noticed that when i retried safe mode it stopped at a certain point during the driver loading and along the bottom of the screen PRESS ESC TO CANCEL LOADING SPTD.SYS... I Hadnít notic... Read more

Answer:XP splash screen loads forever; Safe mode gives BSOD

SPTD.SYSClick to expand...

Remove your daemon tools program, restart and see if the problem goes away.
 

1 more replies
Relevance 69.7%

Hi. This is my first post. Excited to be here. I've been having a problem for the last two days with my HP laptop running Windows XP. It started when I got a message from the Norton software saying spyware had been detected. I ran a complete Norton scan, it found the spyware virus, and removed it. After this, I rebooted, and everything looked okay. I was able to log in, all the desktop icons showed up. However, none of the icons along the bottom in the task bar showed up, and when I moved my cursor down there it turned into the hour glass, and nothing responded when I clicked on it. I let it go for about 45 minutes, and still got the hour glass, and still no response. I tried re-booting several times and had the same thing happen. Then I tried booting in Safe Mode and STILL had the same problem. It's frustrating because I can't access anything. The only thing that works is the Task Manager. I could list the processes that are running if someone thinks that might help. Also, when I reboot I get a message which says "Ending Program ccApp.exe" which I know is a Norton file. I'm not sure what to do. Any advice? Thank you so much.

Answer:Freezes After Desktop Loads, Even In Safe Mode, Norton Problem?

Welcome to Bleeping Computer, julie_emm:Try to run System Restore from the command prompt. Use a restore point just prior to when the problem appeared.The following steps came from http://bertk.mvps.org/How do I Start the System Restore tool at a command prompt?1.) Restart your computer, and then press F8 during the initial startup to start your computer in Safe Mode with a command prompt. 2.) Log on to your computer with an administrator account or with an account that has administrator credentials.3.) Type the following command at a command prompt, and then press ENTER:%systemroot%\system32\restore\rstrui.exe4.) Follow the instructions to restore your computer to an earlier state, or undo the last restore if available.For more information on System Restore, please see this Bleeping Computer tutorial.Windows XP System Restore GuideLet us know if that helped.

3 more replies
Relevance 68.88%

Hey there,
Just like the title says it, I can't get into windows on normal mode, because it freezes when I'm on the page where the windows logo loads.
Then I can't get into Safe mode, because the PC simply restarts.
I can't seem to find the problem!

What I know is this list of "not it"

-it's not the Hard Drive because, I took that hard drive and installed windows on it from another working PC and no problem interfered.
-it's not the Processor because I can see the PC start and I can get in the BIOS no trouble, and I can also clarify that the Processor temp is about 38C. The PC freezes when the windows logo is loading.
-it's not the Power Supply, because I replaced it with a well working one but the problem was still there.
-it's not the DVD-RW drive because I replaced it with a CD-Drive that worked and the problem still occurred.
-it's not the floppy drive...because I simply disconnected it....and the problem was existent.
-it's not the Video Card because I replaced it for the integrated one, but the problem was still there.

So what else can the problem be? the motherboard? .....I really don't know...

Answer:PC freezes when windows logo loads and restarts when entering Safe Mode

You took a drive with Windows already installed on it and put it in another system with a totally different hardware configuration. Try reinstalling a fresh copy to have Windows perform the needed detection of the new hardwares it will find now. With a fresh install seeing this a bad install or bad memory?

9 more replies
Relevance 68.88%

Hello everyone,

Recently my computer was infected with some malware. I used cCleaner, Ad-aware, spybot sd pro, and malwarebytes antimalware to get rid of it. after removing what i thought to be all of them, i found that i had also picked up the providefeed and thefeedwater browser redirect. i followed some steps from a reply to another poster who was having the same issue. i got super antispyware and modified the scan peramiters. i then ran msconfig and checked the safe mode box under boot.ini. I then found that my computer was unable to boot properly and after showing the windows xp logo and loading bar it would reboot again. I have already tried booting from disk by pressing f2 on startup and setting cd drive to first boot device. i have also tried taking out the coin sized battery that controols the date and saving of some settings for about 60 seconds. i would really rather not loose all my data on my hard drive as much of it is not replacable. My computer is a gateway desktop computer. my OS is windows xp media center edition.

thank you for your help and please reply.

Answer:Continuous reboot before windows xp loads, unable to enter safe mode.

i followed some steps from a reply to another poster who was having the same issue.You should not be following specific instructions provided to someone else. Those instructions were most likely given under the guidance of a trained staff helper to fix that particular member's problems, NOT YOURS after careful evaluation of the malware involved. Before taking any action, the helper must investigate the nature of the infection and then formulate a fix for the victim. Although your problem may be similar, the solution could be different based on the kind of hardware, software, system requirements, etc. and the presence of other malware. Using someone else's fix instructions could lead to disastrous problems with your operating system. i then ran msconfig and checked the safe mode box under boot.ini. I then found that my computer was unable to boot properlyUsing MSConfig to access (force) safe mode with the /Safe boot option when there is malware on your system could have disastrous results and render your computer unbootable. The Safeboot option modifies the Boot.ini file by adding the /safeboot:minimal argument to your operating systems startup line. Some types of malware can delete or alter the safeboot key in the registry resulting in the inability to reboot fully into safe mode or back to normal mode. When this occurs, you may be locked in a continuous reboot loop afterwards where you cannot get back to MSConfig and undo your selection until the /safeboot argument i... Read more

3 more replies
Relevance 66.83%

I have been using the instruction from "Safe Mode - Add to Windows Boot Manager in Windows 8" for a very long time to give me that extra chance to get into Safe Mode if Normal Mode is having problems. All of the Windows 8/8.1 PCs at our site are set up that way.

Just got a Lenovo Flex 2-15 with Windows 8.1. It allowed me to add the 2 entries that I always add to the Boot Manager (Safe and Safe with Networking). And I can see them there in MSCONFIG. But when I boot up, it just ignores the extra entries and just comes up in the main OS entry. Not only that, but then I discovered that F2 and F12 at boot up stopped working as well. So then I removed the safe mode entries and now I can do F2 and F12 at boot up just fine.

This PC is using Secure Boot and UEFI. And I'd like to continue using those. Has anyone come up with a way to add the safe mode entries in the Boot Manager and have them work?

Answer:No longer able to setup safe mode in BCDEDIT on new PC

Since I want to keep the newer EUFI and Secure Boot, I decided to use the command "bcdedit /set bootmenupolicy legacy" to make pressing the f8 key usable again and forget trying to add fake multiboot entries to the Boot Manager. Now I can get the same effect and eliminate that extra menu at the beginning which was only there in case I needed it. And then if I have a specific reason to use the Windows 8/8.1 troubleshooting, I can switch back using "bcdedit /set bootmenupolicy standard" whenever I want to. The other thing I found researching this is if I hold down the shift key when I click on restart, it automatically goes into troubleshooting mode, giving me the other options like system restore and such...the safe mode part still comes up ala windows 7, but the rest looks like the Windows 8 troubleshooting I've grown use to. So this is solved as far as I'm concerned.

1 more replies
Relevance 65.19%

A few days ago, I was about 2 minutes into a show on Mozilla, when my computer froze and I encountered the Bsod. My computer is almost 4 years old and due to an electrical sure years ago the motherboard was replaced, and most recent at the start of this year my computer ended up at the point where it couldnt even start, luckily we got that fixed with some new ram and a new copy of windows 7, sadly nothing memory wise was salvaged. Since then I have not once encountered problems with my computer until now.

When it first crashed I restarted and tried to resume my show foolishly, again 2minutes in the Bsod was back. This time I ran chckdsk which failed fairly far through, after which my computer will no longer boot to windows successfully for even a moment in windows. So far my attempts at saving my computer have been; repairing disk on the computer which fails every time, using my windows 7 disc to attempt a repair of windows, and booting a usb with AVG recovery software. The latter of which I used to scan for any potential viruses even though I had panda cloud running when it crashed (fully updated of course), only low level threats showed up all of which I have fixed. Next I performed a SMART health assessment, which failed. It tells me:

Drive failure expected in less than 24 hours. SAVE ALL DATA

ID-5 / Attribute name- reallocated_sector_ct / Flag- 0x0033 / Value- 001 / Worse- 001 /
Thresh-036 / Type- Pre fail / Updated- Always / When_Failed- Failing now / Raw Value- 2... Read more

Answer:Windows 7 BSOD, will no longer boot fully even in safe mode

So your hard drive is bad and this means exactly what it says "Drive failure expected in less than 24 hours. SAVE ALL DATA"...
 

