Computer Support Forum

Antivirus Security Pro - no safe mode, need FRST reading

Question: Antivirus Security Pro - no safe mode, need FRST reading

Good evening--I've been reading through a lot of posts, and it appears after an FRST scan some of the moderators will create a customized fixlist.txt to combat the specific problem. The Windows Home Premium 64-bit box has all the classic symptoms of Antivirus Security Pro with the added bonus of not being able to boot into safe mode. I can run the FRST tool, and I've attached the FRST.txt and Addition.txt results, but I can't read them very well.
 
Can anyone shed some light on next steps? Please let me know if you need any additional information!
 
Thanks in advance!

Relevance 100%
Preferred Solution: Antivirus Security Pro - no safe mode, need FRST reading

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Antivirus Security Pro - no safe mode, need FRST reading

Hello gr33d,Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.If you do not understand any step(s) provided, please do not hesitate to ask before continuing.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.I will be analyzing your log. I will get back to you with instructions.Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
HKLM\...\Run: [AS2014] - C:\ProgramData\ahrpDns3\ahrpDns3.exe [779952 2013-11-21] ()
HKCU\...\Run: [AS2014] - C:\ProgramData\ahrpDns3\ahrpDns3.exe [779952 2013-11-21] ()
() C:\ProgramData\ahrpDns3\ahrpDns3.exe
BHO-x32: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll No File
SearchScopes: HKCU - {F93F4163-A32E-4853-9B49-146E56F3DED6} URL = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid=&mid=4d3d49bc876d47d18b05fd6e91fb63a1-487549debec544122ffa7af036a0103a73480a33&lang=en&ds=AVG&pr=fr&d=&v=&pid=AVG&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {4F035BC5-61C7-4CE7-BD72-2A4B0F0A0379} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C31B46F9-2E46-4513-A487-A561E66D9B89&apn_sauid=6B82324E-62FB-4897-B502-7051E05029B2
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid=&mid=4d3d49bc876d47d18b05fd6e91fb63a1-487549debec544122ffa7af036a0103a73480a33&lang=en&ds=AVG&pr=fr&d=&v=&pid=AVG&sg=&sap=dsp&q={searchTerms}
2013-11-24 06:35 - 2013-11-25 18:05 - 00001668 _____ C:\Users\Owner\Desktop\Antivirus Security Pro.lnk
2013-11-24 06:35 - 2013-11-25 18:05 - 00000118 _____ C:\Users\Owner\Desktop\Antivirus Security Pro support.url
2013-11-22 06:03 - 2013-11-22 06:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-11-21 05:44 - 2013-11-22 06:06 - 00000000 ____D C:\ProgramData\ahrpDns3
HKLM\...\Winlogon: [Userinit] userinit.exe,,C:\ProgramData\ahrpDns3\ahrpDns3.exe -sm,
CHR HomePage: hxxp://mysearch.avg.com/?cid=&mid=4d3d49bc876d47d18b05fd6e91fb63a1-487549debec544122ffa7af036a0103a73480a33&lang=en&ds=AVG&pr=fr&d=&pid=safeguard&sg=&v=&sap=hp
CHR RestoreOnStartup: "hxxp://mysearch.avg.com/?cid=&mid=4d3d49bc876d47d18b05fd6e91fb63a1-487549debec544122ffa7af036a0103a73480a33&lang=en&ds=AVG&pr=fr&d=&pid=safeguard&sg=&v=&sap=hp"]},"tabs":{"use_vertical_tabs"
2013-11-22 06:03 - 2013-11-22 06:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
C:\Users\Owner\AppData\Local\Temp\ose00000.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options.On Windows XP: Now please boot into the BartPE CD.Run FRST64 and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Can you now boot into regular and safemode?

4 more replies
Relevance 81.2%

Hello, the topic above says it all, here is the FRST.txtScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013Ran by SYSTEM on MININT-8B86AOH on 08-11-2013 14:59:36Running from F:\repairWindows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe [424448 2007-05-06] (SigmaTel, Inc.)HKLM\...\Run: [MyFunCards Home Page Guard 64 bit] - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\AppIntegrator64.exe [548936 2013-08-02] ()HKLM\...\Run: [AS2014] - C:\ProgramData\9npDn373\9npDn373.exe [560776 2013-10-28] ()HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\9npDn373\9npDn373.exe -sm,HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)HKLM-x32\...\Run: [ShopAtHomeWatcher] - C:\Users\User\AppData\Roaming\ShopAtHome\ShopAtHomeH... Read more

Answer:Win7 Ultimate - Antivirus Security Pro - can't boot into safe mode - used FRST

to BC, jasonbrianmerrill!Will be back with instructions shortly.

2 more replies
Relevance 82.41%

Help I cannot get ito safe mode to remove Antivirus Security Pro! Please can someone help me?!

Answer:Antivirus Security Pro - won't allow Safe Mode

I also am running win7 64bit

6 more replies
Relevance 82.41%

A friend brought me a computer because Anitvirus Security Pro would keep running on her laptop. I have had this on different computers and have been able to clean them but this one is really a beast.
 
Her system is running Win 7  the laptop is not allowing the system to boot in Safe Mode and It will also not allow access to Regedit or MSCONFIG. Any suggestions on getting control of the system back?

Answer:Antivirus Security Pro - won't allow Safe Mode

here is my frst file
 FRST.txt   19.44KB
  2 downloads

28 more replies
Relevance 81.18%

Hi all, First time here at BleepingComputer.com. I just took a look through some of the forums and it looks like there's a fellow named "Gringo" who is adept at this one and may be able to help me out. I've got a computer that has the Antivirus Security Pro virus on it and it's beating me up pretty badly. I can't boot into safe mode, nor can I load any programs to clean it up. What can I do to get this off my system? Thanks for the help. DK.Edit: Moved topic from Anti-Virus and Anti-Malware Software to the more appropriate forum. ~ Animal

Answer:Antivirus security pro won't let me boot into safe mode

I'll report this topic to appropriate helpers.
1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?
Hold on there....

4 more replies
Relevance 81.18%

Hi, my mothers Compaq Presario Windows 7 became infected with Antivirus Security Pro.  I have tried to boot into safe mode with and without networking to no avail, it will look like it is working in but will bring up the windows screen and then indicate that it is logging off. I am unable to bring up tskmgr, mbam or rkill in regular mode.  Per a previous post I ran fst64 to get the information and am copying it below: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013Ran by SYSTEM on MININT-5T4B15L on 18-10-2013 14:58:14Running from H:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)HKLM\...\Run: [AS2014] - C:\ProgramData\6DXrl3Xn\6DXrl3Xn.exe [659096 2013-10-18] ()HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\6DXrl3Xn\6DXrl3Xn.exe -sm,HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solut... Read more

Answer:Antivirus Security Pro - Won't let me boot into Safe Mode

One more thing, in looking at the above log, is shows several restore points, however, when I tried to to access them, I was told that system restore was turned off.

8 more replies
Relevance 81.18%

Hello my name is Austin,
 
As many other posters this past month, my father recently got infected with the Antivirus Security Pro Malware. I built this computer 8 months ago for my father, so I'm almost responsible for anything wrong with it. I'm a novice at most programming lingo, but I am really good at following processes, as it's what I do for a living. I WILL be donating to the person helping, my father needs his computer to do work this weekend. So before we start this process, I want to say "Thank You" in advance.
 
Any way, I tried doing the bleepingcomputer.com solution for the malware, but I have not been able to enter safe mode (shuts down soon after log in).
 
I read a post today on the first step of run the frst.exe file in the infected computer. Please let me know if you prefer for me to paste the report results within my post or attach the file. Here are the text results:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-IPBE6V6 on 18-10-2013 17:10:41
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msse... Read more

Answer:Antivirus Security Pro Malware - No Safe Mode

Justsalsa,
 
 
to BC Forums!!
 
Thanks for the FRST report. I am presuming it was run from a USB pen drive.
 
Let's see if the following works for you to remove the Antivirus Security Pro Malware ...

  Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below
Save it to the USB pen drive, and name it: fixlist.txt
 
start
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
HKLM-x32\...\Run: [] - [x]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\   \...\???\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\GoogleUpdate.exe"
C:\Users\RichardRice\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\pvqdkqkjvbllroblbxh.reg
end

Once again, run FRST64 as you did before.
When the tool opens click Yes to disclaimer.
Now, press the Fix button, just once, and wait.
 
When done, FRST produces Fixlog.txt on the USB pen drive.
 
>> Please provide the Fixlog.txt on your reply.
 
 
  If (which I doubt) the computer is still under the 'spell' of the Antivirus Security Pro Malware, look for its shortcut on your Desktop .
Next, go to Control Panel > Folder Options
Click the View tab
Select/check: Show hidden files, folders and drives
Click: Apply > OK
 
Right click on the Antivirus Security Pro icon on... Read more

3 more replies
Relevance 81.18%

Hey Forum!! I have a lappy here with a special version of this normally easy to remove virus and I need some assistance. Per other forum post instructions, I have scanned with FRST and here is my log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by SYSTEM on MINWINPC on 07-10-2013 11:15:50
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [hpqSRMon] - [x]
HKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [AS2014] - C:\ProgramData\gX3ga333\gX3ga333.exe [550552 2013-10-04] ()
HKLM\...\Winlogon: [Userinit] c:\windo... Read more

Answer:Antivirus Security pro cant boot into any safe mode

Hello Huludrock I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

3 more replies
Relevance 81.18%

My dad's flash drive was infected with Antivirus Security Pro, yesterday I plugged it into my laptop and it got infected
I tried to remove it as I did on his computer but I just doesn't let me boot into Safe Mode, as it automatically reboots the system
I've googled about this and read some topics on this forum about this
as I read some things about the virus getting smarter, I've already did those FRST things and here is the log, as I know there's one specific way to do to each user
I'm posting on this section cause I realized I could've posted on wrong section before

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by SYSTEM on MININT-2JK5KHB on 28-09-2013 21:05:33
Running from G:\
Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [L... Read more

Answer:Antivirus Security Pro won't let me boot into Safe Mode

Hello pedrofortunato I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the... Read more

25 more replies
Relevance 81.18%

We have a user who got the Antivirus Security Pro virus and I'm trying to remove it. All "how-tos" say to boot into safe mode, but this version of the virus won't allow me to do so, either with command prompt, networking or without. Without safe mode, I'm not sure how I'll be able to remove it. Any ideas would be great.

