Computer Support Forum

Antivirus Security Pro - won't allow safe mode, regedit, msconfig

Question: Antivirus Security Pro - won't allow safe mode, regedit, msconfig

One of my salesmen's laptops is infected with Anitvirus Security Pro. His system is running Windows 7 Professional SP1. The system will not boot in Safe Mode (it loads through the welcome screen and then immediately logs out and restarts in normal mode) and It will also not allow access to task manager, Regedit or MSCONFIG.
 
Any assistance would be appreciated! Thanks.
 
Beth

Relevance 100%
Preferred Solution: Antivirus Security Pro - won't allow safe mode, regedit, msconfig

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Antivirus Security Pro - won't allow safe mode, regedit, msconfig

Hello BethI would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.How to tell > 32 or 64 bitPlug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst64.exe or e:\frst.exe and press EnterNote: Replace letter e with the drive letter of your flash drive.The tool will start to run.When the tool opens click Yes to disclaimer.First Press the Scan button.It will make a log (FRST.txt)I want you to poste the FRST.txt report into your reply to meGringo

4 more replies
Relevance 98.31%

A friend brought me a computer because Anitvirus Security Pro would keep running on his moms laptop. I have had probably 5 different computers that have had this on them and have been able to clean them but this one is really a beast.
His system is running Win 7 and he tried a number of things before bringing it to me with no luck.
I printed off the Anitvirus Security Pro Removal instructions from this site but the laptop is not allowing the system to boot in Safe Mode and It will also not allow access to Regedit or MSCONFIG.
Any suggestions on getting control of the system back?
 
Thanks
John
 

Answer:Antivirus Security Pro - won't allow Safe Mode, Regedit or msconfig

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with FRST (Recovery Environment)To run FRST on Vista and Windows7:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into ... Read more

38 more replies
Relevance 91.43%

My colleague 'accidentally' ran the 'Folder Virus' in my office computer,

Symptoms,

the usual,
Creating a replica of itself inside a folder with the same name as the folder
Copying itself to any external peripheral connected via USB (Pen drives, HDD etc.)
Task Manager Disabled
Regedit Disabled
Internet Explorer not working, Homepage reset to 'googleinindia.blogspot.com'

the unusual,
Cannot enter safe mode (pc reboots)
Unable to run existing antiviruses, including McAfee and Spybot S&D
Unable to run certain existing applications including MATLAB and Adobe Reader

McAfee displays an error during system startup, Spybot just sits there quietly, MATLAB encounters a fatal error (in matlab.exe)

I ran the DDS.exe, but it could only output a 'DDS' report and no 'Attach' report. I have also run the RootRepeal.exe
I am posting the DDS and RootRepeal Logs.

An early reply will be highly appreciated

Regards

Answer:TaskMgr, Regedit, Safe Mode, Antivirus not working!

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Post the contents of C:\ComboFix.txt in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: Combofix.txt log.txt info.txtThanks

2 more replies
Relevance 90.61%

Long story short, I have a virus or some messed up thing on my computer, Ive had viruses and other things before, Ive never had this big of a problem which is why it's particularily frustrating.

Here's what I've noticed/came across/
-it DELETED my up to date antivirus, when clicking on it off menu, some stupid error msg pops up
-Task Manager -disabled. ".... disabled by administrator" error msg (Im the administrator didn't do it.
-Same thing for menu > run> Regedit
-Safe mode, when I tried to start just kept restarting. Over and Over.
-Antivirus websites, Mcafree Websites, anything to do with detecting the virus seems to be blocked by the virus,
-If I do find a website that lets me download an antivirus of some sort its gone again after shut down and start up.
-By going Run> Msconfig I viewed what starts when my computer does, and found a file "oulswv.exe" Which I googled then found was a trojan of some sort.... but when online scans are done it never shows up.
-Also another slightly irritating thing it's done, I usually use Google Chrome as my web Browser, now for some reason I can click it however many time I want, but I have to use IE. (Which the homepage was changed from since before I downloaded Google Chrome)
What I've tried.
-Avg antivirus,
-Superantispywear
-avast (another antivirus)
-Microsoft malicious software removal
-AVG site for some reason wasn't blocked, tried the marjority of their onli... Read more

Answer:Disabled: Regedit, TskMgr, Safe Mode, My working antivirus... any help?? Please

15 more replies
Relevance 82.41%

A friend brought me a computer because Anitvirus Security Pro would keep running on her laptop. I have had this on different computers and have been able to clean them but this one is really a beast.
 
Her system is running Win 7  the laptop is not allowing the system to boot in Safe Mode and It will also not allow access to Regedit or MSCONFIG. Any suggestions on getting control of the system back?