11 more replies
Relevance 65.19%

To sum up: I can't install or run Dropbox anywhere but in safe mode. Something I'm running in normal Windows 8.1 mode is conflicting. I have searched logs my, but have found nothing, at least nothing I can decipher. Dropbox support couldn't help. Dropbox is the only executable installer I have that won't start. My dropbox account is running like a champ on various other Mac and Windows 7 and 8 machines at school and home. How can I resolve this? 
 
Details: 
 
I've had Dropbox 3.03, pro account, Windows 8.1 Pro with Media Center. Beginning two weeks ago, Dropbox's status had been stuck on "Upgrading Dropbox" and Windows Explorer was using up to 35%  CPU constantly. (I still was able to sync.) The status bar icon finally stopped loading about a week ago. The current Dropbox version is 3.2.9.
 
I have scanned and continue to scan daily using Avast 2015 (paid version, but usually not installed), Emsisoft, Malwarebytes, and ADWCleaner, all of which say I'm clean. 
 
I uninstalled Dropbox to see if a fresh install would help, including removing all Dropbox folders and, of course, a restart. But, when I download a current version, it won't install. Nothing happens when I click the downloaded file except an increase in Windows Explorer CPU (25%) usage. This happens with both the online and offline downloads. This happens no matter what disk or portable device I try to run the downloaded installation files from. 
 
Here are some other... Read more

Answer:Dropbox no longer installs or runs in Windows 8.1 - (except safe mode)

Hello,
 
I have the same problem. Dropbox wont finish installation, only if I do it in safe mode. 
It also won't start unless in safe mode. 
Have you found any solution to this problem?

1 more replies
Relevance 65.19%

Ok, so on a different board (I think I am the victim of terrible advice), I went through all of the malware steps with some people and I think I was pretty successful (and I d/l Firefox); however, after turning my computer off, I can no longer restart in "Normal Mode". I just get that terrifying blue screen.

(It should be noted that I also "tried" to wipe out IE from my computer, but I don't think it worked)

Here is what it says is my problem:

*** STOP: 0x0000008E (0xC000009A, 0x86EB7641, 0xF698D8EC, 0x00000000)

I have tried to restore my system, but it won't allow me to in Safe Mode, and it says that it is turned off anyway.

Someone told me to reboot in "Diagnostic Mode" after typing msconfig in "Run" while in Safe Mode. When I did that, the exact same thing happened, and I got this message:

*** STOP: 0x0000008E (0xC0000005, 0x86EAF05A, 0xAAC79C98, 0x00000000)

I have since went back and set it back to normal getting the original message. I have googled these numbers, but to little avail. The best I can come up with is that I am having RAM issues and space issues; however, I currently have 16 free gigs... So I don't understand.

Any help would be greatly appreciated b/c I would really like to get around wiping out my harddrive (reformatting). I have a Gateway (with the restore disc) from Jan. '05. Pentium 4 Processor 530. Processor speed is 3Ghz, 800MHz FSB, 1MB L2 Cache, 200Gig HD, 7200RPM RAM, 1024 MB DDR Dual ... Read more

Answer:After Cleaning my System of Malware, I Can No Longer Run XP Home Outside of Safe Mode

Maybe, the MALWARE that you have clean up was the source of your problem....

The Malware was intact with the system files, and when you clean it and delete, you also deleted the important files of your system

3 more replies
Relevance 64.78%

When I first saw this behavior I tried the regular system restore stuff and it continued to freeze during these attempts so I thought there was a problem with the hard drive. I installed a new hard drive and installed windows 7 64 home premium, but the freezes are continuing to happen. What can I do next to diagnose the problem? The fact that in safe mode it lasts much longer much be a major clue but I'm not sure what it says about the problem.

Answer:B575 freezes after startup - lasts quite a bit longer before freezing in safe mode

hi bmcn,
 
Welcome to the Lenovo Forums.
 
It's possible that another component is causing the issue (eg. Memory)
 
To check, can you try to perform a clean boot and run these tests in normal mode (or in safe mode if applicable):
 
1. Lenovo Memory Test (64-bit)
2. Lenovo Motherboard Bus Quick Test (64-bit)
3. Lenovo Video Quick Test (64-bit)
 
More diagnostic tools here.
 
 
Let me know how it goes.
 
Regards

9 more replies
Relevance 64.78%

Hi I am running Windows XP SP2, with Internet Explorer 7.0 my computer has recently been acting funny. I have went through the five steps and there is definitely something wrong. Please help.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:16:51 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\sy... Read more

Answer:Computer is slowing, Switch User no longer works as well as Safe Mode

bump need help

12 more replies
Relevance 64.78%

Hi,

I've been trying to clean my system for a couple of days now. I can't boot into normal mode. Only Safe Mode.

I've run the spyware removal in safe mode but it doesn't seem to help.

My administrator account disapeared in normal mode, leaving only a single user account. When I log on, that account will start to open, but never fully loads. I created a new user account and it hangs on the set up. I was able to see the administrator account again, by adding it back to the registry under winlogon but when I try logging on it also seems to be going thru the microsoft steps for setting up a new account.

Unfortunantly I didn't keep notes on all the stuff I've tried. I've run PC Tools Mechanic and also PC Tools Spyware Dr, all in safe mode only. I also had spybot search and destroy running but of course I can't access it in normal mode.

When I went to the control panal and looked at the administrator account, it was showing membership in the administrator and also the debugging group.

I'm sure I've got some sort of bad malware on my computer.

Kath
 

Answer:Can't boot into normal mode, only safe mode. Infected

Welcome to Major Geeks!

Your problems may or may not be due to malware.





kathinpdx said:





I've run the spyware removal in safe mode but it doesn't seem to help.Click to expand...

If you ran our cleaning procedure then where are the requested logs you are supposed to attach? The below is a direct quote from the cleaning procedure.




Step 3: Do You Still Have Problems

Yes, I?m still having problems
DO NOT run the READ ME again!!!! Please attach your logs as given below.
If you do not already have a thread started, start a new thread otherwise post the following in your original thread. Clearly describe in detail the problems you are having and how long ago they started. Think about what you were doing at the time.
Now you need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created while running the above scans
SASlog.txt log from SuperAntiSpyware.
Malwarebytes Anti-Malware log
ComboFix.txt (normally C:\ComboFix.txt)
MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.
You will need to post 2 messages to attach all four logs since only 3 attachments are allowed in any single message. Post all of them in one thread.
Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.

Click to expand...
... Read more

1 more replies
Relevance 63.96%

I'm running windows xp home edition version 2002, Service Pack 3. My display device is NVIDIA Geforce4 Ti 4400. I installed Windows XP update KB967715 and after I rebooted, once windows xp started, my display flashed about 6 times then went dark. I'm able to use the internet via safe mode. I've uninstalled this windows update and all the ones from Feb: KB958687 and KB960715. I've also reinstalled all my display drivers.

The error messages I received are:
Error code 100000ea, parameter1 835d17e0, parameter2 83465008, parameter3 f79aacb4, parameter4 00000001.

Error code 100000ea, parameter1 834f74d0, parameter2 834ea768, parameter3 f42ffcb4, parameter4 00000001.

Error code 100000ea, parameter1 82dac4f0, parameter2 834b4b10, parameter3 f79aacb4, parameter4 00000001.

I'm at a loss, the next options I can think of are re-installing Windows XP and I'd rather not if I don't have too.

Anyone have any other ideas?

Thanks!

- Rachel


Standard Question Answers:
- Were there recent crashes that could have caused this problem? No
- Did you install new software recently? If this is the case: Which software? (Brand, version, build) - NO
- Did you do any of the following:
- Run a scan with an updated anti-virus program? - NO
- Run a scan with an updated anti-Trojan program? - NO
- Run a scan with an updated root kit detection program? (This only for Windows NT, W2K and newer!) - NO
- Run anti-spyware scans with at least two freshly updated anti-spyware... Read more

Answer:Installed most recent Windows update; display no longer works except in safe mode

Hi Rachel and welcome to TSF

You didn't say, but I'm assuming that after the uninstalls the problem is still there.

Try doing a system restore to a time before the updates.

If you can boot in the safe mode and get video, then it must be something that is booting up in regular mode that is messing up the video. Before doing a re-install, look in the msconfig and see if something was installed there that might be the culprit. Under the start tab, the check boxes will let you selectively disable applications that install during normal boot. See if one of them is problematic. What each of those items do can be seen here:

http://www.sysinfo.org/startuplist.php

Do you have any red or yellow marks in the Device Manager? That almost always means a device driver problem.

If you have to resort to a re-install of XP, I would suggest a Repair Install which will leave your normal applications and data in tact. Guidance for that can be seen here:

http://www.michaelstevenstech.com/XP...install.htm#RI

Hope this helps,
Mack1

7 more replies
Relevance 63.96%

recently i costom built my computer around the time vista was released, its been working smothly on my comp untill a weeek ago it all went wrong and crashed, to be on the safe side i rebooted in safe mode, after then again reboooting it and putting all my settings back to the way they where i thought that it was all over untill recently i noticed little thigs like video's on u tube or any other site not working, aswell as sertain links on a page would not open. this personaly has confussed me! im kinda stuck on how to get it to go back to wat it used to be like before i went into safe mode, please help me!!!!!!!!!!

thanx!!!! yours greatfully Elan2jay!!
 