Answer:Antivirus Security Pro Removal - No Safe Mode

I'll report this topic to appropriate helpers.
1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?
Hold on there....

2 more replies
Relevance 81.18%

I read the Antivirus Security Pro Removal Guide for this site but I cannot get into safe mode.  The F8 key doesnot work and I cannot run msconfig either so i am kind of stuck.  HELP

Answer:Antivirus Security Pro removal but cannot get into safe mode

Hello ac lets see if we can get a DDS log as per this guide...Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.Let me know if all went well.

7 more replies
Relevance 81.18%

Computer infected with Antivirus Security Pro; cannot successfully log on with Safe Mode as computer reboots at log on.

Answer:Antivirus Security Pro will not allow me to boot up in Safe Mode

KellyV6726,
 
to BC Forums!
 
When you start the computer and tap the F8 key until you get to the Advanced Boot Options menu, are you able to use
the arrow keys to select the Repair your computer menu item?
 
From there...
Select your language settings, and click: Next
Select your User account and click: OK (If you did not set a password, leave blank.)
 
On the System Recovery Options menu do you get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors
Command Prompt
 
Are you able to select the Command Prompt?

7 more replies
Relevance 80.36%

Won't let me do anything,try and boot to safe mode and it will kick me out and restart normally.
I have read alot of the topics on this issue,and have a flashdrive downloaded with the relevant stuff (combofix/dds etc..) that i've seen suggested.
All I have used so far is the FRST64 log.
Here is the applicable log,thanks for any help.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-6Q31KRG on 05-10-2013 23:53:47
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [Webfetti Home Page Guard 64 bit] - C:\Program Files (x86)\Webfetti_52\bar\1.bin\AppI... Read more

Answer:Antivirus Security Pro infection-Safe Mode inop

Hello DefEddie I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

16 more replies
Relevance 80.36%

Hi,
 
I have a laptop running windows 7 that has been infected with Antivirus Security Pro.  When I try to start in Safe Mode the computer keeps restarting before I can do anything.
 
I can not download any malware removal or any other software.
 
I can not seem to start any programs.

Answer:Infected with Antivirus Security Pro, will not let me start in safe mode

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with FRST (Recovery Environment)To run FRST on Vista and Windows7:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into ... Read more

36 more replies
Relevance 80.36%

A friend brought me a computer because Anitvirus Security Pro would keep running on his moms laptop. I have had probably 5 different computers that have had this on them and have been able to clean them but this one is really a beast.
His system is running Win 7 and he tried a number of things before bringing it to me with no luck.
I printed off the Anitvirus Security Pro Removal instructions from this site but the laptop is not allowing the system to boot in Safe Mode and It will also not allow access to Regedit or MSCONFIG.
Any suggestions on getting control of the system back?
 
Thanks
John
 

Answer:Antivirus Security Pro - won't allow Safe Mode, Regedit or msconfig

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with FRST (Recovery Environment)To run FRST on Vista and Windows7:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into ... Read more

38 more replies
Relevance 80.36%

Hey there,
 
My computer has recently been attacked by the Antivirus Security Pro virus. I'm a little lost on how to recover my computer because I can't boot into safe mode. I was told to purchase antivirus software to remove the ASP virus and install it in safe mode, but I can't even reach safe mode. Please help if you can!
 
Thanks,
 
CarPanthers

Answer:Antivirus Security Pro problems (can't boot into safe mode)

Can't boot in Safe Mode with Networking? (Antivirus Security Pro Virus blocks Safe Mode with Networking)
If you have more than one user account in your operating system - please log-in to the clean account and download the recommended anti-spyware software, install it and run a full system scan, remove all the security infections it will detect, however if you have only one user account please follow this guide (this guide will show you how to create a new user account using safe mode with command prompt - using this newly created user account you will be able to remove Antivirus Security Pro virus).
If Antivirus Security Pro virus also blocks your operating system's Safe Mode with Networking follow these removal instructions:
1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
 
2. When command prompt mode loads enter the following line: net user removevirus /add and press ENTER.
 
3. Next enter this line: net localgroup administrators removevirus /add and press ENTER.
 
4. Finnaly enter this line: shutdown -r and press ENTER.
 
5. Wait for your computer to restart,  then boot your PC in Normal Mode and login to the newly created user account ("removevirus"). This account won't be affected by the infection and you will be able to downlo... Read more

2 more replies
Relevance 80.36%

So I found a previous topic that I couldn't reply to and here is what I have done...
It suggested that I use the Farbar Recovery Scan Tool via the system recovery options.  Here were my results....
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by SYSTEM on MININT-JR029EJ on 30-10-2013 21:35:02
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe [548936 2013-05-20] ()
HKLM\...\Run: [AS2014] - C:\ProgramData\DV7Uns33\DV7Uns33.exe [560776 2013-10-30] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\DV7Uns33\DV7Uns33.exe -sm,
HKLM-x32... Read more

Answer:Antivirus Security Pro Virus won't boot Safe Mode

Hello scagigal I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

3 more replies
Relevance 80.36%

Hello,
 
I have a Dell laptop which is infected with Infected Antivirus Security Pro, will not let me start in safe mode:
Windows 7 Home Premium, P4 Dual Core T4300 2.10GHz, 4.00 GB,  64Bit 500GB HD.
 
I tried running malwarebytes and all .exe file execution are blocked by Antivirus Security Pro, tried to restart in safe mode as soon as it gets to desktop it shuts down and restarts.
 
Need help removing please, Thank you

Answer:Infected with Antivirus Security Pro, will not let me start in safe mode

Before you do anything just try and "activate" it using this code, its a longshot but sometimes it works and you will be able to run malwarebytes and other tools
 
AA39754E-715219CE
 
See video for help on to do this
http://www.youtube.com/watch?v=y58O8bqx9sQ

6 more replies
Relevance 80.36%

One of my salesmen's laptops is infected with Anitvirus Security Pro. His system is running Windows 7 Professional SP1. The system will not boot in Safe Mode (it loads through the welcome screen and then immediately logs out and restarts in normal mode) and It will also not allow access to task manager, Regedit or MSCONFIG.
 
Any assistance would be appreciated! Thanks.
 
Beth

Answer:Antivirus Security Pro - won't allow safe mode, regedit, msconfig

Hello BethI would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", thi... Read more

4 more replies
Relevance 79.54%

Hi - I was following another post where Afflack (splng?) was helping someone with the same issue.  I was able to create a FRST text file as he instructed.  However, in the post I was following, Afflack took this info and created a fix file for the user's computer.  I am hoping the same can be done for me.  Here is the contents of the FRST scan.  If I need to provide anything else, please let me know.
Thanks - Dinx
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by SYSTEM on MININT-K0HBV6E on 01-11-2013 14:12:54
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2010-06-09] (Symantec Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Micr... Read more

Answer:Infected with Antivirus Security Pro and cannot start Windows 7 in Safe Mode

Sorry for the mis-spelling - the person who was helping was Aaflac.

3 more replies
Relevance 79.54%

In step 2 of the self-removal process I need to reboot my computer in safe mode with networking. I do that and soon after my computer logs me off and restarts. What gives?

Answer:Infected with antivirus security pro - safe mode shuts down computer

I'll report this topic to appropriate helpers.
1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?
Hold on there....

3 more replies
Relevance 79.54%

I am having the same issue posted by KellyV6726.  I have the "Antivirus security pro" virus but can't follow the fix instructions because it won't let me boot in Safe Mode of any form.   I followed the instructions from Aaflec in KellyV6726's  post and created a FRST.txt file, which I'll paste below.  Since Aaflec took Kelly's FRST file and created a fix file, I am hoping someone can do the same for me - or tell me how to do it.  (I initially posted this issue in the "Am I infected" forum, but received no replies so I'm assuming that was not the right place!) 
 
The contents of my FRST file:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by SYSTEM on MININT-K0HBV6E on 01-11-2013 14:12:54
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [ccApp] - C:\Program Files\Common F... Read more

Answer:Infected with Antivirus Security Pro and cannot start Windows 7 in Safe Mode

Hello Dinx I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", th... Read more

26 more replies
Relevance 78.72%

...and followed them to boot into the System Recovery Options and through the Command Prompt I've ran FRST and here is the log it generated-- trying to fix my dad's laptop, any help appreciated!
 
Yoni
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-G8V99FN on 12-10-2013 17:56:56
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [AS2014] - C:\ProgramData\7ga7sn37\7ga7sn37.exe [683632 2013-10-10] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\7ga7sn37\7ga7sn37.exe -sm,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Progr... Read more

Answer:Antivirus Security Pro, can't boot to safe mode, read previous threads...

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
Download the following file => [attachment=142702:fixlist.txt] and save it to the USB Flash Drive.NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
 
Regards,
Georgi

6 more replies
Relevance 78.72%

After removal Antivirus Security Pro virus with Malwarebytes Anti-Malware and SpyHunter 4 my e-mail AOL stopped working. I tried to restore the Dell Studio 540 computer to an earlier date. It did not help. I tried several earlier dates in safe mode. After that Windows 7 boots only in Safe mode whatever I do (msconfig, services.msc...). I conducted all diagnostics via F12 - everything is OK; F8 - reboot in normal mode - it does not, again in safe mode. 

Answer:After removal Antivirus Security Pro virus computer boots only in safe mode

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/507569 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 78.72%

Hello!
 
I'm trying to help a friend clean up her laptop.  It is a Windows 7 64-bit laptop infected with Antivirus Security Pro, and it is preventing safe mode (i.e. it comes up to the welcome screen, and then automatically does a restart.
 