Answer:Antivirus Security Pro - won't allow Safe Mode

here is my frst file
 FRST.txt   19.44KB
  2 downloads

28 more replies
Relevance 82.41%

Help I cannot get ito safe mode to remove Antivirus Security Pro! Please can someone help me?!

Answer:Antivirus Security Pro - won't allow Safe Mode

I also am running win7 64bit

6 more replies
Relevance 81.18%

Hello my name is Austin,
 
As many other posters this past month, my father recently got infected with the Antivirus Security Pro Malware. I built this computer 8 months ago for my father, so I'm almost responsible for anything wrong with it. I'm a novice at most programming lingo, but I am really good at following processes, as it's what I do for a living. I WILL be donating to the person helping, my father needs his computer to do work this weekend. So before we start this process, I want to say "Thank You" in advance.
 
Any way, I tried doing the bleepingcomputer.com solution for the malware, but I have not been able to enter safe mode (shuts down soon after log in).
 
I read a post today on the first step of run the frst.exe file in the infected computer. Please let me know if you prefer for me to paste the report results within my post or attach the file. Here are the text results:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-IPBE6V6 on 18-10-2013 17:10:41
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msse... Read more

Answer:Antivirus Security Pro Malware - No Safe Mode

Justsalsa,
 
 
to BC Forums!!
 
Thanks for the FRST report. I am presuming it was run from a USB pen drive.
 
Let's see if the following works for you to remove the Antivirus Security Pro Malware ...

  Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below
Save it to the USB pen drive, and name it: fixlist.txt
 
start
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
HKLM-x32\...\Run: [] - [x]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\   \...\???\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\GoogleUpdate.exe"
C:\Users\RichardRice\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\pvqdkqkjvbllroblbxh.reg
end

Once again, run FRST64 as you did before.
When the tool opens click Yes to disclaimer.
Now, press the Fix button, just once, and wait.
 
When done, FRST produces Fixlog.txt on the USB pen drive.
 
>> Please provide the Fixlog.txt on your reply.
 
 
  If (which I doubt) the computer is still under the 'spell' of the Antivirus Security Pro Malware, look for its shortcut on your Desktop .
Next, go to Control Panel > Folder Options
Click the View tab
Select/check: Show hidden files, folders and drives
Click: Apply > OK
 
Right click on the Antivirus Security Pro icon on... Read more

3 more replies
Relevance 81.18%

We have a user who got the Antivirus Security Pro virus and I'm trying to remove it. All "how-tos" say to boot into safe mode, but this version of the virus won't allow me to do so, either with command prompt, networking or without. Without safe mode, I'm not sure how I'll be able to remove it. Any ideas would be great.

Answer:Antivirus Security Pro Removal - No Safe Mode

I'll report this topic to appropriate helpers.
1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?
Hold on there....

2 more replies
Relevance 81.18%

I read the Antivirus Security Pro Removal Guide for this site but I cannot get into safe mode.  The F8 key doesnot work and I cannot run msconfig either so i am kind of stuck.  HELP

Answer:Antivirus Security Pro removal but cannot get into safe mode

Hello ac lets see if we can get a DDS log as per this guide...Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.Let me know if all went well.

7 more replies
Relevance 81.18%

Hey Forum!! I have a lappy here with a special version of this normally easy to remove virus and I need some assistance. Per other forum post instructions, I have scanned with FRST and here is my log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by SYSTEM on MINWINPC on 07-10-2013 11:15:50
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [hpqSRMon] - [x]
HKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [AS2014] - C:\ProgramData\gX3ga333\gX3ga333.exe [550552 2013-10-04] ()
HKLM\...\Winlogon: [Userinit] c:\windo... Read more

Answer:Antivirus Security pro cant boot into any safe mode

Hello Huludrock I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

3 more replies
Relevance 81.18%

Hi, my mothers Compaq Presario Windows 7 became infected with Antivirus Security Pro.  I have tried to boot into safe mode with and without networking to no avail, it will look like it is working in but will bring up the windows screen and then indicate that it is logging off. I am unable to bring up tskmgr, mbam or rkill in regular mode.  Per a previous post I ran fst64 to get the information and am copying it below: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013Ran by SYSTEM on MININT-5T4B15L on 18-10-2013 14:58:14Running from H:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)HKLM\...\Run: [AS2014] - C:\ProgramData\6DXrl3Xn\6DXrl3Xn.exe [659096 2013-10-18] ()HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\6DXrl3Xn\6DXrl3Xn.exe -sm,HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solut... Read more

Answer:Antivirus Security Pro - Won't let me boot into Safe Mode

One more thing, in looking at the above log, is shows several restore points, however, when I tried to to access them, I was told that system restore was turned off.