Answer:after putting vista into safe mode it will no longer opn java script or flash players

Unless you actually made some changes to the configuration, things should have returned to normal once you rebooted from Safe Mode.

Vista's "System Restore" would probably be the quickest fix for this and you will lose nothing by doing it.

However if you are using Internet Explorer, you might want to go to Tools > Add-Ons and make sure that all the Adobe Flash stuff there is present and enabled.

Also in Internet Options > Security Settings > Custom you can reset all settings there to their defaults.

Finally if you are using a 3rd party firewall -- some of these scripts can be blocked by their configurations.
 

1 more replies
Relevance 63.55%

I reformatted an acer aspire 5100 laptop.
I partitioned it.
I installed Win98SE on the first partition, installation went well apart from not booting at all.
Now whatever system I load or install, 98 or ME I can only access safe mode in ME. 2000 refuses to install. Is this laptop vendor software specific as the drivers dont seem to be accessed from any normal Win OS I install.
 

More replies
Relevance 63.55%

Hey all,

I recently updated the nForce sata drivers and installed BIOS updates on my Compaq Presario SR2173WM (Vista/1G Ram). The install and reboots went fine, although soon after the PC froze and i restarted to a BSOD stating the following...

Windows has shut down to prevent any harm to your PC, etc...

Check disk space, drivers, disable Shadowing, use Safe Mode, etc...

STOP: 0x0000008E (0xC0000005, 0x93F541C4, 0x8B86A898, 0x00000000)

Collecting data for crash dump, Initializing disk, Dumping...

Then the PC restarts and the same thing happens. I have tried booting in Safe Mode, but as soon as it loads "C:\WINDOWS\SYSTEM32\DRIVERS\CRCDISK.SYS" it BSOD's with the same information.

I have reset BIOS defaults, turned off sata ports 1 at a time and tested, unplugged/replugged hdd, unplugged RAM 1 at a time and tested, ran Windows Memory Diagnostic test successfully, ran CHKDSK successfully, have run other MEM/HDD tests successfully...

I can access the HDD from a Live Boot Linux CD and can boot to my BartPE Live XP CD.

One thing I have not tried is disabling Shadowing because this is not an option in my BIOS, although it does say "Shadowing Enabled" when booting... Is there another way to disable this with my MB/Chipset (nVidia/nForce)?

ANY help on this at all will be greatly appreciated, as I am at the end of my ideas...

Thanks in advance, Chris

More replies
Relevance 60.27%

Hi, last fri I received an email via my yahoo account from UPS ( which I now now is not). I think this is a nasty virus has worms too.Avira scanned the file before I unzipped it, I did not get any warning, even though I had updated avira files before, then it went spirling downhill!!I had so many windows opening up, I immediately disconnected from the net then proceded to virus scan with Avira. At the end of the scan, it could not help as it was infected. I could not open the report, even though there were warnings.I tried Spybot scan which found a majority of problems which I allowed the fix. I did not think it wise to go on the net as I kept getting Internet Explorer pages opening up.All during this time I was getting Norton virus updates and warnings - I dont have nortons so ignored them and did not open any of the files. Just closed at the X them and made sure i was disconnected from net.After spybot cleaned up, I used ATF to clean my temp files and then turned off and re-started.Since then I can not log on to windows, even in safe mode and adminstrator. I tried and logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I cannot seem to get into windows and think I must have messed up somewhere. I have my external drive plugged in and was about to back up my monthly documents but decided to reply to my emails before! Hence now cannot access anything. I have spent the weekend reading forums and page... Read more

Answer:infected with UPS virus. Cannot log on even in safe mode

I tried ... logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I have spent the weekend reading forums and pages and pages of advise. I read this forum thread as well as thread: http://thinkinginpixels.com/quick-fixes/fi...onlog-off-loop/I really need my documents and cannot afford to loose them as there are files I need to send to my mortgage lender asap.mandyRe: LogOn/LogOff LoopGo ahead with the thinkinginpixels instructions: That is your best chance to get back in to Windows. It will take several hours to complete, and you should then be able to use Windows and retrieve the documents that you need. The instructions provide a series of logical steps that are relatively easy to follow and should lead to a positive result. Any problems, let us knowShould that fail (unlikely) we can help you get those documents by another means.Let us know how you are getting on.'Alien

81 more replies
Relevance 60.27%

Hi guys. I just joined this site and this is my first post. My desktop has been infected with Malware/Viruses and won't boot in any mode (safe, safe + networking, last good setting, or normal mode). The closest thing I get is when i go to safe mode and i get a total black screen with no start button or taskbar and on each of the four corners says "safe mode". However, I cannot do anything else on the screen. (Using laptop right now due to desktop being down)

After some research on the web I found that I could try the Avira Rescue CD and would hopefully remove the malware/virus. It's been almost a week but if memory suits me right, the virus was called Cleanup Antivirus. I also was experiencing google redirects. I have already finished most of the steps on the following Avira rescue cd instructions website:

http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

I am currently stuck on step 7 part 2&3. The reason for this is because in the command line, I type exactly what is instructed but the only thing it does is in the next line says:

"Devices" (text is in a neon greenish-blue font) (This is when i type in "ls /mnt")
When i type in " /mnt " it then says "/bin/ash: /mnt: Permission denied"

Not sure what to do because I have already restarted my computer and tried all modes including safe and normal but am still unable to get my normal computer settings.

I would get my log files with Hijack ... Read more

More replies
Relevance 60.27%

I am trying to fix my father's desktop computer, which he seems to have sufficiently filled with Malware. I am having a very hard time dealing with this, and am hoping for some help. Here are some of the things I know so far: It is a Dell running XP. Currently, I cannot run task manager, either in normal or safe mode. I cannot install Hijack This, MalwareBytes, or any other program in an effort to remove anything. Some of the names I have run across are "AntiMalware Doctor", "Security Tool", as well as the "Microsoft Security Essentials Alert" (particularly when I try to run taskmgr or regedit in the normal mode). I have been able to access regedit when in Safe Mode with Command Prompt... That is as far as I have gotten. I found some junk that seems to be related, but each restart brings me the same "Microsoft Security Essentials Alert" when I reboot and try for the taskmanager. As I can't seem to run anything on the desktop, I am using my laptop to try to download any potentially useful programs and move them over with a jump drive, but nothing will load. Any thoughts or recommendations would be greatly appreciated!!!!!!!I was just able to run TDSS Killer in Safe Mode from the Command Prompt, which appeared to be successful. Here is the log... I hope I copied it in right, as it appears huge! TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:442010/09/25 10:48:32.0734 ===============... Read more

Answer:Computer infected can't even run in Safe Mode!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Relevance 60.27%

I'm not able to use internet in regular mode of windows xp. If i restart in safe mode with network support I can access the internet.I have checked everything concerning driver issues etc. The ip is correctly assigned. I have done several scans wit MBAM, I've used registry cleaners, etc. It all started a couple weeks ago when the pc started working very slow. I did a disk cleanup, defragmented the harddisk, did registry cleans, scanned for viruses etc. It was a bit better but not too much. After a few days the internet stopped working on my pc.Is there any solution to fix this problem?Hereby the DDS.txt log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Zjefne at 13:56:09,23 on vr 24/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.447.221 [GMT 2:00]AV: Panda Antivirus Pro 2010 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\A... Read more

Answer:Infected? No internet, just in safe mode

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 60.27%

I would be very grateful for some help sorting out a friend's PC please.

I've read the First Steps page but cannot carry out all of the suggested scans.

When I boot the PC normally, it works very slowly loading XP Home, then suddenly reboots itself before getting to the login screen. I discovered that it will run in Safe Mode with Networking and I'm using it now to create this thread!

I've run dds.scr and the scan result is pasted below. (Attach.txt is included here in a zipped file). When I try to run GMER nothing happens. The egg timer appears for a few seconds but nothing more. I have downloaded SPTDinst-v162-x86.exe. Executing this file results in a popup stating "No SPTD version was detected". The Uninstall button was greyed-out but the Install button looked inviting, so I clicked it and was prompted to re-start Windows. I restarted XP in Safe Mode and it appeared to load SPTD.sys.

Before looking at this forum I was going to attempt a Windows re-install and backed up My Documents onto a USB memory stick, which I then scanned with Avira on a another laptop. This revealed 16 music files, which had been downloaded with Limewire (I presume), all containing the same virus - EXP/ASF.GetCodec.Gen. I've uninstalled LimeWire now.