I attempted to use the farbar scanning tool per the instructions in another post, but when I enter the H:\frst64 command, it simply returns to the command prompt.  Nothing else happens.
 
The windows version shows as 6.1.7600 when I bring it up in recovery mode.
 
Would certainly appreciate any guidance on how to move forward.  I fear that her backups may be compromised as well...
 
Thanks in advance.
 
 
 

Answer:Antivirus Security Pro, will not let me start in safe mode, farbar doesn't load

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Kaspersky Windows UnlockerDownload Kaspersky Rescue Disk (iso)Burn it to a cd or dvd, if you need a program to burn an ISO...use [email protected] ISO BurnerConfigure your computer to boot from CD/DVDNote : If you do not know how to set your computer to boot from CD/DVD follow the steps h... Read more

6 more replies
Relevance 78.72%

Here is my FRST log. I have tried numberous methods and nothing else has worked. I can't get into safe mode, so I can only hope one of you can help me with a fixlist.txt to help. If not, it's on to reload.



View attachment Fixlog.txt



Thanks
PC
 

Answer:FBI Ransomware, no safe mode...frst log uploaded. HELP

View attachment FRST.txt



Apologies, This is the correct frst.txt file
 

2 more replies
Relevance 77.9%

Hallo:
 
I have been infected by Antivirus Security Pro and am unable to remove it by booting into safe mode as the machine automatically re-starts. I have been able to start the machine in recovery mode, run frst.exe and create a log. This is attached. If it is possible to assist me I would be very grateful.
 
best wishes
 
Mark
 

Answer:Antivirus Security Pro - How do I get rid of it? Frst log attached

Hi,
 
Please download the following file =>  and save it to the USB.NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST as you did before and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Regards,
Georgi

7 more replies
Relevance 75.85%

Hi all!
 
I am starting a new topic as instructed here: http://www.bleepingcomputer.com/forums/t/565527/problem-running-xp-in-safe-mode-drivers-listed-for-safeboot/
 
After having ran approximately 40 anti-spyware programs, IMHO my computer is close to spyware-free, having eliminated somewhat 300-400 threats totally. The most obvious symptoms have been successfully resolved (esp. my WLAN having trouble initializing), however...
 
Now I am having a problem running Microsoft Windows XP Professional SP3 in Safe Mode. After a few minutes the computer shuts itself down without any error message. And after a manual cold start (30 seconds), the following pops up on the screen: "CPU Overtemperature failing. Press F1 to resume." And after this, Windows starts normally.
 
I therefore ran FRST in an attempt to document this problem, logs are below:
 
I am aware of CleanHlp and CleanHlp.sys both belonging to EAM, which I successfully tried out a couple of months ago, however WdfLoadGroup seems to be Microsoft-related.
 
Please review my logs and create a fixlist which I can use with FRST in order to fix this problem, and whatever other entries you may notice as malicious, unnecessary or wrong and therefore should be removed.
 
Thank you very much in advance for the help!
 
Regards,
midimusicman79
 
 
FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015
Ran by Torbjoern Martin (administrator) on EGE... Read more

Answer:Leftover drivers compromising Safe Mode - Need help reviewing FRST logs

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/565658 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

9 more replies
Relevance 74.62%

As the good mama's boy I am, I am trying to ridd my mother's computer from a particularly malicious infection.
 
After a good amount of hours spent, I have managed to ridd the system of the Antivirus Security Pro malware, taking away all the annoying popups et al. Malwarebytes was used to try to clean out all there was.
 
Unfortunately some problems persist, and an infection is still preventing downloads from the web (and consequently e.g. upgrades to windows security essentials.
 
Rkill identifies the problem as ''zeroaccess rootkit symptoms found''.
 
Googling this took me to the following entry at this forum. I have run farbar recovery scan tool including drivers MD5 as instructed, and it did pick up on quite a few things. The question is how to write a proper fixlist.
 
I am extremely greatful for any help I can get in this regard. All I can really offer in return is topay it back or forward in terms of microsoft excel help, as that is an area of expertize.
 
Anyway, here is the log from farbar (also attached, felt I had mixed messages there as to custom on this forum):
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by SYSTEM on MININT-5BPMVLA on 13-11-2013 00:42:37
Running from G:\Sikkerhet
Windows 7 Starter (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from... Read more

Answer:Antivirus Security Pro + zeroaccess rootkit symptoms found (rkill, FRST)

Hello Black Monday I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the s... Read more

24 more replies
Relevance 70.11%
Question: Safe reading mode

I can't load programmes from the PCA disk because I am in safe reading mode,how do I change this

Answer:Safe reading mode

Assuming you are talkig about viewing something with Foxit reader then click here

2 more replies
Relevance 69.29%

Hi.

I can't update my antivirus : BitDefender Free Edition v10.

I also can't enter windows xp in safe mode. An error msg will come out (like computer crash, in blue screen).

I also can't enter or scan online from any antivirus website.

Could this be virus?

Answer:Can't update antivirus, can't access any antivirus website, can't enter safe mode.

Hello it most likely is..I am moving this topic to the Am I Infected forum. Can you do these?You will need to Download and Run DDS which will create a Pseudo HJT Report as part of its log..If for some reason you cannot perform a step, move on to the next.Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help . Then go here Virus, Trojan, Spyware, and Malware Removal Logs ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

3 more replies
Relevance 65.6%

Sorry put post as tittle ....I keep getting out of range 75kHz / 60Hz message on a LG monitor....whenni goninto safe mode...I don't seems to begetting the correct chocies fornmontior resoulotionnand Colorado...etc...and settings don't stay whenni hit apply

Answer:settings in safe mode will not stay ....LGMontior kepps reading 75.0KHZ / 60Hz out of

Please give specific information concerning the components of your system.

1 more replies
Relevance 64.37%

Hi
 
I downloaded dodgy file last week. Afterwards my antivirus (Vodafone PC Protection) wouldn't run normally or in safe mode. Neither would AVG or malwarebytes. Before malwarebytes stopped its scan I glimpsed a message saying something like boot files hidden.
 
I decided to reinstall OS using drive partition.
 
Everything seemed fine until yesterday when I found a message saying the laptop had just recovered from a blue screen crash. Then this morning everything froze on startup. 
 
I can currently boot in safe mode but I can't run the antivirus.
 
I've just run Kaspersky TDSSKiller in safemode and when I included 'Loaded Modules' among objects to scan it reboots to normal, bypassing safe mode, then freezes at 75% installation of the Kaspersky utility. I can't copy and past the report. 
 
I guess my partition drive must have been infected as well. Any help would be greatly appreciated.
 
 
Evolver
Edited by hamluis, Today, 07:46 AM.Moved from Win 7 to Am I Infected - Hamluis..
 
Moderator Edit: Moved from the AII forum to the Malware Logs forum Due to Combofix Log
Roger

Answer:Antivirus won't run in safe mode

Have removed PUP.Optional.Conduit via MWB and a ton of trackers via Hitman Pro but the AV still won't open. 

5 more replies
Relevance 64.37%

My administrator disabled task manager when i tried to scan in safe mode neither d antivirus or windows defender will run

Answer:Antivirus will not run in safe mode

that is a virus defenitly a virus try to use command prompt if th works personal message me.else Download malwarebytes anti malware and rename the setup file to something random like sdggfhf and run it and install it.if the setup dosent terminate it will work.now goto the place were you installed malwarebytes rename the file mbam.exe to a random name too and run it.if it starts run a quick scan and remove the viruses then run a full scan.after all this is over(if)the task mgr will still not work.but i ll tell you how to after.

2 more replies
Relevance 63.55%

Hi, i am new to this forum and i have a pretty big problem with my computer. Dell Dimension 4550, windows xp home edition, service pack 3.

I first encountered the problem when i was bombarded by a ton of popups of random things in internet explorer, but i use opera as my main browser. so that was odd. The popups then turned into an automatic installation that looked to be authentic windows security center, but was a fake, and i could do nothing about it. if i ended the process, another would start.

The popups have now stopped, i ran superantispyware and found many viruses. I fixed all, but when i log onto windows, i get error messages of missing .dll files: ntuser.dll, calc.dll, sinuvili.dll, pofutuva.dll.

Another problem is my safe mode. when i attempt to run, a blue screen appears stating that windows has shutdown to prevent damage to computer, and at the bottom of screen i see: *** STOP: 0x0000007B (0xF7A46528, 0xC0000034, 0x00000000, 0x00000000)

I saw in another forum that to fix this, i could boot from the original xp disc, select "R" to repair, and enter "CHKDSK /R". I tried this, but nothing happened.

Another observation is my computer clock, it has changed to military time.

I have now tried to run a HIJACK THIS log, but i wasn't able to. So i ran rsit.exe, and came up with the attached log file.

Can someone please look over the log file and tell me if there is anything i can do? i am lost when it comes to this.

Thank you, ... Read more

Answer:Cannot Run antivirus programs, or run in safe mode.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\rsit\info.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

I need to see a gmer log in order to help you.

Delete your existing copy of gmer. Please run this special version of gmer:

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it... Read more

2 more replies
Relevance 63.55%

Okay so I am having major problems! Running Windows XP First I started getting all these BAD popups and nothing made them go away. So I ran a Ccleaner, and Spybot S&D. I was prompted to reboot. I did. when I got to log in screen, it immediately prompted an automatic reboot citing a NT Authority\system reboot. So I rebooted in safe mode with networking, tried to run antivirus. then I tried to run SuperAntiSpyware, it started to run, showed 2 trojans and something else, then stoped running and I no longer have access to it. So I tried running malewarebytes (also renamed it mb.exe). Same thing. Starts to run, dissapears then I no longer have access to it. Happened to spy bot S&D. Tried to access the online SuperAntiSpyware. No go. Runs, picks up 2 Trojans and quits working. HELP!!! I can not boot in normal mode.

I can not run a Hijackthis....