8 more replies
Relevance 81.18%

My dad's flash drive was infected with Antivirus Security Pro, yesterday I plugged it into my laptop and it got infected
I tried to remove it as I did on his computer but I just doesn't let me boot into Safe Mode, as it automatically reboots the system
I've googled about this and read some topics on this forum about this
as I read some things about the virus getting smarter, I've already did those FRST things and here is the log, as I know there's one specific way to do to each user
I'm posting on this section cause I realized I could've posted on wrong section before

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by SYSTEM on MININT-2JK5KHB on 28-09-2013 21:05:33
Running from G:\
Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [L... Read more

Answer:Antivirus Security Pro won't let me boot into Safe Mode

Hello pedrofortunato I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the... Read more

25 more replies
Relevance 81.18%

Hi all, First time here at BleepingComputer.com. I just took a look through some of the forums and it looks like there's a fellow named "Gringo" who is adept at this one and may be able to help me out. I've got a computer that has the Antivirus Security Pro virus on it and it's beating me up pretty badly. I can't boot into safe mode, nor can I load any programs to clean it up. What can I do to get this off my system? Thanks for the help. DK.Edit: Moved topic from Anti-Virus and Anti-Malware Software to the more appropriate forum. ~ Animal

Answer:Antivirus security pro won't let me boot into safe mode

I'll report this topic to appropriate helpers.
1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?
Hold on there....

4 more replies
Relevance 81.18%

Computer infected with Antivirus Security Pro; cannot successfully log on with Safe Mode as computer reboots at log on.

Answer:Antivirus Security Pro will not allow me to boot up in Safe Mode

KellyV6726,
 
to BC Forums!
 
When you start the computer and tap the F8 key until you get to the Advanced Boot Options menu, are you able to use
the arrow keys to select the Repair your computer menu item?
 
From there...
Select your language settings, and click: Next
Select your User account and click: OK (If you did not set a password, leave blank.)
 
On the System Recovery Options menu do you get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors
Command Prompt
 
Are you able to select the Command Prompt?

7 more replies
Relevance 81.18%

hi guys
i have this problem about when ever i open task manager,regedit,msconfig it closes in a second.
The main problem also is that NORTON ANTIVIRUS nows the virus is there but it can,t fix it. I tried many things out ON THIS FORUM but it does not work STILL.

-----------------------------------------------------------------------------------

MY LOG IS:
Logfile of HijackThis v1.97.3
Scan saved at 6:28:11 PM, on 10/30/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\PROGRA~1\Save\Save.exe
C:\WINDOWS\System32\WHY.EXE
C:\WINDOWS\System32\WINCFG32.EXE
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgen... Read more

Answer:taskmanager/msconfig/regedit/antivirus

12 more replies
Relevance 80.36%

Hi,
 
I have a laptop running windows 7 that has been infected with Antivirus Security Pro.  When I try to start in Safe Mode the computer keeps restarting before I can do anything.
 
I can not download any malware removal or any other software.
 
I can not seem to start any programs.

Answer:Infected with Antivirus Security Pro, will not let me start in safe mode

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with FRST (Recovery Environment)To run FRST on Vista and Windows7:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into ... Read more

36 more replies
Relevance 80.36%

So I found a previous topic that I couldn't reply to and here is what I have done...
It suggested that I use the Farbar Recovery Scan Tool via the system recovery options.  Here were my results....
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by SYSTEM on MININT-JR029EJ on 30-10-2013 21:35:02
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe [548936 2013-05-20] ()
HKLM\...\Run: [AS2014] - C:\ProgramData\DV7Uns33\DV7Uns33.exe [560776 2013-10-30] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\DV7Uns33\DV7Uns33.exe -sm,
HKLM-x32... Read more

Answer:Antivirus Security Pro Virus won't boot Safe Mode

Hello scagigal I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

3 more replies
Relevance 80.36%

Won't let me do anything,try and boot to safe mode and it will kick me out and restart normally.
I have read alot of the topics on this issue,and have a flashdrive downloaded with the relevant stuff (combofix/dds etc..) that i've seen suggested.
All I have used so far is the FRST64 log.
Here is the applicable log,thanks for any help.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-6Q31KRG on 05-10-2013 23:53:47
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [Webfetti Home Page Guard 64 bit] - C:\Program Files (x86)\Webfetti_52\bar\1.bin\AppI... Read more

Answer:Antivirus Security Pro infection-Safe Mode inop

Hello DefEddie I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

16 more replies
Relevance 80.36%

Hello,
 
I have a Dell laptop which is infected with Infected Antivirus Security Pro, will not let me start in safe mode:
Windows 7 Home Premium, P4 Dual Core T4300 2.10GHz, 4.00 GB,  64Bit 500GB HD.
 