I have tried to install Avira AntiVir Personal (in Safe Mode) but, after extracting a load of files to a Temp folder, it gets part way through 'Preparing Installation...' then crashes(?).

I don't know what to try n... Read more

Answer:Infected PC only works in Safe mode - Help please

Please close this thread - I have wiped the system and re-installed XP. It seemed like the smartest thing to do...

1 more replies
Relevance 60.27%

I have an infection in my DropBox.
I am hoping i disconnected before it got to my local box, but cannot tell because, I logged off/shutdown the system.
Windows 7, booting up, trying to go into Safe Mode, with networking.
As soon as it comes up, I try to log in (Still disconnected from the network, and it reboots the system.
Is this something new, or maybe unrelated?

Answer:Lucky Infected and No Safe Mode now?

Welcome to BC...
 
This is the second time this week that someone has posted not being able to boot into safe mode. Please
start a new topic in the Malware Removal forum and let the pros see if it is a new malware or just a coincidence.
 
Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
If you cannot complete a step, then skip it and continue with the next.
In Step 6 there are instructions for downloading and running FRST which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.
After doing this, please reply back in this thread with a link to the new topic so we can close this one.
 
DO NOT bump your new topic. Wait for a response from one of the Team Members.

1 more replies
Relevance 60.27%

Hi,

I am trying to clean a pc for a friend. Not sure how the got infected, but the pc was stuck in safe mode and when it booted up, it had "safe mode" in all four corners of the screen and you were not able to do anything - no desktop or anything.

I tried repairing the Win XP OS with the original disc and changing boot sequence and more to get the thing to boot in normal more. I somehow I was able to do it. I ran throught the Read & Run Me First process. SAS and MB found stuff.

I ran SAS first with then incorrect options unchecked. I reran SAS after setting it up correctly. I will post both of those logs in case the second one is missing anything important the first one shows.....

I was unable to run rootrepeal as it just gets stuck "initializing"

I was unable to run MGtools as I keep getting the following error
"C:\WINDOWS\system32\cmd.exe
SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers. VDD. Virtual Device Driver format in the registry is invalid. Choose 'Close' to terminate the application."

Would greatly appreciate if someone would liik at the logs and give their feedback.

Thanks,
JB
 

Answer:Infected - stuck in safe mode

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run


Please also download MBRCheck to your desktop

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )



Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.


cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
nwktst<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another ... Read more

9 more replies
Relevance 60.27%

Browser keeps crashing and PC still very slow. I couldn't do anything unless I was in safe mode. Initially, the icons on desktop were almost completely gone. System is 7 Premium, 3 GB RAM, AMD processor. Thanks for getting me started on getting out of this nightmare.

Answer:Slow Infected PC; ran JRT and ADW from safe mode

Let's start with a scan using DDS. See if you can get into 'safe mode with networking' :

Download DDS from one of these links:
DDS.com

DDS.pifDisable any script blocking protection
Double click the dds icon to run the tool.
When done, DDS will open two (2) logs: DDS.txt
Attach.txt <--- will be minimized in the task tray

Save both reports to your desktop.
Include the contents of both logs in your next post.

The scan will instruct you to post Attach.txt as an attachment.

9 more replies
Relevance 60.27%

Would really appreciate any advice on what to do.....Went to switch my PC on couple of days ago and it took me to a screen (black background) that said there had been a problem caused either by hardware or software and gave me options to select to continue - initially I selected 'Start Windows normally' but this wouldn't work & kept returning me to the same screen. There is an option 'Last known good configuration' but I haven't tried this as if I do have a virus I wasn't sure if I should. I have booted up using Safe Mode, I have also used Safe Mode with Network. Whatever I have has disabled McAfee Anti Virus, which in Safe Mode was showing as being out of date etc. I logged onto to my acount with McAfee & tried to re install it which appeared to work but when I click on the McAfee icon it displays an error now.I have Spybot Search & Destroy which I ran and this found the following -Microsoft.WindowsSecurityCenter.FirewallByPassSmitfraud.CSpybot appeared to remove these entries OK.I also ran SpyHunter which found different things -Zlob TrojanWild TangentBut I don't have the SpyHunter bit which actually removes these things...Firstly why are Spybot & SpyHunter finding different things ? (apologies for my ignorance, I'm not a techie!)Seconding.... can anyone advice what I can do next ?? I have no idea how I have got these problems, I have McAfee which runs all the time & is kept up to date, also Spybot Search & Destroy ?Any advice would be really apreciated.

Answer:Infected PC (XP) can only boot up in Safe Mode

have you got spyhunter in add/remove as it needs to be removed?hoping you havn't paid anything to these people?you will need to download update and run malwarebytes and superantispyware fromclick here

10 more replies
Relevance 60.27%

I have Wxp Pro on a Dell pc. I get no pop-ups, but programs are slow to open and slow to run. I can't start the pc in safe mode by using F2, F8, F12, etc. When those keys are used, the pc ignores it and starts normally.
When a browser window is open, I can open a site, can scroll thru the site, but can't click on any links or buttons. It acts as if it is just a graphic.
One strange thing, if I minimize the browser window, then maximize it again, I can then surf inside the site.

I have run Ccleaner and Ada-ware. I then ran Rkill, then SuperAnti-spyware and Malwarebytes. Running a full scan on both. SuperAnti found 53 items, quarantined all, but no help. Malware did not find any issues.
I've tried a system restore, but keep getting "can't restore system.......".

Any fast help is appreciated, this is for a school secretary's pc.
Phil

Answer:Am I infected? Can't start Wxp in safe mode

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C... Read more

9 more replies
Relevance 60.27%

Microsoft did a scan in safe mode, but my computer is still running slow. i cant figure it out. i have one care as my anti virus, and malware bytes. i've ran both and nothing is showing up, any suggs would be greatly appreated.

thanks,
Lindaga35

Answer:am i still infected? scanned in safe mode already

Please reboot your computer and update Malwarebytes. This time do a FULL scan and post the new log here

5 more replies
Relevance 60.27%

Hi, I had McAfee running and it found a trojan, so i removed it right? For some odd reason my PC restarted(blue screen of death, something about memory) Every time i try to boot normally it gives me the blue screen. so now im in safe mode typing this. I've done multiple full scans on Mcafee and it still says one or more errors could not be fixed because of an error. anyways it been like this all day. I just downloaded avast version 4.8 and currently scanning my system. Any suggestions of help? I'd rather not delete the entire contents of my hard drive and reinstall vista.

I tried downloading Malwarebytes but when i try to run it, it won't open.

Edit 1-avast! Virus Cleaner Tool - version 1.0.211 Ansi

Edit 2- Currently scanning with AVG 8.5 Free Trial Safe Mode

Edit-3 It seems that AVG has cleaned my computer right, i can now boot up normally and my mcafee says im secure.tt

Edit-4 Mcafee is on overload again, my computer got blue screen again. and i am currently scanning with mcafee.

Edit-5 Mcafee has been uninstalled by me and now running avg once more

Answer:Help, infected laptop, currently in safe mode.

Please help anyone?

10 more replies
Relevance 59.86%

My computer was infected by a trojan that was picked up by WD Diagnostics...win32.brontok ( I think)?In any event, i have tried scrubbing my computer using various anti virus/Malware programs (Symantic, MalwareBytes, ComboFix, AVG) My last scrub using AVG8 found 4 trojans and they all report my system as clean, but when I try to run any of these applications in safe mode, my PC shuts itself off. Does this mean it's self infected?Please, if anyone has suggestions i'd appreciate hearing from you.Thanks,Joptan

Answer:Infected Computer --shuts down in Safe Mode-- HELP

http://www.computerhope.com/forum/index.php/topic,46313.0.htmlgo above and post the 3 logs here an expert will see them

1 more replies
Relevance 59.86%

Hi, love this site. This is my first time asking for help though.
I am running:
Dell Optiplex GX150
Intel Celeron 1200mhz
Windows XP Pro
I have now booted with an ultimate boot disc for windows from cd. I downloaded using the boot cd all the Rkills, exehelper, Malwarebytes, SuperAntiSpyware, and MGtools.
I saved them to drive c then rebooted into Safe Mode. Once one of the Rkills worked I could run Malwarebytes. I may have made a mistake, I did not have Malwarebytes remove the infected items, then I ran SuperAntiSpyware. I ran Malwarebytes again afterwords and it found far less infected files, I have both logs from MB. Here are the logs. I only put the first MB log.

Thanks for your time and help.
 

Answer:Xp Security 2011 Infected Safe Mode

Welcome to Major Geeks!

You are almost 1000 database versions out of date with Malwarebytes. Can you download the updates and run a new scan? Be sure to fix what it finds and then save the new log and attach it.

Can you also boot in normal boot mode now to get a new MGtools log?