Answer:Can not run Antivirus, can only boot in safe mode

You mentioned that you booted into safe mode with networking.
Have you tried regular safe mode?

3 more replies
Relevance 63.55%

I have a host of problem that have developed of late. I installed a file conversion program called Audio Convert and during the install some odd 'windows related" messages came up. Awhile ago you helpedme solve an issue regarding a "No Disk" error. You saw that I had no antivirus engine and I've been tring with my IS{P to get their program working but still have had no luck, you suggested AVG and I tried and failed to get it to install and load properly. After that little incident recently, I've lost my "Run" button, after clicking stat, I ahve no Shut Down/REstart buttons, instead I have a switch user button. I lost my Msconfig, and can't restart in safe mode, in any of them, the computer goes into a restart.



I've got an HP Pavillion m7480n, P4 930, 2G of RAm, Wndow XP Media Center Edition, it's 2 months old



Can you help?

 




Relevance 63.55%

Okay so I am having major problems! Run ning Windows XP First I started getting all these porn popups and nothing made them go away. So I ran a Ccleaner, and Spybot S&D. I was prompted to reboot. I did. when I got to log in screen, it immediately prompted an automatic reboot citing a NT Authority\system reboot. So I rebooted in safe mode with networking, came here and have tried to follow read and run me first. Now every time I try to run SuperAntiSpyware, it starts to run, shows 2 trojans and something else, then stops running and I no longer have access to it. So I tried running malewarebytes (also renamed it mb.exe). Same thing. Starts to run, dissapears then I no longer have access to it. Happened to spy bot S&D. Came here and tried to access the online SuperAntiSpyware. No go. Runs, picks up 2 Trojans and quits working. HELP!!! I can not boot in normal mode.
 

Answer:Can not boot with out safe mode can not run any antivirus

Not trying to bump, I have an update...


I finally got combofix to work. Ran it. It detected a rootkit. It removed a bunch of infected stuff. This allowed me to boot in normal mode and download/run malewarebytes
I've also attached a couple of logs. Not sure if they are time stamped. But the order of running was
Root repeal last night
CF alog fter running it
Malwarebytes


I still can not run SAS but am actively trying.
 

6 more replies
Relevance 63.55%

Hi,
I have an infected windows XP SP2 pc.
I do not have any active antivirus software on this pc ( ESET NOD32 is expired).
1. I tried downloading a few free antivirus softwares like avira/avg/avast/MSE but was unsuccessful as -
a) either they do not support sp2 or
b) on clicking download the page does not load
2. I have tried running online antivirus softwares like bitdefender (cannot load) and ESET (after running the activeX control tried downloading the .cab file but nothing happened)

Following is the info from SysInfo -

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
Processor: Intel(R) Pentium(R) D CPU 2.66GHz, x86 Family 15 Model 4 Stepping 7
Processor Count: 2
RAM: 501 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 39997 MB, Free - 24258 MB; D: Total - 39997 MB, Free - 218 MB; E: Total - 39997 MB, Free - 222 MB; F: Total - 32624 MB, Free - 398 MB;
Motherboard: Gigabyte Technology Co., Ltd., G31M-S2L
Antivirus: ESET NOD32 Antivirus 4.0, Updated: No, On-Demand Scanner: Enabled
 

Answer:Cannot run antivirus scan even in safe mode

-----------------------------------------------------------
Be sure to read the information in these threads about Windows XP risks and options:
Derek's post here is a view of the risks : End of Support For Windows XP
You have already taken this risk with an SP2 machine, and lost the bet.
My post concentrates on software options for saving the machine: Windows XP - The Elephant In The Room
Read it very carefully.
Your machine will support the simplest of Linux systems, but really will not be satisfactory with ANY of the newer Windows.
I don't think trying to Fix this will produce a good result.
Almost all of our Fixing tools actually require XP Service Pack 3 to work, and installing Service pack 3 on an infected machine will usually fail or produce an unstable system.
This may be why the programs you are trying to use don't work.
Windows SP3 came out in 2008, and Support for SP2 ended in 2010.
 

2 more replies
Relevance 63.55%

If i restart in safe mode and run an antivirus scan with the AV installed on my PC, is that as good a scan compared to scanning in normal mode. (Do scans in safe mode miss anything that a scan in normal mode would pick up?)

Answer:AntiVirus scan in safe mode

you need to scan in normal mode not everything is running in safe mode

6 more replies
Relevance 63.55%

As I stated on my other post, my computer has been formatted for a month now. I?m using windows XP. My main antivirus (McAfee) just can?t complete a whole scan without the pc restarting by itself. It happens with all antivirus and anti malwares and some other kind of programs too. I just don?t know what to do anymore.

On the other post someone told me to try my scans on safe mode. McAfee restarted, SpyBot closed and couldn?t get open again and stinger had to close. Only hijack worked all the way through. I have disabled windows restore.
This is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:03, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARQUIV~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Softw... Read more

Answer:All Antivirus Canīt Go Through Even In Safe Mode (hijack Log)

Hello katia and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

3 more replies
Relevance 62.73%

My husband's friend brought his computer over. He thought he had a simple hijack situation. Whenever he opened IE, Firefox, Nortons, etc it woudl immediately close. My husband has tried numerous things. He cannot even get these programs to run in safe mode. Even in safe mode, these programs immediately close. We dont even know what we're trying to kill. Any suggestions???

Answer:Cannot run antivirus, antimalware, or internet even in safe mode

Sorry, he is on a Dell laptop, running XP.

1 more replies
Relevance 62.73%

I am newly registered to this great site. I am also a very infected Dad trying to remove Personal Antivirus from our family computer. I could not download/then launch Malwarebytes tool in normal mode. I am now following another thread trying to progress in save mode...

Any help advice is appreciated running malware quick scan...

Safe mode allowed download and quick scan now completed
Malwarebytes' Anti-Malware 1.38
Database version: 2283
Windows 5.1.2600 Service Pack 2

6/25/2009 8:07:06 PM
mbam-log-2009-06-25 (20-07-06).txt

Scan type: Quick Scan
Objects scanned: 112670
Time elapsed: 13 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 157
Registry Values Infected: 12
Registry Data Items Infected: 0
Folders Infected: 31
Files Infected: 193

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfu... Read more

Answer:Safe Mode Stage Personal Antivirus XP

For what its worth after copying th deleted files into this thread and closing down the priogram in safe mode and restarting in normal mode I was able to access the malware program and have found an additional 21 infected files full scan continues.....more to follow..

3 more replies
Relevance 62.73%

Hi all,

Last night my Acer Aspire One became infected with the Xp Antivirus 2012 virus. I have dealt with this once before and suspect it may be from a shared disk I used. Anyways, last time I was able to track the problem down using some tutorials, rkill, malwarebytes and a few other malware removal tools. This time though the damage was done too quickly. By the time I knew it, no programs would launch. I couldn't access the task manager either. My laptop froze and when I tried to reboot I'd get the laptop splash screen and then nothing. I attempted to boot in safe mode and no dice.

My next step was to use Hiren's Bootcd and use Mini Xp to boot up. I was able to do so successfully but once there I was not able to get much done to fix the boot up problem. I tried identifying the problematic system file in the system32/ drivers folder but found none than looked suspicious. There was no oddly named sys file with the size 0kb.

I am at a crossroads. Should I just back my files up (since I can access them with mini Xp) and restore windows to factory settings or do I have a chance to fix this thing?
Thanks!

Chris

Answer:Can't boot up using Safe Mode - XP Antivirus 2012

You could try to repair your Boot File? This can be done by selecting r when coming into the Disk or onboard Recovery. When asked type in fixboot That should get it booting again, but please, before you do any thing further Post in the "Am I Infected" Forum http://www.bleepingcomputer.com/forums/forum103.html and include a link to this? Once there you will get expert help on Malware.Ray.

43 more replies
Relevance 62.73%

Please help,

I'm running windows xp SP2 and have acquired "antivirus 2008". I tried following the steps in one of the forums disabling the needed things in AVG, and spybot, installing sdfix, and when I attempted to enter safe mode using the F8 method, I was unable to use the up/down arrows or the ones on the number key pads to select safe mode. I'm at a loss at this point and a newbie to the forum. I've attached a log from hijack this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:03 AM, on 15/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files... Read more

More replies
Relevance 62.73%

Greetings All!
I'm reaching out to the Pro's.

Huge mess on my bosses laptop - kids used it need I say more. It started with Internet Security 2010 which I thought I had removed and now Antivirus Live is in there. I can't get McAfee to load, rkill is now detected and blocked, won't work, can't get network connection any more. All this in just 6 hours yesterday!

I can't get on line to get HJT nothing is being allowed to run other than the fake infection warnings. This is a WinXP media center OS running IE7.

I'm open to suggestions, and need some help.
 

Answer:Antivirus-Live not able to boot into safe mode

16 more replies
Relevance 62.73%

Please let me know if there is anything I can do to get rid of antivirus live. My computer will not run any security software and it will not go into safe mode.

Answer:Can not get into safe mode and laptop has antivirus live

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 62.73%

HI GUYS. I badly need help. My PC is acting weird. The symptoms are enumerated below. Suggestions are very much welcome. I found a similar thread with almost the exact symptoms. The guy found a solution. I am really hope I'll find mine. Please do take time to read my post.


SYMPTOMS:
I first found out about the infection about two days after the internet connection at home was restored.(My provider had a routine maintenance check up for the lines in my neighborhood.) I can't really say when is the exact date of the attack. So here is a list of symptoms of the infection/attack?.

1. McAfee anti virus stopped working.

2. Can't install anti virus. Tried to install other anti virus. The list includes AVG, Kaspersky, and Nod 32 but all failed.

3. The IE and opera browsers does not work but firefox is fine.

4. Can't connect to Yahoo! Messenger. Prompts a message telling to try again. Every time I do, it prompts the message again.

5. Can't boot in safe mode. When I try to boot in safe mode, it loads all the drivers and reboots again. Normal mode is fine.