I tried running malwarebytes and all .exe file execution are blocked by Antivirus Security Pro, tried to restart in safe mode as soon as it gets to desktop it shuts down and restarts.
 
Need help removing please, Thank you

Answer:Infected with Antivirus Security Pro, will not let me start in safe mode

Before you do anything just try and "activate" it using this code, its a longshot but sometimes it works and you will be able to run malwarebytes and other tools
 
AA39754E-715219CE
 
See video for help on to do this
http://www.youtube.com/watch?v=y58O8bqx9sQ

6 more replies
Relevance 80.36%

Hey there,
 
My computer has recently been attacked by the Antivirus Security Pro virus. I'm a little lost on how to recover my computer because I can't boot into safe mode. I was told to purchase antivirus software to remove the ASP virus and install it in safe mode, but I can't even reach safe mode. Please help if you can!
 
Thanks,
 
CarPanthers

Answer:Antivirus Security Pro problems (can't boot into safe mode)

Can't boot in Safe Mode with Networking? (Antivirus Security Pro Virus blocks Safe Mode with Networking)
If you have more than one user account in your operating system - please log-in to the clean account and download the recommended anti-spyware software, install it and run a full system scan, remove all the security infections it will detect, however if you have only one user account please follow this guide (this guide will show you how to create a new user account using safe mode with command prompt - using this newly created user account you will be able to remove Antivirus Security Pro virus).
If Antivirus Security Pro virus also blocks your operating system's Safe Mode with Networking follow these removal instructions:
1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
 
2. When command prompt mode loads enter the following line: net user removevirus /add and press ENTER.
 
3. Next enter this line: net localgroup administrators removevirus /add and press ENTER.
 
4. Finnaly enter this line: shutdown -r and press ENTER.
 
5. Wait for your computer to restart,  then boot your PC in Normal Mode and login to the newly created user account ("removevirus"). This account won't be affected by the infection and you will be able to downlo... Read more

2 more replies
Relevance 80.36%

Good evening--I've been reading through a lot of posts, and it appears after an FRST scan some of the moderators will create a customized fixlist.txt to combat the specific problem. The Windows Home Premium 64-bit box has all the classic symptoms of Antivirus Security Pro with the added bonus of not being able to boot into safe mode. I can run the FRST tool, and I've attached the FRST.txt and Addition.txt results, but I can't read them very well.
 
Can anyone shed some light on next steps? Please let me know if you need any additional information!
 
Thanks in advance!

Answer:Antivirus Security Pro - no safe mode, need FRST reading

Hello gr33d,Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.If you do not understand any step(s) provided, please do not hesitate to ask before continuing.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.I will be analyzing your log. I will get back to you with instructions.Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
HKLM\...\Run: [AS2014] - C:\ProgramData\ahrpDns3\ahrpDns3.exe [779952 2013-11-21] ()
HKCU\...\Run: [AS2014] - C:\ProgramDat... Read more

4 more replies
Relevance 79.54%

Hi - I was following another post where Afflack (splng?) was helping someone with the same issue.  I was able to create a FRST text file as he instructed.  However, in the post I was following, Afflack took this info and created a fix file for the user's computer.  I am hoping the same can be done for me.  Here is the contents of the FRST scan.  If I need to provide anything else, please let me know.
Thanks - Dinx
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by SYSTEM on MININT-K0HBV6E on 01-11-2013 14:12:54
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2010-06-09] (Symantec Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Micr... Read more

Answer:Infected with Antivirus Security Pro and cannot start Windows 7 in Safe Mode

Sorry for the mis-spelling - the person who was helping was Aaflac.

3 more replies
Relevance 79.54%

I am having the same issue posted by KellyV6726.  I have the "Antivirus security pro" virus but can't follow the fix instructions because it won't let me boot in Safe Mode of any form.   I followed the instructions from Aaflec in KellyV6726's  post and created a FRST.txt file, which I'll paste below.  Since Aaflec took Kelly's FRST file and created a fix file, I am hoping someone can do the same for me - or tell me how to do it.  (I initially posted this issue in the "Am I infected" forum, but received no replies so I'm assuming that was not the right place!) 
 
The contents of my FRST file:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by SYSTEM on MININT-K0HBV6E on 01-11-2013 14:12:54
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [ccApp] - C:\Program Files\Common F... Read more

Answer:Infected with Antivirus Security Pro and cannot start Windows 7 in Safe Mode

Hello Dinx I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", th... Read more

26 more replies
Relevance 79.54%

In step 2 of the self-removal process I need to reboot my computer in safe mode with networking. I do that and soon after my computer logs me off and restarts. What gives?