What malware problems are you currently having?
 

12 more replies
Relevance 59.86%

Hi,
My computer is running windows 7 64bit and got infected with win32.sality.bh. I am not able to run any program except kaspersky. I had a full scan and removed all threats it could find but apparently the so called anti virus is not as powderful as it described. i still cant open any program. I tried to run in safe mode but cant do it without msconfig. any idea how can i run in safe mode? thanks in advance.

More replies
Relevance 59.86%

My XP machine has a problem.  It gave me the Moneypak page on boot up and won't boot into safe mode.
 
I made a ubuntu startup disk and used that to backup my data files.  Also, ran some antivirus boot disks (Kaspersky, Bitdefender, and AVG), but it did not fix the problem.  However, they did get rid of the Moneypak page that was showing on startup.  Now when doing a normal boot, I see my desktop for about 1 or 2 seconds, then get a beige screen which changes quickly to a white screen and hear the hard drive spinning - probably loading things.  When I hold the power button to reboot, the blank page shuts down and I can briefly see my normal desktop full of icons again. Not enough time though to run any programs.
 
Since I can access my files by booting into Ubuntu, I assume the problem could be fixed by manually removing the right files or making some other changes, but I don't know which.
 
Can anyone help me get my machine working again?  Your assistance is much appreciated.
 
 

Answer:Infected with Moneypak - can't boot into safe mode

Hello and welcome to Bleeping Computer. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.Are you booting Ubuntu from a CD? Do you have a USB flash drive available?

more replies
Relevance 59.86%

I am visiting my kids and my ex-in laws got scammed by a FakeAV.  The person they talked to installed windows 8 and now it boots only to safe mode. 
 
Here are the Hijack This logs, DDS logs.
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:12:54 PM, on 8/29/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17028)

Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Ron and Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89NEVL99\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSear... Read more

Answer:Not exactly sure what computer is infected with but boots only to safe mode

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/546184 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 59.86%

Hi Guys,

My WinXP Sony Vaio VGN-215M has been infected by what the Dr. Web demo identified as 'NTRootkit.83'. The first symptom I noticed was .EXE files starting to disappear, including my Norton Antivrus. Another problem I noticed is my wireless network connection has disappeared (no networks show up anymore).

I have tried a variety of tools including the McAffeee Rootkit tool beta, but it seems this one is still sticking around. Dr. Web support indicated I should reboot in safe mode and then run Dr. Web to remove it, BUT; when I try a reboot in any form of safe mode, it:

a) reboots
b) shows the loading screen, and then goes through a list of drivers on the bottom of the screen
c) reboots itself back into normal mode

So effectively I cannot reboot into safe mode.

I have output the following Hijackthis logfile, if this helps:

Logfile of HijackThis v1.99.1
Scan saved at 8:19:25 PM, on 16/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Apoint\Apoint.exe
C:\Programme\ATI Technologies\ATI Co... Read more

Answer:Infected with NTRookit.83 - Can't reboot in safe mode

Still getting nowhere.

Installed Dr. Web antivirus, and just like my Norton, the .exe files for the program disappear. This is one nasty litte trojan.. please help!
 

1 more replies
Relevance 59.86%

A user came to me with a laptop that does not connect to the internet at all in normal mode. (Wired or wireless, DHCP or static IP, IPv4 or IPv6)
Connects to the network perfectly fine, but no internet connection.
Unless in safe mode then the internet works just fine. (which led me to think malware was the root of the problem)
Nothing else appears to be wrong/off; just lost internet connection.

disable/enable adapter... nothing
ipconfig /release /renew... nothing
ipconfig /dnsflush /dnsregister... nothing
Tried new drivers... nothing
reset winsock... nothing
Scanned with McAfee... Clean
Scanned with MBAM... Clean
rkill... clean
tdsskiller... clean
running a hjt now, but thought I would post here first and see if it may well be something else.

NOTE: If you think this should be posted in networking then let me know and i'll gladly create a new thread there. I will not post my HJT until recommended, and that will go into the appropriate thread

Thanks in advance for your help. I've been using this site for years, first time I couldn't find a fix and need to post.

Answer:Internet Connection In safe mode only. Am I infected?

Uninstall your antivirus and let us know if you can connect

1 more replies
Relevance 59.86%

XP Pro SP3 machine boots fine normally but can not get past the driver loads in safe mode. It just starts over. Seems to stop at the MUP.sys line. I've copied in a different MUP.sys file but it didn't help.
Original problem is something is starting up about 9 instances of Windows Explorer in full screen on multiple advertising sites and hanging the PC for a while. Also get memory location errors popping up at regular intervals. Memory test is good and the sticks are now 4 days new but still get the errors that don't hang anything but the messages just reoccur.  
Ran Malwarebites and deleted old user profiles, temp files and got Windows updates current. Didn't see any odd programs installed or notice any crazy processes but haven't sorted each little one out yet. Have antivirus on it but not detecting anything.

Answer:XP Pro Infected boots OK but not booting into safe mode

Video card or internal?

2 more replies
Relevance 59.86%

Hi all,

My computer started running verrrrrrrrrrrrry slowly two days ago. It's so slow that nothing is usable. I tried to do a system restore, but all restore points are gone before April 30. Restoring the April 30 restore point fails with an error.

Tried various spyware and rootkit removal software and nothing helps. Desperate...

Here's my HijackThis log:

Thanks! Bob

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:35 PM, on 5/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http... Read more

Answer:Computer infected? Only runs OK in safe mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as... Read more

2 more replies
Relevance 59.86%

I am available Mon - Thur, but will monitor my post and go to the computer if necessary over the weekend. This is an elderly woman's laptop done as a volunteer project and I will receive no compensation for my services.
 
I get redirected trying to go to bleeping computer and had to use safe mode to download and post.
 
Here is my log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17344
Run by Judy Gilman at 9:28:45 on 2014-11-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4008.3250 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wbem\wmiprvse.exe... Read more

Answer:Win 7 infected with redirect. Can only use Chrome in safe mode.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554855 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 59.86%

Hey guys,So my girlfriends computer had a virus on it called Windows System Defender. It installed itself while browsing the internet, no we don't remember what site it was. I looked up ways to remove it and I did everything it said to do and even removed an instances of it from the Registry. It still persists and continues to come back,we think. After running a bunch of virus scanners it appears that I have gotten rid of the original virus but now have a new one that we can't figure out what it is and won't pop up on virus scanners. It also won't let us boot up in safe mood. It gives us a blank blue screen when we try to do so. I have posted a HJT log to see if that will show anything. Any help is much appreciated. Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:20:16 PM, on 11/3/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system... Read more

Answer:Infected With Virus and Can't Boot to Safe Mode

Problem has been resolved.

2 more replies
Relevance 59.86%

I have a driver in my system32 folder core.sys that my virus protection is telling me is malware. However, I cannot delete in normal mode because it is being used by a background program. I also cannot enter safe mode and read that the malware may be preventing the boot into safe mode. What do I do?
 

Answer:Malware infected. Safe Mode does not work.

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach ... Read more

13 more replies
Relevance 59.86%

Hi - I am running a win 7 OS and am infected with the FBI moneypack virus. It is not allowing me to enter either 'safe mode' or 'safe mode w/ networking' or 'safe mode with command prompt'.

When I log in to the computer using a different user I don't have this issue.

Can you please help?

Answer:FBI Moneypack Virus - Infected even in safe mode

Hi gsms123

I will be handling your log to help you get cleaned up. Please give me some time to do up a fix and I will get back to you as soon as possible.

White Warrior

23 more replies
Relevance 59.86%

My son is away at college and is having a lot of problems today with his laptop. I'm trying to help him remotely but would appreciate some assistance.He said everything was running ok this morning and then the system suddenly crashed. When it came back on it had slowed down so much it was unusable. He didn't recall visiting any sites that acted unusual. He did say that iTunes reported itself as broken. In looking at his event viewer log it seems the system might have been running Windows Update when it crashed.I was able to get him to boot into Safe Mode and he tried running a full scan with Norton Internet Security. It found 20+ virus but then froze before it could act on them.I then ran the Kaspersky Root Kit Killer and it found rootkit.boot.pihar.b. I used Kaspersky to remove it and rebooted the system. Another Kaspersky scan shows all clear.I then was able to run Norton. It found about 28 heuristic viruses and said it deleted them all. I re-ran Norton and Kaspersky again and they both came up as clean. I then tried having him do a normal boot. The system came back crawling and was again unusable. I have it in Safe Mode again and re-ran Norton, which came up clean.I then ran Malwarebytes and it came up with two more viruses. Malwarebytes Anti-Malware 1.60.1.1000www.malwarebytes.orgDatabase version: v2012.02.01.02Windows 7 x64 NTFS (Safe Mode/Networking)Internet Explorer 8.0.7600.16385Neal :: NEALS_LAPTOP [administrator]1/31/2012 9:46:24 PMmbam-log-2012-01-31 (21-46-24).txt... Read more

Answer:Very infected system only runs in safe mode

you must be able to access his machine using safe mode with networking. So try these 2 free fully working trials and run them till they run clean:1- Trojan Removerhttp://www.simplysup.com/tremover/d...2- Hitman Prohttp://www.surfright.nl/en/downloadsSome HELP in posting on Computing.net plus free progs and instructions 7 Medals

5 more replies
Relevance 59.86%

Today, my laptop became infected with the FBI malware.  It has disable my ability to use Safe Mode in any way. 
 