WHAT I TRIED TO DO:

Note: Since my pc is sooooooooo slow, I reformatted my pc hoping the problem would go away. Unfortunately, it didn't do anything good with regards to the infection. It did make my pc a little bit faster though. Also, I can now use the opera and ie. Still, the problems persist.


1. Installed SuperAntiSpyware. Scanned pc and detected infections. The Lo... Read more

Answer:can't boot in safe mode; can't install antivirus

Assuming you are trying to run the Read and RUn First instructions, you don't mention whether you tried running ComboFix and MGTools......we need more than just the SAS log to see what is happening in your system.

And yes, I would advise staying off the web (physically disconnect) until you have to attach logs here.
 

1 more replies
Relevance 62.73%

Hello,

I am unable to remove a stubborn rootkit problem from my computer. Even in safe mode, I am unable to run any antivirus program or Malwarebytes.

I checked Non Plug and Play drivers, but did not see anything suspicious except "Catchme".

Any help would be appreciated. The logs are below and attached.

Thank you,
Shootmenow

DDS (Ver_09-12-01.01) - NTFSx86 MINIMAL
Run by Administrator at 9:40:45.03 on Thu 12/31/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1976.1721 [GMT -6:00]
============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\system32\svchost.exe -k netsvcs
D:\WINDOWS\Explorer.EXE
D:\Documents and Settings\Administrator.NLM-DUSTINB\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\progra... Read more

Answer:Cannot run Malwarebytes or any antivirus software even in Safe Mode

I tried running ComboFix a couple of times. During the Completed_Stage_2, I get the following error:PEV.cfxxe has encountered a problem and needs to close.After hitting close, ComboFix continues to run and spits out this log:ComboFix 09-12-29.06 - Administrator 12/31/2009 15:01:51.6.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1976.1468 [GMT -6:00]Running from: G:\ComboFix.exe.((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 ))))))))))))))))))))))))))))))).No new files created in this timespan.(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((( [email protected]_17.51.21 )))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"FingerPrintSoftware"="d:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"TPHOTKEY"="d:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]"LPManager"="d:\progra~1\THINKV~1\... Read more

3 more replies
Relevance 62.73%

I may be infected with a virus. I am scanning using Norton right now and OneCare won't turn on its firewall, telling me that I am 'At Risk'.

If nessesary, could I install antivirus software like Norton on my computer using Safe Mode? Note that it is likely I have been infected.

If you need anymore information, please feel free to ask.

-Elk

EDIT: Also know that recently my computer had been randomly freezing in the past three weeks. I remember I stumbled onto a website where it suddenly told me that 'MY COMPUTER WAS INFECTED'. From experience I knew it was spyware, and instead of saying YES or NO on the warning popup, I clicked the X. Norton immeditely told me I was infected and tried 5 times to remove it. Then the warnings from Norton stopped, thinking that it finally got the trojan.

More replies
Relevance 62.73%

Help, I cannot load Norton antivirus 2005 in safe mode (windows XP - service pack 1).

It generates an error and says the symantec integrator has generated an error??

Any ideas how I get this service started manually?
 

Answer:No Norton Antivirus 2005 in SAFE mode

Norton will not install in Safe Mode.
 

5 more replies
Relevance 62.73%

i have some error while installing antivirus BIT DEFENDER in normal mode so i am trying to use safe mode but i am scared that what will be on that case
will any features be missed out when we install in safe mode rather than normal mode?
ANY DEMERITS PLZ MENTION

More replies
Relevance 62.73%

after installing norton internet security2003computer will ony start in safe mode then certain programmes wont run have tried unistall but it wont uninstall os/windows 2000me.also get messagedriver installation failed ..how do i fix

Answer:norton antivirus computer in safe mode

Here are a few options for uninstall click hereIf none of these help then go back to 'support' and start again, putting in your version info etc and you may be able to find something on the knowledge base to help you

1 more replies
Relevance 61.91%

Hi there,
Have been infected with Antivirus Live.
Printed off removal guide and downloaded rkill.com and mbam-setup.exe to USB flash drive
tapped F8 during reboot and choose safe mode with networking as requested in guide
Was given message that windows has detected a problem and shut down to protect computer.

Technical information:
0x0000007E (0xC0000005, 0x80537009, 0xF89DB3E0, 0xF89DB0DC)

Ant ideas as this is all i get every time the systen tries to boot up........

Answer:cannot enter safe mode to remove antivirus live

Have you tried using normal mode?

3 more replies
Relevance 61.91%

Ok. I've read all these threads regarding this horrible malware. Yesterday i noticed I was infected with this antivirus pro 2010. The computer wouldn't allow me to do much so i tried to reboot in safe mode. That was the last time I was inside Windows xp operating system. Now I can't get in through safe mode, normal mode or anything else. My computer boots just up to the Windows Xp logon screen and then shows the fastest blue screen and reboots. It repeats this cycle endless times. The last thing I tried was using the Windows xp cd to repair. Unfortunately it tells me the partition1 is (unknown) so they want to format my drive and reinstall. I'm trying to recover files on this laptop. BTW its a Compaq Presario. I even tried the recovery console to simply get a prompt and my c: drive wasn't even listed. Only some D:\MinNt

Help Please!
 

Answer:antivirus 2010 can not boot in safe mode-tried everything advised here

Antivirus Pro been removed- Hijackthis log review

Please review the log below:



Edit by chaslang: Inline and incomplete HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.
 

2 more replies
Relevance 61.91%

I am having an issue with my computer since I updated my iTunes and QuickTime and now anytime I try to open or run a program, it pulls up "view downloads" page and asks if I want to run or save the file. Neither option works as it simply re-opens another "view downloads" page and won't allow anything to run. I am operating in Safe Mode but same issue arises. See attached picture as anything I try to open goes to this page and keeps adding the same item over and over if you try to click run or save.
Can you steer me in the right direction?

Answer:Virus won't allow any downloads or internet in safe mode. Won't run antivirus

Hello,
Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.
If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

3 more replies
Relevance 61.91%

Dear Computer Hope,I have been infected with this virus and need help with manual removal of files, dlls and registry entries. I can only run Windows in safe mode and I am unable to run McAfee, Hijack This, or any other spyware removal applications. I am running Win XP but don't know how to tell which service pack I have in safe mode, I'm assuming SP2. I hope you can still help. I have found instructions elsewhere on how to remove registry entries and unregister .dll files through cmd prompt but in following instructions at hxxp://wiki-security.com/wiki/Parasite/WindowsAntivirusPro I went ahead and (unwisely?) deleted the Programmes\Windows Anti Virus Pro\ folder altogether and now do not have the .dlls to unregister.  Any advice would be greatly appreciated, thanks.garddfon

Answer:Windows Antivirus Pro manual removal in safe mode

Stay out of the registry.You'll have to go here....http://www.computerhope.com/forum/index.php/topic,46313.0.htmlIf you've lost your connection, download the programs to a USB stick on a good PC and transfer them to your PC.If you have difficulty, you may have to run them in safe mode, tap F8 at start, .If you have difficulty, you may have to rename the programs when you save them.If you get stuck on a step, proceed to the next .Post the logs for step 3,4 and 6.

14 more replies
Relevance 61.91%

I am following instructions to remove the system care antivirus on my computer, but using F8 upon startup won't work, the computer just freezes up and will not boot. If I do not use F8, it will to boot normally, but nothing opens up when I go try the Run --> msconfig method.
How can I wipe out this virus?

Answer:how to remove systemcare antivirus when safe mode will not load

Hello Campfire and elcome -
 
Do you have Malwarebytes' Anti-Malware Free (aka MBAM) already installed on your computer ??
 
Please list your Make / Model and Operating System Version (XP /Vista / Windows 7).
Also list your Antivirus and any Antimalware programs already installed -
 
Can you open the computer in Any mode (Normal / Any Safe Modes / Etc) -
 
Thank You -

4 more replies
Relevance 61.91%

My computer was hit with the Security Tool virus. It's possible I even allowed it through spybot -- the little spybot messages come up while I'm typing, sometimes, and if I hit the "a" key for allow, then who knows what just happened?

Anyway, I can only run ANY program from safe mode -- including task manager and any antivirus program -- and running any antivirus software will cause the computer to turn itself off. I can't download winzip from safe mode, so forgive me that the logs attached aren't zipped.

Thanks in advance for the help.

Also, I'm having difficulty with the gmer program. It only allows me to check five boxes: Services, Registry, Files, C:, and ADS. All other boxes are greyed out. Also, it only allows me to save as a .log file, which I'm not allowed to upload...

I opened the gmer log and re-saved it as .txt... hopefully nothing's lost in translation?

Ah. Completely missed this: "Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post"

Well, that explains that.

Also, here's the DDS. My apologies for losing track of some of the very simple instructions.

DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Qris at 15:50:19.86 on Mon 02/21/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1617 [GMT -8:00]

AV: AVG Anti-Virus Fre... Read more

Answer:Antivirus software forces shutdown in safe mode

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

Open your task manager and stop this process in bold.

uRunOnce: [gDbLmCf05200] C:\ProgramData\gDbLmCf05200\gDbLmCf05200.exe

To get to the Task Manager press the CTRL+ALT+DEL keys simultaneously.

When done delete this folder in bold.

C:\ProgramData\gDbLmCf05200\

Restart the the computer normally if you can.

Submit a fresh DDS log for my review.

Let me know what problem persists.

3 more replies
Relevance 61.91%

Hi,

I am facing a major virus problem with my system. Task manager, registry edit and folder options of my operating system got disabled and also I am unable to boot in safe mode. If I press F8 and chose Safe Mode (with networking or any other option), pc is getting restarted again so again I had to start my pc normally.