Answer:Infected with antivirus security pro - safe mode shuts down computer

I'll report this topic to appropriate helpers.
1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?
Hold on there....

3 more replies
Relevance 78.72%

Hello!
 
I'm trying to help a friend clean up her laptop.  It is a Windows 7 64-bit laptop infected with Antivirus Security Pro, and it is preventing safe mode (i.e. it comes up to the welcome screen, and then automatically does a restart.
 
I attempted to use the farbar scanning tool per the instructions in another post, but when I enter the H:\frst64 command, it simply returns to the command prompt.  Nothing else happens.
 
The windows version shows as 6.1.7600 when I bring it up in recovery mode.
 
Would certainly appreciate any guidance on how to move forward.  I fear that her backups may be compromised as well...
 
Thanks in advance.
 
 
 

Answer:Antivirus Security Pro, will not let me start in safe mode, farbar doesn't load

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Kaspersky Windows UnlockerDownload Kaspersky Rescue Disk (iso)Burn it to a cd or dvd, if you need a program to burn an ISO...use [email protected] ISO BurnerConfigure your computer to boot from CD/DVDNote : If you do not know how to set your computer to boot from CD/DVD follow the steps h... Read more

6 more replies
Relevance 78.72%

Hello, the topic above says it all, here is the FRST.txtScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013Ran by SYSTEM on MININT-8B86AOH on 08-11-2013 14:59:36Running from F:\repairWindows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe [424448 2007-05-06] (SigmaTel, Inc.)HKLM\...\Run: [MyFunCards Home Page Guard 64 bit] - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\AppIntegrator64.exe [548936 2013-08-02] ()HKLM\...\Run: [AS2014] - C:\ProgramData\9npDn373\9npDn373.exe [560776 2013-10-28] ()HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\9npDn373\9npDn373.exe -sm,HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)HKLM-x32\...\Run: [ShopAtHomeWatcher] - C:\Users\User\AppData\Roaming\ShopAtHome\ShopAtHomeH... Read more

Answer:Win7 Ultimate - Antivirus Security Pro - can't boot into safe mode - used FRST

to BC, jasonbrianmerrill!Will be back with instructions shortly.

2 more replies
Relevance 78.72%

...and followed them to boot into the System Recovery Options and through the Command Prompt I've ran FRST and here is the log it generated-- trying to fix my dad's laptop, any help appreciated!
 
Yoni
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-G8V99FN on 12-10-2013 17:56:56
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [AS2014] - C:\ProgramData\7ga7sn37\7ga7sn37.exe [683632 2013-10-10] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\7ga7sn37\7ga7sn37.exe -sm,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Progr... Read more

Answer:Antivirus Security Pro, can't boot to safe mode, read previous threads...

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
Download the following file => [attachment=142702:fixlist.txt] and save it to the USB Flash Drive.NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
 
Regards,
Georgi

6 more replies
Relevance 78.72%

After removal Antivirus Security Pro virus with Malwarebytes Anti-Malware and SpyHunter 4 my e-mail AOL stopped working. I tried to restore the Dell Studio 540 computer to an earlier date. It did not help. I tried several earlier dates in safe mode. After that Windows 7 boots only in Safe mode whatever I do (msconfig, services.msc...). I conducted all diagnostics via F12 - everything is OK; F8 - reboot in normal mode - it does not, again in safe mode. 

Answer:After removal Antivirus Security Pro virus computer boots only in safe mode

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/507569 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 74.62%

Hi guys,

My problem is somewhat complex so please bear with me. I had malware and adware on my laptop which was really annoying and I tried really hard to get rid of it. So I decided I was going to do a system restore. The system restore kept saying "System restore is initializing". I tried it three times and it didn't work. I looked around on the internet, and someone suggested to do the system restore while in safe mode. This is where I made my mistake. I set safe mode in msconfig.exe (not knowing you could go into safe mode while booting). msconfig forces the computer to boot into safe mode everytime, but my safe mode won't boot. I get a b;ack screen with a cursor. I have noticed that the cursor gets reset to the middle of the screen every five seconds or so. I also see the words safe mode flash in all four corners sometimes. I have tried re-installing windows 8.1 from a bootable usb, but whenever I change the boot priority, it doesn't seem to save my settings. Please tell me what my options are. Will replacing my hard drive do the trick. Thank you in advance.

Answer:I set safe mode in msconfig.exe and safe mode won't boot.