Through reading on this site and Norton, I found initial instructions on downloading FARBAR Recovery Scan Tool.
 
I urgently need assistance.   Thanks.
 

Answer:Infected with FBI Virus - Safe Mode is not accessible

Hello anewbie1! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems.Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions. Please download Farbar Recovery Scan Tool and save it to a flash drive.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Plug the flashdrive into the infected PC. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.If you are using... Read more

3 more replies
Relevance 59.86%

I've been in France the last 9 months studying and when I came back, my parents told me to look at their computer since it has been acting weird and they could only use it in safe mode. They had been using it without any virus protection it seems. So I dowloaded Super antiSpyware, MalwareBytes and Avast, and scanned the computer with each of them. Superanti spyware found about 1700 infections, malware bytes found 260 more, including koobface.worm, and avast found 4 viruses. I managed to be able to start the computer in normal mode but it freezes many times, so it is very ineffective to use it like that. I don't know what else is wrong with it as I've run out of knowledge of how to fix the problems. I managed to run DDS in normal mode, but was unable to run gmer, both in normal and safe mode. It said there was an unexpected error and it must close.Here is my dds log. Anything else you'd like me to do, just tell me.DDS (Ver_10-03-17.01) - NTFSx86 Run by David at 1:35:00.38 on Sun 06/06/2010Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.1915.1146 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLau... Read more

Answer:was infected with koobface.worm, must use safe mode

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore... Read more

3 more replies
Relevance 59.86%

Hello,

I'm using a spare computer to try and resolve an issue with my laptop.

Earlier I was using Firefox but Internet Explorer suddenly began to pop up. After a few tries using Task Master, I was able to shut off IE. But I wanted to search for any trojans or viruses and attempted to scan using Malwarebytes. This program shut down after a few seconds of scanning. When I attempted again, it said "Windows cannot access the specified device, path, or file."

I tried to run HijackThis in Safe Mode to try and get a log but got the exact same message as above about Windows not being able to access.

Any assistance would be GREATLY appreciated!
 

Answer:Badly Infected - Cannot Run HijackThis in Safe Mode

16 more replies
Relevance 59.86%

hi i'm new to the forum, and need some serious help. i clicked the wrong thing, and now i have some virus on my computer, here is what i have tired so far

1. I ran my virus software AVG, but when it starts scanning, it goes like 5 mins then just shuts down, the program still stays open but the scanning window just shuts without completing the scan

2. I ran Ad-ware, and it scans till it gets to the HKEY scan then locks up.

3. I made system recovery disks through the AVG software, but i can;t get the computer to boot of the disk, and i don;t know how to get it to work.

4. I tired restarting in safe mode, to run the virus programs again and the computer will not go into safe mode, it says there was an error and i must start it normally.

following systoms:
-when i start internet explorer it goes right to google, and types in "free porn" and searches out....(no idea why it does this)
-when i open up my documents, windows freezes and has an error then shuts down
-when i start the computer a toolbar pops up on the right side with ads for spyware, porn, insurance and other things.
-also some other things, i can;t really explain

now i been reading on here about HijackThis, so i downloaded that and got the log file. I also got Ewido, i ahevnt; ran a scan yet. i know a little about computers but i can't get anything to work or get this thing off. so here is the log file
------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:50:45 PM, on 12/... Read more

Answer:Infected and wont restart in safe mode

14 more replies
Relevance 59.45%

Hi,My Computer which has Win Xp Sp3 is behaving like it is in safe mode , eventhough it is in normal mode .I noticed this because ,1. Avira Antivir Guard and Update cannot be launched bcz Scheduler is not running.2 . I tried to start scheduler ( under services.msc ) , but can't start it bcz of error 1084 ( safe mode situation ) .3 . I can't use Windows Update , bcz of error Error number: 0x8007043C ( same safe mode condition )4 . I ensured that BITS was set to automatic , but it can't run bcz of 1084 error.I have scanned with Malwarebytes, Spybot S&D , SuperAnti Spyware ( in real safe mode) - No DetectionHere is the dds log ,DDS (Ver_09-09-24.01) - NTFSx86 NETWORK Run by Administrator at 16:45:23.03 on Mon 09/28/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.112 [GMT 5.5:30]AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop�... Read more

Answer:Safe Mode Error, WinXpSp3 behaves like it is in safe mode even in normal mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 59.45%

I am having this problem on my other computer. I just installed 2 cold cathodes into the case then wired it all back up with the cathodes connected into the power supply and now windows wont boot for me. The motherboard settings and bios load fine... then the normal windows XP loading screen comes up and loads then as soon as it finishes the screen goes all black and my monitor (flatscreen LCD) says that it is not reciving a signal... So I boot it in safe mode and it boots fine. I have already reinstalled my VGA drivers and still nothing. I have been attempting to fix this for a little over 3 hours now and still nothing. HELP PLEASE!

Specs:
AMD athalon 64 3000+
Gig of DDR400
asus K8N mother board
Geforce FX5500

Thanks in advance!

-Zak
 

Answer:Bios Loads fine, Windows loads then black screen, boots fine in safe

Disconnect the cathodes and the try to boot. If it works then your power supply isnt putting out enough juice for all the extras.
 

2 more replies
Relevance 59.04%

I've tried everything I. The F8 menu, I'm in a reboot/launch repair loop.
I've tried kaspersky recovery disk and advair boot disk and can not get the virus off so I can atleast boot into windows and fix this.
Ideas? Should I try FRST64?

Answer:Infected with a virus can't boot windows even into safe mode

 

Should I try FRST64?

 
Please do and post its report.

3 more replies
Relevance 59.04%

I have a relatively new Vista Home system which was running fine until last night, when running an exe windows showed the command prompt listing keygen.exe, and serial.exe. Then another was listed, and Windows said something had stopped responding, and it would shut down in 1 minute. It restarted, and after the boot screen, microsoft loading bar the screen usually just remains black, and eventually reboots. Sometimes you see the vista logon scree and it says please wait, only to go black and do the same. Although there's also a short delay with a black background only with a cursor, I can load in safe mode. Here I've run a full AVG anti spyware (formerly ewido) scan which some stuff, unfortunately I can't find reports of that or Avast AV I ran, but I thin it picked up a keygen archive, and deleted 1/2 trojans, moved some other stuff to the chest. In add/remove programs I've found an un-installed some oberon media entries, including big kahuna reef 2, galapago, and others. It's still the same, desperate for help, thanks in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:22, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Minefield\firefox.exe
C:\Users\Kristian\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Pa... Read more

Answer:Infected with trojan, Vista won't start aside from safe mode

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.




Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

----------------------------------------------------------------------------------------


I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.


Installed Programs

Please could you give me a list of the programs that are installed.Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and ... Read more

3 more replies
Relevance 59.04%

The compter is locked.  I have tried to restore system earlier date- did not work.  I get into the advance boot options window but when I chose either of the safe modes-  it shuts down before I can get to anything-Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum, at the request of Malware Removal staff. ~ Animal

Answer:fbi money pak virus removal- has infected my safe mode- HELP

Don't give up on System Restore after one try!  I have removed this virus twice this week for people and they have a newer version than anyone talks about on forums or can see in removal videos on Youtube. 
 
My solution was to run system restore more than once trying a couple different restore points till one completed successfully.  In one case, it said it was unsuccessful but when the computer rebooted normally afterwards, it actually was successful.
 
Press F8 when rebooting to bring up boot options and select "Repair Your Computer".  Log in as administrator and select system restore and try again if you can on an available restore point before the infection.  It may take a few tries.
 
Post back here if it is not.