I downloaded avira and avast and when I tried to install them, installations were being closed at the starting without any prompt messages. While googling, I came to see this forum I had downloaded hijackthis and here is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:00 PM, on 2/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin ... Read more

Answer:Unable to install antivirus & cannot boot in safe mode

Hello, sundeep38.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:RSIT Log

22 more replies
Relevance 61.91%

I've tried to run some malware programs.... I can't install avg or eset and I can't boot to safe mode either.. Hijack This install gives an error not a valid 32 etc...
when i try to install the antivirus it says i have problems with privileges of being an administrator.. i am the administrator.. HELP!!

Answer:Help. Cant Install Antivirus Software Or Boot To Safe Mode

Hello malpert and welcome to BC

In order to assist you, we need a bit more information.

What is your operating system: Windows XP, Vista, etc.?

I see that you have problems installing security programs. Do you have security programs already installed? If so, please name them, and let us know if these programs are working.

Orange Blossom

1 more replies
Relevance 61.91%

My colleague 'accidentally' ran the 'Folder Virus' in my office computer,

Symptoms,

the usual,
Creating a replica of itself inside a folder with the same name as the folder
Copying itself to any external peripheral connected via USB (Pen drives, HDD etc.)
Task Manager Disabled
Regedit Disabled
Internet Explorer not working, Homepage reset to 'googleinindia.blogspot.com'

the unusual,
Cannot enter safe mode (pc reboots)
Unable to run existing antiviruses, including McAfee and Spybot S&D
Unable to run certain existing applications including MATLAB and Adobe Reader

McAfee displays an error during system startup, Spybot just sits there quietly, MATLAB encounters a fatal error (in matlab.exe)

I ran the DDS.exe, but it could only output a 'DDS' report and no 'Attach' report. I have also run the RootRepeal.exe
I am posting the DDS and RootRepeal Logs.

An early reply will be highly appreciated

Regards

Answer:TaskMgr, Regedit, Safe Mode, Antivirus not working!

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Post the contents of C:\ComboFix.txt in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: Combofix.txt log.txt info.txtThanks

2 more replies
Relevance 61.91%

Microsoft XP media centre edition SP2

have seen other threads talking about things like "combofix" will this work on my laptop? Also saw one saying remove "enable third party browser extensions" which I have done but no change.

This is what happened:

I became infected by "Antivirus Trigger" which stopped everything working except thier pop ups of course.
I then was told to download Smitfraudfix which I had to download on to a disk on another computer and then could only run in "safe mode " on the infect laptop, which I did.

result - Anitivirus trigger does not now come up when machine is switched on, but nothing works in normal, very slow opening and as I try to open IE it totally freezes and says (not responding).

error says:
szAppName : iexplorer.exe
szAppVer : 7.0.6000.16735
szModName : hungapp
szModVer : 0.0.0.0
offset : 00000000

and
C:\Docume~1\gary\Locals~1\Temp\WER8555.dir00\iexplore.exe.mdmp
C:\Docume~1\gary\Locals~1\Temp\WER8555.dir00\appcompat.txt

in short, I am doing this from the safe mode on my laptop as nothing works when starting up normally,

any advice or directions would be GRATEFULLY received.

Have added HJT and here is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:17, on 05/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\... Read more

More replies
Relevance 61.5%

My wife clicked on something on a Kardashain (sp?) website a few days ago, and got our Windows XP computer a very nasty infection. If I boot in regular mode, our background is replaced with a big message in red that says "your system is infected", and we get the constant pop-ups, etc. There are small red circles with white "x" in the middle on teh bottom right, and the popup says "click here to protect your computer from spyware"- it then runs "advanced virus remover' and "protection system" (icons look liek windows security center and it pops up fake windows security center messages) and "protection system suppport" (icon looks like a life preserver).

I tried in safe mode, and the virus has disabled Avast, spybot, and windows defender. i tried to install hijackthis, and it seems to have removed access to the program. When I try to run windows defender, or spyhunter, i get "windows cannot access the specified device,path , or file. You may not have the appropriate permissions to access the item".

In safe mode, I did get spyhunter to work for a minute, and it said that it had detected a rootkit, so i rebooted using the spyhunter mini OS, and after that was at least able to run spybot and spyhunter, but they both just closed in the middle of scans, I assume due to the virus that we have.

IT also redirects websites to "windowsclick.com/avredirector" but eventually gets to the right site.

I am ... Read more

Answer:Nasty infeciton- disables every antivirus program even in safe mode

Hi mc7977,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

** Note: Please stick with me until I declare that your system is free from malware. Even though your system may not have any symptoms of malware, it may still be infected. **

--------------------------------------------------------------

Download GMER Rootkit Scanner from HereNote: You are downloading a randomly named EXE because some malware won't let gmer.exe launch
Double click on the randomly named gmer executable (.exe) . If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, t... Read more

3 more replies
Relevance 61.5%

I know I have a virus but can't find it. First I couldn't open any of the programs on my desktop. Then while in safe mode my computer keeps shutting off after a few minutes of scanning Norton or Spybot. It doesn't shut off unless I try to run these programs. Please let me know what you need to help diagnose the problem.
 

Answer:Help-My computer keeps shutting off in safe mode while scanning with Norton Antivirus

Re: Help-My computer keeps shutting off in safe mode while scanning with Norton Antiv

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide
Note: If and only if you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode
 

1 more replies
Relevance 61.5%

The AVASoft virus has infected my old tower computer. It runs on XP with free Avira antivirus. Avira warned me of a problem immediately but could not clear it. After a restart I can no longer open MS Office files, pdfs etc or start Chrome. Whilst I can start IE, AVASoft blocks access to any sites as being "unsafe". A simple System Restore will not open to get back to a restore point.
I looked at the previous post from Widdy for a solution. From the replies, I have tried the 3 fixes from Thankyoumate's link but these failed (PF8 ignored on startup, activation code box blocks typing, file rename fails). Fruit Bat posted a link to bleepincomputer.com but this solution requires a start from Safe Mode with Networking and I can't get there as PF8 is ignored (as is PF5).
The bleepincomputer.com solution says to not force Safe Mode with msconfig if PF8 doesn't work. I have looked at other posts for starting in XP Safe Mode but without success. Some say use msconfig instead of PF8 and another warns against.
It seems that without entering Safe Mode then I can't try the other fix.
Please, can anyone suggest a solution? Thanks

Answer:AVASoft Professional Antivirus rogue software & XP Safe Mode

I've never had to use the Kaspersky recovery disc but worth taking a look, click here. You might have to use another PC to download the iso and create a bootable disc to use on your infected machine.

2 more replies
Relevance 61.5%

Hi,
 
I am infected with the System Care Antivirus on a Windows XP machine. When I try to boot into Safe Mode (both with or w/out Networking), I get a Windows blue screen of death. I have removal instructions that I can follow, but those depend on launching Safe Mode. Any suggestions? Is there a rescue disc that I could try?
 
[Note: The machine does boot into normal Windows mode].
 
Thanks!
 
FrisB

Answer:Infected w System Care Antivirus -- Can't Boot Into Safe Mode

I'll report this topic to appropriate helpers.
Hold on there....

4 more replies
Relevance 61.5%

I'm at my wits end here. I'm infected with at least Virtuomonde and Smitfraud. Here is what's happening.

All antivirus and HJT that I've tried (spybot, HJT, Avast, etc) start to run and then die. When I try to restart I get a dialog box that says, cannot access, file, drive, path--you may have insufficient rights.

clicking on browser links redirects to a random page.

booting in safe mode gives me a quick BSD and then starts over

Active desktop has died--I deleted an html "warning" image from the recovery console on a Win XP CD.

Can ANYBODY help or am I doomed to reformatting?

Currently running Win XP Home Edition--SP-3

Thanks so much!

Chuck

Answer:Malware Blocks All Antivirus and Stops Safe Mode Boot

You have the new rootkit that's out thereWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.-----------------If the scan doesn't run or won't complete, just select Drivers to scan

1 more replies
Relevance 61.5%

Howdy squad...

1. I read the tutorial for posting BSODs, but am unable to comply at this stage.

System specs:
Windows 7 Pro 64
Mozilla Firefox
Nvidia 470 (Fermi card)
Core i7
16gigs of Ram

I can get more details if you need them... I built the thing, I just can't recall the exact specs.

2. As I was surfing Youtube, the PC seemed to lose "Aero mode". I paused the video and went to settings, and it appeared to be "custom" for my theme, so I re-selected the default aero theme, and the computer BSOD'd on me.

3. It restarted as normal, and went back into regular windows... within 10 seconds, BSOD again.

4. This time around... I started it in safe mode. Symantec was disabled, and when I said yes to run a scan, it gave me the error saying that it needed networking. I then selected "no" (as Symantec says) and ran a scan manually... it finished within 3 seconds. So I'm guessing it didn't do anything.

5. I then tried starting it in safe mode with networking (the only way this machine connects to the internet is via a USB wireless adapter currently)... and received the same sort of roadblocks.

6. I tried restoring the system to a previous state (2 separate ones) with no luck.

The BSOD is up too quickly for me to notice anything... and initially, I suspected it may be the graphics drivers, but the lack of antivirus has me thinking something more malicious.

Answer:Lost Aero Theme, BSOD, No Antivirus in safe mode?

I should also add... I do have the option of just reformatting and reinstalling windows and such...

All of the critical info is kept on an external HDD, and Steam.

9 more replies
Relevance 61.5%

Long story short, I have a virus or some messed up thing on my computer, Ive had viruses and other things before, Ive never had this big of a problem which is why it's particularily frustrating.