Can you restart and get into your log in screen ? If you can, enter safe mode by pressing the power button icon (lower right corner) then Shift + restart. That gets you to Advanced Settings where Safe Mode and, if that fails, Reset PC to orig settings. If you can't, try a hard reset by removing battery and all external usb attachments and then pressing and holding power button until it shuts down. Repeat a few more times to drain memory, then see if powering up will get you to log on screen.

A system restore in safe mode will just restore the malware. You need to boot into safe mode and run your anti-virus or malware program and have them quarantine and then remove them while in safe mode. Use Malwarebytes free or Adwcleaner or Hitman to clean the system. If that does the trick, manually create a system restore point that you know is clean after the system is to your satisfaction.

12 more replies
Relevance 74.21%

anybody know what i can do?
 

Answer:Why does msconfig shut off in normal mode but not in safe mode?

7 more replies
Relevance 72.16%

I have a Dell Inspiron 6000 with Windows XP. I changed the msconfig settings to safe mode to try to remove a virus. When I try to turn it on i get a blue screen informing me that there is a reason that will not let windows start and to restart my computer, when i restart again, I get the same blue screen. No matter what option I choose; safe mode, safe mode with networking, start windows regularly, or last known good configuration, I get that same blue screen, and I was wondering if there is a way I can change the msconfig back to regular boot even though i can not get passed the blue error screen.
 

Answer:Msconfig set to safe mode

Bobbye said:





You are looking for Errors that correspond to the time of the BSOD. Try to find Error from the last normal Mode.

You will see Errors that are specific to Safe Mode and don't give us the information we need- such as "DCOM didn't start. DCOM won't start in Safe Mode." You are the second person in two days who enabled Safe Mode using msconfig instead of booting into safe Mode using the F8 key. It most like will be an Error in the System Log.

Start> Run> type in eventvwr

Do this on each the System and the Applications logs:
[1]. Click to open the log>
[2]. Look for the Error>
[3] .Right click on the Error> Properties>
[4]. Click on Copy button, top right, below the down arrow >
[5]. Paste here (Ctrl V)
[6].NOTES
You can ignore Warnings and Information Events.
If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
You don't need to include the lines of code in the box below the Description, if any.
Please do not copy the entire Event log.

Errors are time coded. Check the computer clock on freeze.

IF you continue on this old thread, only those who have subscribed to it or who open it will see your post.Click to expand...


 

2 more replies
Relevance 72.16%

May be in the wrong section, apologies if it is.

I've had AVIRA anti-virus for a while, recently the guard started flickering on and off every five minutes or so. I figured no big deal as I'd done a full virus scan after on one occasion and no harm had come of it, so I neglected fixing it.

The relevance? Tonight it flicked off and XP Anti-Virus 2011 installed itself before I could do anything. I tried in vain to do something to stop it, and deleted some of the registry edits that I didn't recognise off my task manager via the search system (nhg.exe amongst others) that had just appeared. Regardless of this my internet or any other program couldn't open

I restart my computer to attempt to fix it and whilst Windows loaded, only the background did and little else. No taskbar, no start button (Even pressing the keyboard button doesn't work). I then try to boot in safe mode. It fails to do so. This means I can't get a HiJackThis thing to put on here which you guys usually figure out how to fix stuff from.

Anyway I then reboot, and CTRL+Alt+Del works so I try to open explorer with that to see if it was the problem. It didn't recognise the file, nor MSCONFIG nor regedit.

Looking up the forum, can see three other people possibly with a problem as a result of this flaming Anti-Virus virus...

So with, no safe mode, no reg edit, no taskbar...

Can anybody help?

EDIT

Desktop has finally loaded. However very few of the programs usually in the bot... Read more

More replies
Relevance 72.16%

Hi I am using win xp sp-2 and facing the following problems..

1. cannot install any antivirus(kaspersky,avast,macfee)
2.cannot edit my registry
3.cannot open TaskManager(disabled by admin)
5.I used Combofix and The report of scanning is given into attachment
6.after using comboFix I totally unable to access regedit with and software such as registryFix.exe and regFix.vbs.
7.gpedit->user configration->Administrative Templete->system->prevent access to registry editing tool is disabled but still cannot access regedit

Please help me.........

Answer:regedit and Safe mode problem

Hi,

we don't advocate users run ComboFix without proper supervision.

Please post a set of diagnostic logs as requested in our First Steps topic

2 more replies
Relevance 72.16%

my win xp has been hacked peltodgx and malwareit won't let me do anything. i have a virus alert display next to my clock on the bottom right. I also appear to have a trojan. a clicker that keeps trying to send me to a "virus removal page"
The Trojan also causes a dialogue box headed 'Microsoft Windows - Security Alert'. to keep popiong up saying i have a virus. if i click
the button the Trojan will launch Internet Explorer, directing it to an Internet resource containing Adware.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22: VIRUS ALERT!, on 9/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\SanDisk\Sa... Read more

Answer:Solved: I can't get to REGEDIT even in safe mode!!