15 more replies
Relevance 59.04%

Can anyone help? This is an old computer- but I have always been able to use it. My daughter decided to "borrow it" and it hasn't been the same. I downloaded "hijackThis" and here is what it showed: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:05:20 PM, on 11/2/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18319)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files\Gamevance\gamevance32.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\IObit\Advanced SystemCare 3\Awc.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\Sear... Read more

Answer:Computer Infected? Keeps showing desktop in safe mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 59.04%

Hello, I have probably 20 hours into trying to repair a Dell Inspiron 6400 running Windows XP Pro. The most frustrating part of this is that tools that I believe might help, such as Malwarebytes AntiMalware, Hijack This and RootRepeal are being blocked from installation or running by something...even in Safe Mode. I have tried the rename files names to get them to work...they still do not open. It is the "something" that I have been unable to find.
I was able to load Spyware Doctor, but when scanning it would hang up on one program...so it never finished. I was able to run Virut (it cleaned files, unable to open some) and right now Symantec Trojan.Vundo Removal Tool is running.
I have done a Windows Repair Installation which means I rolled back to SP1. I can get Internet access in Safe Mode, not in regular mode. When I try to update Windows it stops in the middle and says I have an error. I get a "spoolsv" error when the machine starts. From reading it appeared this is a Windows update issue. I did look for excessive SPL's and there were none. When in Internet Explorer I get the red letter warnings that I am infected with 18 trojans and should scan my machine. I did not click on scan my machine. Typically when trying to go to a antivirus/malware site I am blocked or Explorer/Mozilla closes.
I got regedit to work by renaming it reg-edit. The other above mentioned programs did not work even when renamed. Another program that will not work... Read more

More replies
Relevance 59.04%

Ok I will list the problems in order that they occured...

-Went to a site, suddenly I get the infamous fake spyware icon (the blue shield) and it says I have all these viruses and starts scanning

-I try to open up AVG and it's locked. I try MBAM and it's locked. Thankfully super antispyware works. and finds 4 of the trojan dropper and gen combo

- I delete and restart my computer in safe mode when I GET A BIG BLUE screen telling me that there was a problem (something like hardware problem or changes). This has never happened to me! I usually run safe mode and run my scans and boom my problem is solved but somehow it seems to be blocked!

-On the bright side my computer WILL load in regular mode but I seem to have the yahoo redirect problem. I ran trend micro, AVG, MBAM, and super antispywar and they dectect NOTHING. Please help! I'm really out of ideas on what to do. I ran a combo fix but it didn't take long and really had nothing in the log that stood out. If I need to post a hijack log I will gladly but I'll have to get back to the infected computer.

Please help! Thanks! I hope I don't have to reformat!

More replies
Relevance 59.04%

I have a relatively new Vista Home system which was running fine until last night, when running an exe windows showed the command prompt listing keygen.exe, and serial.exe. Then another was listed, and Windows said something had stopped responding, and it would shut down in 1 minute. It restarted, and after the boot screen, microsoft loading bar the screen usually just remains black, and eventually reboots. Sometimes you see the vista logon scree and it says please wait, only to go black and do the same. Although there's also a short delay with a black background only with a cursor, I can load in safe mode. Here I've run a full AVG anti spyware (formerly ewido) scan which some stuff, unfortunately I can't find reports of that or Avast AV I ran, but I thin it picked up a keygen archive, and deleted 1/2 trojans, moved some other stuff to the chest. In add/remove programs I've found an un-installed some oberon media entries, including big kahuna reef 2, galapago, and others. Tried system restore which couldn't log in, with same black screen problem. I'd rather not re install as I the systems nicely setup, plus I don't have Vista Home Premium CD, only an ultimate which. It's still the same, desperate for help, thanks in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:22, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network suppor... Read more

More replies
Relevance 59.04%

Hi, Suddenly today our PC shut down spontaneously.  I can turn it on and sometimes get to the safe mode screen, but when I hit enter to get safe mode, the computer once again shuts down.  If I immediately try to restart, the computer won't even get to the first page without shutting down.  What to do?
thanks!  Barbara

Answer:Infected? Computer won't start long enough to get into safe mode

Is Safe Mode with Networking any better? What is your Operating system? Did you notice if you had any malware pop up or you were removing some before this happened.

4 more replies
Relevance 59.04%

Ever since I got that virus my computer has only been able to start in safe mode with networking. Whenever I boot up my comp, the typical windows xp screen would load and then a blue screen would flicker for a mili sec (too fast for me to read!) and then I am presented with the option of booting it into safe mode. I have ran Malwarebytes anti malware and it seems to have gotten rid of most of them, but one or sometimes two keep coming back. The trojan "HKEY_Local_Machine\software\tdss" would come back every time I reboot and run malware. If I dont get rid of it, it will re direct me to a different site (about viruses) whenever I click on links. When I get rid of it, links work fine. And I was unable to run adware and and spybot in sm, I have ran stinger though...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:45:20, on 10/23/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Internet Explorer\Iexplore.exeC:\Program Files\Trend Micro\Hija... Read more

Answer:infected with xp anitvirus 2009 and can only access safe mode

Hello, Imaloser. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We Need to Run ComboFixNote to readers of this post other than the starter of this thread:ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.About 1 in 100 times the computer will not longer be able to boot after running Combofix. This requires experienced hands to restore the system to bootability.There are several malware infections that "target" Combofix. Experienced Helpers are aware of these infections, and take steps to remove them prior to the use of Combofix. If you do not, various things can happen depending on the infection -- from Combofix being unable to run, to the dele... Read more

13 more replies
Relevance 59.04%

Dear experts,My computer has serious virus/malware issues.I cannot get this "YOUR SYSTEM IS INFECTED!" message to go away.And my internet is not working and I cannot log into windows in safe mode.I tried following other threads where people were having similar problems, but I think my issue is unique.I have Spybot and HijackThis installed and ready to follow your guidelines.I'm attaching my log obtained from HijackThis.Please help me to rescue my computer!p.s. I'm using a different computer to post the log and got the files via USB memory stick.many thanks.dave[Saving space, attachment deleted by admin]

Answer:YOUR SYSTEM IS INFECTED! - able to get log file but no internet and no safe mode

Welcome the Computer Hope message boards.I have noticed you have not followed the guidelines set by Evilfantasy. Please follow the guidelines he has posted Here. After you have done them, a malware removal specialist such as Evilfantasy or CBMatt Will come shortly to assist you.

1 more replies
Relevance 59.04%

Hello,I am dealing with a problem a few days now and I can't find a solution for it.When i boot my pc, windows load to desktop and after a minute or so i get a blue screen with the error message:QUOTESTOP: 0x0000008E (0xC0000005, 0x80635AC1, 0xB490796C, 0x00000000)Also nod32 icon was red but i couldn't click on it (windows were buzy loading other programs).I booted pc in safe mode and tried to run nod32 but it wouldn't start. I uninstalled it and tried to install Kaspersky but due to safe mode i couldn't install it. I then downloaded malwarebytes and run a full scan.This is the log from the scan:QUOTEMalwarebytes' Anti-Malware 1.44Database version: 3554Windows 5.1.2600 Service Pack 2 (Safe Mode)Internet Explorer 6.0.2900.218014/1/2010 12:46:54 ???mbam-log-2010-01-14 (00-46-54).txtScan type: Full Scan (C:\|G:\|H:\|)Objects scanned: 554114Time elapsed: 1 hour(s), 37 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 6Registry Values Infected: 3Registry Data Items Infected: 1Folders Infected: 2Files Infected: 4Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft&#... Read more

Answer:Infected, Blue Screen, PC only Boots in Safe Mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 59.04%

I am infected with numerous items. Can only boot in SafeMode. Removed multiple items multiple times.EMachines, T6412, AMD Athlon 64, 3400+, 2.19 GHz, 1.37 GB of Ram, Windows XP SP2Can only boot in Safe Mode.Booted without Internet. And Unplugged Ethernet from computer.Pop-ups include:Your computer is not protected against spyware....Internet attack attempt detected......your computer is infected with spyware...Your Computer is working slowly.....Windows Security Center System Warningfull screen "Threat: CoolWebSearch"Windows Security Centerfull screen "Threat Name: TrojanDownloader.XS"SpyBot (updated to the latest) has removed the following but they do not stay removed and I have removed them again many times. Wait 10 minutes, ran SpyBot again, they return again without rebooting.:ClientManCoolWWWSearchCoolWWWSearch.008kCoolWWWSearch.Aff.ledllCoolWWWSearch.AffWinshowCoolWWWSearch.BlowSearchCoolWWWSearch.BootconfCoolWWWSearch.DreplaceCoolWWWSearch.GonnasearchCoolWWWSearch.LeftoversCoolWWWSearch.SmartSearchCoolWWWSearch.SvcinitCoolWWWSearch.WCADWCoolWWWSearch.WinResCoolWWWSearch.WinSearchCoolWWWSearch.YexeMicrosoft.WindowsSecurityCenter.TaskManagerSmitfraud-C.Smitfraud-C.genericSmitfraud-C.gpToolbarCCWin32.Small.nyRan AVG Antivirus numerous times - Vault items. Some repeat:Trojan horse Downloader.Purityscan.yTrojan horse Downloader.Agent.15.ATrojan Horse Sheur.BJSJTrojan horse Generic10.VYBTrojan horse Downloader.Generic7.MCBTrojan horse Downloader.Generic7.... Read more