Here's what I've noticed/came across/
-it DELETED my up to date antivirus, when clicking on it off menu, some stupid error msg pops up
-Task Manager -disabled. ".... disabled by administrator" error msg (Im the administrator didn't do it.
-Same thing for menu > run> Regedit
-Safe mode, when I tried to start just kept restarting. Over and Over.
-Antivirus websites, Mcafree Websites, anything to do with detecting the virus seems to be blocked by the virus,
-If I do find a website that lets me download an antivirus of some sort its gone again after shut down and start up.
-By going Run> Msconfig I viewed what starts when my computer does, and found a file "oulswv.exe" Which I googled then found was a trojan of some sort.... but when online scans are done it never shows up.
-Also another slightly irritating thing it's done, I usually use Google Chrome as my web Browser, now for some reason I can click it however many time I want, but I have to use IE. (Which the homepage was changed from since before I downloaded Google Chrome)
What I've tried.
-Avg antivirus,
-Superantispywear
-avast (another antivirus)
-Microsoft malicious software removal
-AVG site for some reason wasn't blocked, tried the marjority of their onli... Read more

Answer:Disabled: Regedit, TskMgr, Safe Mode, My working antivirus... any help?? Please

15 more replies
Relevance 61.5%

I appologize if this has been covered to death, none of the 'similar threads' seems to apply (though I might just not realize that they DO). But here is my problem:

A friend got her computer (a Dell Inspirion 1501) infected by Antiviru Soft and brought it to me to fix, since I had cleaned this off my own computer once before. Unfortunately, when I take her computer to 'Safe Mode' before I can even get her password in, it simply turns off (no restart no 'I am shutting down' message just turns off). I have tried to get the logger programs that this site's tutorials provide and show how to use to work to provide some sort of log on what is going on, however the ransom-ware completely shuts them down, even after renaming the exe files to those names sudgested by the tutorials.

Is this an evelution of this particular ransom-ware to where it refuses to allow safe mode to run? (something I rather doubt but wanted to know if this was a possibility) or is there a deeper problem going on with my friend's PC?
 

Answer:Safe Mode SHuts Down in 30 Seconds (trying to remover Antivirus Suite

Welcome to MajorGeeks, Chaser617





Chaser617 said:



...when I take her computer to 'Safe Mode' before I can even get her password in, it simply turns off (no restart no 'I am shutting down' message just turns off).Click to expand...

Your post is unclear - what happens when you try to run the tools in "Normal Startup Mode"?

dr.m
 

3 more replies
Relevance 61.5%

And followed up to running FRST64 below is the report. Please help trying to help a co-worker fix this issue for over a week. Any fast help much appreaciated. Thanks, Pablo   Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013Ran by SYSTEM on MININT-LSHIN9U on 12-10-2013 16:27:51Running from H:\Tools and Apps\Antivirus Security Pro CleanupWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()HKLM\...\Run: [cctray] - C:\Program Files\Total Defense\Internet Security Suite\casc.exe [2733576 2013-10-03] (Total Defense, Inc.)HKLM\...\Run: [RadioRage Home Page Guard 64 bit] - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe [548936 2013-09-02] ()HKLM\...\Run: [BringMeSports Home Page Guard 64 bit] - C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\AppIntegrator64.exe [548936 2013-09-21] ()HKLM\...\Run: [AS2014] - C:\ProgramData\ahrpDn37\ahrpDn37.exe [537240 2013-10-06] ()HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\ahrpDn37\ahrpDn37.exe -sm,Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM-x32\...\Run: [GrooveMonitor] - C:\Progra... Read more

Answer:Antivirus Sec Pro, can't boot safe mode read previous thread...

Hello spy7722 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

16 more replies
Relevance 61.5%

Running XP Pro, infected with Antivirus Action. Cannot run any tools as I cannot boot into safe mode. Safebootkey won't run, rkill won't run and malwarebytes won't run. Can't open regedit or cmd.

Help, please!

Answer:Antivirus Action infection; unable to boot in safe mode

Hello, First I will move this to the Am I Infected forum.Now let's see if we can do this by logging into a different user account ,not your regular one. I'm thinking we can do safe mode from there.Do you have SUPERAntispyware installed?Please follow our Removal Guide here Remove Antivirus Action (Uninstall Guide) [/url] .You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

6 more replies
Relevance 61.09%

Hi. I followed all the steps in the Read Me & Run Me thread except the posting of the logs. :-o

Spybot and AVG Antispyware didn't find any infections at all - gave my laptop a clean bill of health. (Gave up on Counterspy; I left it updating the entire night while I went to sleep because it had only progressed about 1/10 after I waited around 30 minutes. When I woke up in the morning, there was an error updating message. Tried to update again but gave up after 30 minutes of painfully slow updating. My internet connection speed is 384kbps.)

The BitDefender online scan found two "infections" or something, but I recognized one of the files as part of the HP stuff that has been running in my Compaq laptop since the very first day it was booted (more or less). cpqset.exe. Bitdefender reported having deleted it after unsuccessfully trying to clean it, but when I rebooted in normal mode, cpqset was still up and running. :-o

Panda online scan reported one sypware, but I recognized the filename as as an HP Total Care online diagnostics tool active X.

I did the getrunkey and shownew and hijack this but didn't know whether I should post after no real malware was found (according to me). Heehee.

Then I tried running AVG Antivirus in safe mode and it reported an error reading boot sector or something like that and a hosts file change. That's all. No threats detected at the end of the scan. What's a hosts file change? I only encountered ... Read more

Answer:AVG Virus Scan now reports "error reading boot sector" in safe mode

By the way, posting this was kind of a spur of the moment thing. I can't provide the logs of the scans because I left my laptop at the office today. But please post suggestions if you have them. I can bring my laptop home tomorrow if necessary.

Thanks.
 

9 more replies
Relevance 60.68%

Looks like I picked up a nasty infection a few days ago. At one point, the computer restarted and when I tried to login it said my account was disabled. I tried to boot into safe mode but got the blue screen of death, twice. I restarted the computer again and had the option to go into an Administrator account (in normal mode), with the normal account I use, "geenski" nowhere to be found. I ran a system restore for two days ago and when that restarted my computer, the old "geenski" profile existed and I was able to log in. My AVG Antivirus seems to have been disabled and I could not run it or re-install it. When I tried to run SuperAntispyware I got the following error: "C:\Program Files\SUPERAntispyware\SUPERAntispyware.exe is not a valid Win32 application." When I tried to run Combo fix I got the same error message as SAS. All other logs are attached.
Thank You!
 

Answer:Malware changed my Login's, Disabled AntiVirus & Windows Safe Mode. Please help!

Welcome to Major Geeks!

You have a Bagle infection and need to run the below procedure and attach the logs as requested.

Removing Bagle Infections
 

8 more replies
Relevance 60.68%

wow.... I've been able to fix virus infections in the past - but this one is tough.
IT seemingly roots itself deeper with every click I enter.

In safe mode - I can get to Task Manger
I've found a few things in regedit and deleted them
I've also found a couple ANTIVIRUS PRO 2010 folders and deleted them.
But, I'm hesitant to reboot in fear it'll tighten its grip.

Tried downloading malwarebytes from another computer onto a memory stick - renaming it before the download and renaming it again before running it - to no avail
No internet to run hijackthis and post a log
No Windows
No Add & Remove Programs
Please tell me I'm over-thinking and I've missed the simplist stroke of a key to fix this.

Next.....?

Answer:antivirus Pro 2010 - limited in safe mode, no internet, no windows xp, can't run malawarebytes,

Hi,I'm going to redirect you to the HijackThissection of this forum. This, because it's a deeper infection.Read this page and follow it's steps: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Please give them a link to this topic.Good luck.

2 more replies
Relevance 60.68%

Dear Analilysts,
I have encountered a major problem. Browsing the web did not yeld any helpfull solution.
My wireless connection got messed up,
Tryed to scan my computer in the Safe Mode but it gets stuck on MUP.sys ans Blue Screen/ Restarts

Please Help me solve the problem and be kind enough to guide me in the right direction.
Thank you.

Here are the files that Panda has Identified
FirePassword.exe
14667703.exe
portableav.exe
hldrrr.exe
portableav[1].exe

Overall there are
MALWARE: 23
SUSPECTS: 5

Answer:<hldrrr.exe> Blue screen in the Safe Mode, Dead Antivirus Software

Hello, yarikd
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on your system... Read more

2 more replies
Relevance 60.68%

I know just enough with computers to be dangerous and possibly ruin my computer, which is why I'm turning to you guys. I'll just give you all the details I can and hopefully you can sift through it to find the important stuff...

I had a virus not too long ago and it was recommended that I run ComboFix. That got rid of the major problem except that when I click on Google links it will still send me to a different site. I have to click the Back button and then the link again 2 or 3 times before I go to the right page.

I only ran ComboFix and deleted the files on my computer too. Other than that I didn't do anything else. Everything was fine for awhile.

Recently I had some problems after downloading some video and music files. My computer has started to freeze after a period of time and Internet Explorer will say it needs to shut down a minute after opening. If I ignore the message I'll get an "iexplore.exe - Application Error" message also trying to shut down Internet Explorer. I can still browse the internet though, as I'm typing this with the messages moved to the bottom of the screen.

The computer will freeze after running most programs (iTunes, Windows Media Player, etc.) for about 10 minutes or so. I ran ComboFix, MalWareBytes, Ad-Aware and nothing will finish their scans. Even if they do, the computer will freeze before I can opt to delete anything. I can't even delete my Temporary Internet Files without the computer freezing.

I don&... Read more

Answer:Computer keeps freezing normally and before antivirus scans will complete. Cant start in safe mode.

I am moving this topic to the Am I Infected forum where you can receive assistance for these issues. ~ OB

5 more replies
Relevance 60.68%

I have sadly picked up some malware and normally this would be very easy to take care of but this one's different. For some reason, I can't enter safe mode (btw this computer is running XP) as I get a "boot loop". As in I select safe mode and then the computer restarts prompting me to restart normally or select a safe mode option. I've tried to do it from a regular boot but nothing doing. Obviously, a side effect it not being able to run task manager so I can't even kill the processes to do anything. Both AVG and Malware bytes are blocked by the program so I have no idea what to do.

I apologize for the brick of text. If anything needs to be cleared up I'll happily do it.


Fun/off topic Fact: Ever computer I touch gets destroyed. My laptop needs a new mother board, this desktop has annoying malware, and my mothers laptop has glitchy drivers. I should probably pursue a different career.