7 more replies
Relevance 71.34%

Hi

I'll get straight to the issue in hand

I have a virus on my laptop, i was in the process of sorting this out, however i clicked on run - Msconfig - Boot - safe boot and selected minimal. I re-started and the computer loaded automatically in safe mode, however it got to the blue screen and the computer shut down automatically.

I take it i need to de-select this option, but i can't even get beyond this blue screen which keeps shutting the computer down. There is an option on my windows 7 Operating system to use CMD as part of the recovery process, however i've tried to open MSCONFIG in there but to no avail. I dont have any system restore points set up either, so all i have is the Regedit option as i can get into Regedit.

My two questions are quite simply: Can i open MSCONFIG in cmd? and Why is safe mode not loading and shutting the computer down? Is this virus related?

I guess a third question would also be, what can i do besides reverting back to default factory settings?

Kind regards, your help is much obliged

Thanks

Answer:Not being able to open MSCONFIG in CMD or safe mode!

What happens if you keep F8 pressed immediately after starting? Do you get the screen with starting options.

If yes then try and start in the Safe Mode with Command Prompt. You might be able to open msconfig in this environment. I have been able to reach msconfig in this way often.

3 more replies
Relevance 71.34%

Ok, here's the deal. I ran msconfig, and checked "safe boot" just like I used to do in XP when I wanted to restart my computer in vista. It started in safe mode and worked.

But now, I can't uncheck it! When I run msconfig again and "uncheck" safe boot, It automatically goes to "Selective Startup." And when I select "Normal Startup" it always rechecks "safe boot" automatically, so basically if I want windows to start properly, it HAS to me a selective boot, because thats the only option that allows me to uncheck safe boot. For some reason, Vista thinks that safe mode in normal lol. I'd like to get it back to where normal startup has safe boot unchecked in msconfig. Anyone have a clue???? Thanks

Gary

Answer:Stuck in Safe Mode because I used msconfig?

anyone????

5 more replies
Relevance 71.34%

I'm in the process of following instructions to eliminate some spyware and used the symantec msconfig procedure referenced here http://forums.majorgeeks.com/showthread.php?t=35407 to boot into safe mode. Unfortunately I now know that my system will not boot into safe mode. Since I used msconfig to get into safe mode and not the F8 key I'm stuck.

How do I get to a place where I can modify msconfig back to normal boot? I have the reinstallation cd provided by Dell when I bought my system but don't really want to reinstall windows if I don't have to.

Specifics of what happens when I boot:
Basic Dell bios load screen and then windows splash.
Black screen with "safe mode" in the 4 corners of the screen
Windows is startup up... screen
Login screen with all user accounts showing.
I log in as administrator or another account with admin privileges.
Loading personal settings screen.
Black screen with "safe mode" in the 4 corners.
Dialog box with "Windows is running in safe mode, etc." appears briefly and then goes away. Quickly clicking yes doesn't make a difference.
Then nothing. I'm sitting with a black screen, safe mode in the 4 corners, MS Windows XP...SP2 on the top, a mouse cursor and nothing else. The only thing I can do is press "windows-key L", which presents me with a "Unlock Computer - this computer is in use and has been locked" window. If I use the account I originally c... Read more

Answer:safe mode via msconfig - now won't boot

When you log in using safemode try hitting Ctrl-Alt-Del and look at the task manager

In the task manager hit File -> New Task(Run) and type in msconfig

If you can get this working you can reconfigure msconfig.
 

3 more replies
Relevance 71.34%

I did the one thing that was not recommended. I changed the config to load up in safemode. I am running windows XP, and I do not have an XP disc because I bought the computer used. Now nothing happens. The system wont even load into safe mode. I just get a black screen. Any help that would get me to boot back into normal mode would be really appreciated. :-o
 

Answer:Tried to boot in safe mode using Msconfig

I had this happen to me and the way I fixed it was editing boot.ini file from recovery console but you don't have the XP CD.

One way would be to download a Linux Live CD (I like Linux Mint). You would burn the .iso file to a CD as an image file. Then start the computer from the CD. It will load a Linux desktop and give you access to your C: drive. Browse to C:\boot.ini then edit the boot.ini file deleting the /safeboot part of the line that looks like this:

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP" /safeboot

to this:

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP" /fastdetect

The Linux Mint CD is very easy to use. If you know how to burn an iso file you should have no problem.
 