Answer:Infected With Numerous Items. Can Only Boot In Safe Mode

Hi, PaulDH Welcome.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Please post the "C:\ComboFix.t... Read more

12 more replies
Relevance 59.04%

My cousin's mouse stopped working on his computer after installing a game expansion. He asked me to try to fix it and I noticed his computer was heavily infected with viruses. I've removed a lot of malicious files through Malwarebytes' Anti-Malware; however, the mouse still doesn't work, and I think there are still viruses. I also tried to reinstall the drivers for the mouse off the manufacturer's website(Logitech), but it didn't help. Since the mouse only works in safe mode, I can only run GMER in safe mode.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Administrator at 19:10:45.24 on Mon 09/20/2010Internet Explorer: 7.0.6000.16643Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2813.2149 [GMT -7:00]AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svcho... Read more

Answer:Mouse only works in safe mode, infected with viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

11 more replies
Relevance 59.04%

W32/Blaster.worm has infected laptop. Can't get on web. Can't get in safe mode.
From my cell phone I have been researching and it seems to be an old virus.
I am getting security warning/malicious program.
Firewall warning: Hidden file transfer to remote host has been detected. There is a remote host transfer IP: 25.92.229.139.
And it make a pig squeal sound when I start it up!
Please help! Thank you!

Answer:W32/Blaster.worm has infected laptop. Can't get on web. Can't do safe mode.

Please do the following:Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst.exe (for x64 bit version type e:... Read more

2 more replies
Relevance 59.04%

I'm trying to help fix a friend's infected machine. I don't know what caused it but i can not run most of the malware removal tools.

The XP SP2 PC is getting continuous bad image errors pointing to a file called "UACxtcujhcadh.dll" - not a valid Windows Image.
Can not run any program without these error messages and the standard malware tools won't run.

The machine will only boot into safe mode, otherwise will get a blue screen with Driver_IRQL_Not_Less_or_Equal after login.
I've run a RootRepeal and will include the log.

Thank you in advance for any suggestions. Any idea which infection I might be dealing with here?

Answer:Infected, Can't run removal tools, only boot into safe mode

Go ahead and close this. I can not get any programs to run. RootRepeal can not access the boot sector and it throws up an error that it can not read the registry.

I'm going to wipe this machine so this can be closed.

2 more replies
Relevance 59.04%

Hi all - this is my first ever post to a forum - normally I google my problems and find the solution, however this one seems pretty gruesome. I have checked around various forums for a day now, with no luck so far. As I am new to this, please excuse any gross violations of etiquette Here is the scenario:

A friend of mine from work approached me about some of his computer problems (frequent pop-ups, etc...), as I installed AVAST! Home for him a few months back. (His PC specs are: - compaq presario desktop, windows XP home SP2, AMD Sempron 3200+, 1ghz, 512m RAM, 80gb HD)
I suspected that he had not kept his free registration current, and that Avast expired and he had accumulated some viruses, spyware, trojans, etc... So trying to help out, I met him at the computer store, recommended that he purchase Zone Alarm Internet security (antivirus, anti-spyware, firewall...) and installed it for him. After installation, a dialog box opened suggesting I restart the computer, which I did(thinking back to my own machine, I do not recall having to restart after installing zone alarm - I think I may have inadvertently messed up here, because I had not even scanned for viruses/spyware, yet once the computer restarted, it would not boot normally) - I had to start in safe mode with networking. I figured that I would scan for viruses in safe mode anyway, and that should get rid of whatever was causing the problem. Found 39 infected files - Zone Alarm cleaned all but one of them - it reported... Read more

Answer:Severely infected computer - will now only boot into safe mode

6 more replies
Relevance 59.04%

Hi folks,

I'm on windows XP.

When computer first loads up I get this message:
"avgwdsvc.exe encountered a problem and needed to close"

internet explorer and firefox do not work. However, IE works when started "with no add ons" and firefox works in safe mode. Email works.

I'm worried I have a virus. I'm not able to run avg to do a virus check because it crashes every time it is loaded.

I've installed and run three anti malware programs but the problem is still present

Would really appreciate some help.

Cheers,

More replies
Relevance 59.04%

Computer has the $*&#^ Windows Police Pro bug. It won't let me do anything. Starts in Safe mode - sort of - but virs had everything locked up tight and keeps blocking me from bringing up task bar etc - everything I try says blocked by admin - NOT - blocked by virus! Tried setting to last known good config, downloaded combofix, malwarebite, cc cleaner,fix.exe and a few others to flash drive but no good - won't let me run or access ANYTHING but the darn virus. I don't have a task bar - no start menu so all the fixes I have researched for DAYS won't work because virus has a strangle hold(I would like to get a strangle hold on the WORM that invented this thing!) PLEASE smart people I BEG of you HELP me!!! PLEASE!:cry
 

Answer:Infected with Windows Police Pro- can't start in safe mode, won't let me do ANYTHING!

Re: Infected with Windows Police Pro- can't start in safe mode, won't let me do ANYTH

See if you can do both of these things:

Win32KDiag - How to run

Using Inherit to correct program execution permissions issues
 

3 more replies
Relevance 59.04%

Hello,

Could someone please help, I have lost control of my laptop. If I boot into normal mode the computer freezes and I have to turn it off manually. In safe mode I cant run Hijackthis or Avast. Microsoft Security Essentials cannot update.

Malwarebytes Anti-Malware has not found any infections.

I have ran TDSSKiller and pasta the log below. It found 8 threats but dont know what to do it them.

Im running Win 7 Pro.

Any help would be much appreciated, thanks
15:00:04.0499 2600 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
15:00:04.0619 2600 ============================================================
15:00:04.0619 2600 Current date / time: 2012/06/21 15:00:04.0619
15:00:04.0619 2600 SystemInfo:
15:00:04.0619 2600
15:00:04.0619 2600 OS Version: 6.1.7601 ServicePack: 1.0
15:00:04.0619 2600 Product type: Workstation
15:00:04.0619 2600 ComputerName: Scorpio
15:00:04.0619 2600 UserName: Administrator
15:00:04.0619 2600 Windows directory: C:\Windows
15:00:04.0619 2600 System windows directory: C:\Windows
15:00:04.0619 2600 Running under WOW64
15:00:04.0619 2600 Processor architecture: Intel x64
15:00:04.0619 2600 Number of processors: 4
15:00:04.0619 2600 Page size: 0x1000
15:00:04.0619 2600 Boot type: Safe boot with network
15:00:04.0619 2600 ============================================================
15:00:05.0039 2600 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder... Read more

Answer:Badly Infected - Cannot Run Avast or HijackThis in Safe Mode

Hello again, I was reading through other posts and installed combo fix. Maybe this might be of some help too

Thanks

ComboFix 12-06-21.01 - Administrator 21/06/2012 15:44:35.1.4 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.353.1033.18.8089.6972 [GMT 1:00]
Running from: c:\users\Administrator.AccessCentre-PC\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Access Centre\AppData\Local\TempDIR
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\instsrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 13:50 . 2012-06-21 13:50 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BFA3D38-DCC1-4969-9747-699DB7E1B76A}\offreg.dll
2012-06-18 11:27 . 2012-06-18 19:33 -------- d-----w- c:\users\Administrator.AccessCentre-PC\AppData\Roaming\EndNote
2012-06-18 11:27 . 2012-06-18 11:27 -------- d-----w- c:\program files (x86)\Co... Read more

2 more replies
Relevance 59.04%

Hi,
 
I have a laptop running windows 7 that has been infected with Antivirus Security Pro.  When I try to start in Safe Mode the computer keeps restarting before I can do anything.
 
I can not download any malware removal or any other software.
 
I can not seem to start any programs.

Answer:Infected with Antivirus Security Pro, will not let me start in safe mode

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with FRST (Recovery Environment)To run FRST on Vista and Windows7:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into ... Read more

36 more replies
Relevance 59.04%

Hello,
 
I have a Dell laptop which is infected with Infected Antivirus Security Pro, will not let me start in safe mode:
Windows 7 Home Premium, P4 Dual Core T4300 2.10GHz, 4.00 GB,  64Bit 500GB HD.
 
I tried running malwarebytes and all .exe file execution are blocked by Antivirus Security Pro, tried to restart in safe mode as soon as it gets to desktop it shuts down and restarts.
 
Need help removing please, Thank you

Answer:Infected with Antivirus Security Pro, will not let me start in safe mode

Before you do anything just try and "activate" it using this code, its a longshot but sometimes it works and you will be able to run malwarebytes and other tools
 
AA39754E-715219CE
 
See video for help on to do this
http://www.youtube.com/watch?v=y58O8bqx9sQ

6 more replies