Answer:Antivirus Soft: can't enter safe mode, rkill.com (and renames) have been patched

Hello one2many, :)

Do I understand correctly that you are able to boot into Normal Mode?

19 more replies
Relevance 60.68%
Question: FRST NOT SAFE

I attempted to download FRST 64-bit to run on my computer and my Norton 360 program said it was not a safe file and removed it. Is there a problem here? Does the EXE file itself contain a virus? Please advise.

Answer:FRST NOT SAFE

Hi there,It is a false positive - the tools created and available for download here at BC are safe.

5 more replies
Relevance 60.68%

Hello-
I got a call from my father yesterday saying that his "antivirus has gone crazy and won't let him do anything until I pay them."
So, his real antivirus is expired, his firewall is off, and he has "system security 4.5.1" taking over his computer.
I cannot start the computer in safe mode, either by msconfig (blocked) or by tapping F8. repeatedly.
No access to command line or system restore, either...

Any hints on how to get into safe mode, or other ways to get rid of this thing?

I'm pretty sure I can delete and block the right sites and processes once I can get into safe mode.

Can't install any software that would get rid of it - blocked by System Restore...

Thanks for any help you all can give.

He's running XP, he should have all the service packs, and I can't give you anything else because System Security is blocking the system information window from coming up...

Answer:System Security 4.5.1 and Safe Mode

Hello and welcome to BC.Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first***Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.***Open up command prompt, type in following commands: XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.regsvr32 mbamext.dllregsvr32 ssubtmr6.dll regsvr32 vbalsgrid6.ocxregsvr32 zlib.dll ****If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you canno... Read more

3 more replies
Relevance 60.27%

A web site asked me to disable safe reading mode under trust mgr preferences. How do i access trust mgr?
 

Answer:how do I disable "safe reading mode"

9 more replies
Relevance 60.27%

Hello everyone.This is my first post,but I really do need help.I have this fake antivirus which is either call Av suite or av soft.They both where created by the same group of hackers.I read that I have to go to Safe mode with networking in order to fix it.But the problem is that I can only go to it awhile because then it will just shut off.I have also notice that I can't go to safe mode(without networking)because a blue screen appeares.The problem started with a redirect virus,which I try to removed it but failed.Please help me as I am worried for the files,passwords,and computer.

Answer:How to remove AV Suite or Av Soft fake antivirus,and safe mode blue screen.

Hello Johan?, welcome to TSF...

your best bet would be to read the instructions in the following thread:
http://www.techsupportforum.com/f50/...lp-305963.html

2 more replies
Relevance 59.86%

Hello, Help please.

getting personal security 2009 on boot. downloaded Malware anti-malware bytes, get the following error when trying to run:

Unable to execute file:
C:\Program files\Malwarebytes' Anti-Malware \mbam.exe

CreateProcess failed; code 2.
The system cannot find the file specified.

when i try to boot in safe mode, get a quick blue screen (can not get error message..)

here is hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:45 PM, on 11/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\watchdog.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe... Read more

Answer:Personal security 2009 - hjt - no safe mode

7 more replies
Relevance 59.86%

Hi, love this site. This is my first time asking for help though.
I am running:
Dell Optiplex GX150
Intel Celeron 1200mhz
Windows XP Pro
I have now booted with an ultimate boot disc for windows from cd. I downloaded using the boot cd all the Rkills, exehelper, Malwarebytes, SuperAntiSpyware, and MGtools.
I saved them to drive c then rebooted into Safe Mode. Once one of the Rkills worked I could run Malwarebytes. I may have made a mistake, I did not have Malwarebytes remove the infected items, then I ran SuperAntiSpyware. I ran Malwarebytes again afterwords and it found far less infected files, I have both logs from MB. Here are the logs. I only put the first MB log.

Thanks for your time and help.
 

Answer:Xp Security 2011 Infected Safe Mode

Welcome to Major Geeks!

You are almost 1000 database versions out of date with Malwarebytes. Can you download the updates and run a new scan? Be sure to fix what it finds and then save the new log and attach it.

Can you also boot in normal boot mode now to get a new MGtools log?

What malware problems are you currently having?
 

12 more replies
Relevance 59.86%

When I boot into Safe Mode without Networking, I get the Action Centre message "Windows Secuirty Centre is off". I just wanted to check if this is supposed to happen or if it is something to be worried about?

Answer:Windows Security Centre is off (Safe Mode)

This is normal. Try to avoid questionable websites when using Safe mode. You might also notice that you don't have any audio.http://windows.microsoft.com/en-US/windows...er-in-safe-mode

1 more replies
Relevance 59.86%

How can i remove AV security 2012, with out safe mode, i have a family who has this virus but, i cant go to the safe mode! Please help.
 

More replies
Relevance 59.86%

Hi, I was advised to redirect my inquiry here:REPRINT:http://www.bleepingcomputer.com/virus-remo...-total-securityHello,I'm kind of embarrassed to ask this. The above looked like the guide that could help me as my desktop is currently drenched in TS malware. I was going to try this guide but quick question:For the iexplorer software to install to first disengage the TS process, is it done within the regular windows mode where Total Security is running rampant or in Safe Mode that I do all the stated instructions in the above guide?See? It was a dumb question. Please don't laugh too loudly. -hides under keyboard embarrassed-Michelle M

Answer:Total Security Guide: Safe Mode

Hi and Welcome to BleepingComputer, Use the link in that guide you linked to to obtain Process Explorer and follow those instructions booted into normal Windows, not safe mode, unless it does not work in normal WindowsThen do the scan with Malwarebytes...It can be downloaded from one of these places...http://www.malwarebytes.org/mbam.phpalternate download link http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlDouble-click on mbam-setup.exe to install the application. (If it will not download, install, or open after installation, change the name of it to whatever you want and change the .exe extension to .bat or .com or .pif or scr and then double click on it to run.)When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display al... Read more

2 more replies
Relevance 59.86%

How can i remove AV security 2012, with out safe mode, i have a family who has this virus but, i cant go to the safe mode! Please help.
 

Answer:AV Security 2012 removal without safe mode

Firstly.....click on "Follow This Topic" button...it is located on the right hand side of the page towards the top.....this will send replies straight to your inbox.
 
Download TDSSKiller and save it to your desktop.
* Extract (unzip) its contents to your desktop.
* Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
* If an infected file is detected, the default action will be Cure, click on Continue.
* If a suspicious file is detected, the default action will be Skip, click on Continue.
* It may ask you to reboot the computer to complete the process. Click on Reboot Now.
* If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 

 

2 more replies
Relevance 59.86%

Hello.... I've been reading a bunch of these threads and am hoping to get some help as well.It seems the code you return based on our fixlist is specific to the computer, so i'vecreated my frst.txt and am pasting it here. Please help....... Josh --------------------------------------------Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013Ran by SYSTEM on MININT-I3OCCO8 on 23-10-2013 20:12:51Running from H:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)HKLM\...\Run: [M-Audio Taskbar Icon] - C:\Windows\system32\M-AudioTaskBarIcon.exe [798216 2009-10-02] (Avid Technology, Inc.)HKLM\...\Run: [AS2014] - C:\ProgramData\Xnsgarn7\Xnsgarn7.exe [5... Read more

Answer:Internet Security Pro cant boot into safe mode

So... i took a gander at several other posts like mine, and came up with my own fixlist.txt.
 
Ran it, and it worked.
 
pretty cool stuff. running malwarebytes now.
 
HKLM\...\Run: [AS2014] - C:\ProgramData\Xnsgarn7\Xnsgarn7.exe [534640 2013-10-14] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,,C:\ProgramData\Xnsgarn7\Xnsgarn7.exe -sm,
HKU\admin\...\Run: [AS2014] - C:\ProgramData\Xnsgarn7\Xnsgarn7.exe [534640 2013-10-14] ()
2013-10-22 15:43 - 2013-10-23 18:58 - 00001666 _____ C:\Users\admin\Desktop\Antivirus Security Pro.lnk
2013-10-14 23:46 - 2013-10-14 23:46 - 00001666 _____ C:\Users\schmidt\Desktop\Antivirus Security Pro.lnk
2013-10-14 23:46 - 2013-10-14 23:46 - 00000118 _____ C:\Users\schmidt\Desktop\Antivirus Security Pro support.url
2013-10-14 23:31 - 2013-10-23 18:58 - 00000118 _____ C:\Users\admin\Desktop\Antivirus Security Pro support.url
2013-10-14 23:25 - 2013-10-14 23:47 - 00000000 ____D C:\ProgramData\Xnsgarn7
C:\Users\admin\AppData\Local\Temp\dlLogic.exe
C:\Users\admin\AppData\Local\Temp\Extract.exe
C:\Users\admin\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\admin\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\admin\AppData\Local\Temp\installhelper.dll
C:\Users\admin\AppData\Local\Temp\isobeown.dll
C:\Users\admin\AppData\Local\Temp\isobeown64.dll
C:\Users\admin\AppData\Local\Temp\nsp8C12.exe
C:\Users\admin\AppData\Local\Temp\nsuF5A0.exe
C:\Users\admin\AppData\Local\Temp\Resource.exe
C:\Users\admin\AppData\Local\Temp\SP53462.ex... Read more

4 more replies
Relevance 59.45%

Hi,

I need help in repairing my laptop, I believe it was recently infected by a Virus / Malware. Below is a summary of what I'm experiencing for reference.

Operating System: Windows XP SP3
Laptop Model: MSI-GX620 Series

*Unable to enter Safe Mode. It basically shows a blue screen but will quickly reboot afterwards (Registry Keys are already missing).
*Unable to finish HijackThis scan, it runs but it will stop once it reaches the hosts section. Checked my host file and its a whopping 4MB file. Basically it is not able to generate any log file for review.
*Cannot enable my Antivirus (Avira Free).
*Unable to run Malware Bytes.
*Multiple Running Process: ipconfig.exe

I'm on a different computer now, I can download files from here and I can just transfer the required files to my laptop if its needed.

Best,
Brian
 

More replies