36 more replies
Relevance 71.34%

Dear Sir,
From Last three days I am trying to resolve issue with my operating system the problem is explained below
My TaskManager is Disabled I tried to access regedit but it says regedit is disabled by your administrator I tried to change settings in Gpedit for making me enable to access regedit but its of no use I tried to bring computer in safe mode but it is not accessing safe mode.
I tried to third party s/w reg manager to access my registry files but if i change key values it is working for a moment only and again some thing is changing the registery I dont know what is running behind.
please help me to resolve this issue during the period of last three day my system is facing problems with other s/w such as ms office etc are giving errors
I found when I use PC for three-Four hours the screen are displayed with data missing on it some times when i click start program it shows empty.
I found you site is expert and experienced in resolving such issues waiting for your reply.
regards
Sajid

DDS (Ver_09-07-30.01) - NTFSx86
Run by Apple at 23:57:40.67 on Fri 14/08/09
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.353.1033.18.989.433 [GMT 3:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchos... Read more

Answer:TaskManager,Regedit,and safe mode disabled

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Download ComboFix from here

* IMPORTANT !!! Save ComboFix.exe to your Desktop

--------------------------... Read more

2 more replies
Relevance 71.34%

I am currently running Win 2000 Pro, I am the only user (administrator rights), and I have searched ALL the other postings I could find, with no luck! When I reboot and press F8, the only thing showing is Windows 2000 (I found this out when trying out a possible solution from another posting). CTRL+ALT+DEL, and taskmgr is greyed out. Regedit (and TaskMgr) are disabled by the Administrator (me?) but I swear I didn't do it! Following is my Hijack Log, AND I've used Ad-Aware and Spy-Bot multiple times! PLEASE HELP!

Logfile of HijackThis v1.97.7
Scan saved at 8:49:11 PM, on 11/20/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\svchost.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\ofps.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\winnt\msagent\intl\kb_driver.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\update32.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\winhlp32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:... Read more

Answer:Regedit & Taskmgr Disabled, NO SAFE MODE!!!

16 more replies
Relevance 70.52%

Well, I've been scouring Google on our secondary computer all night, and I'm stumped. I'm also not completely tech savvy, so please forgive me.

My computer shut down by itself while I was typing an email. Rebooted and no exe files would open except IE 64 bit (as of six hours later, now that won't open either - opens, flashes, closes and says IE crashed). It has gone through numerous "windows won't start, repairing" screens. It has tried to system restore, but it doesn't fix the problem.

I cannot open in safe mode, and Task Manager is missing. I can open regedit but not msconfig (this is bothersome because I found a workaround for getting the system to reopen in safe mode by changing some configurations, but...) Can't open device manager as one option suggested looking for the possible virus culprit in the tools/drivers section.

I found a site that had an exe repair fix to either merge or import into the registry, but it keeps saying it can't do it because there are "processes running." Those boards suggested trying to the merge/import in safe mode, but as above..can't open in safe mode. Also since I have no task manager available, I can't manually end or suspend any processes.

Windows Defender runs but says everything is a-ok (clearly not).

Because I don't feel comfortable deleting anything from the registry, that's the only thing I haven't tried. Oh, I did find something that said to check the shell and one other place in the registry, bu... Read more

Answer:No exe files will open, nor msconfig or safe mode

Okay, I restarted and finally was able to get into msconfig. I set it up so the computer automatically starts in Safe Mode. Tried importing/merging that exe file again, and nope, says "other processes are running." Went into services through msconfig and shut down all services - still didn't work.

I also find a possible solution to create a new user - won't let me. Sigh....

4 more replies
Relevance 70.52%

I am try do safe mode at windows 8, but monitor tell out of range.
and now I even can not login to windows 8..
what I can do? need help asap, bozz pc.
now I hate win8

Answer:Safe Mode from msconfig, Out of range, cannot login

It should not state that with Safe Mode. Try pressing the Auto Calibrate button on your monitor.

11 more replies
Relevance 70.52%

Main Goal:  gain access to my files so I can save them without doing anything that would damage or erase my files because the files are what's important to me, I don't mind if I have to reformat as long as I can save the files first.Hello everyone, this is my first post on here and I would greatly appreciate any help.I want to give as much information as possible so you have a more accurate picture and you don't have to drag information out of me but at the same time I just experienced, over the last few days, a slew of problems with my laptop and have been recovering little by little over the last 3 days.  So I want to just address the Subject (Can't Boot Into Safe Mode or Open msconfig) I entered first instead of writing a novel about how after my laptop powered down:(1)CHKDSK started after a restart, did a bunch of crazy stuff including "Replacing invalid security id with default security id for file XXXX."  Did this on nearly 400,000 files.(2)Then windows wouldn't boot so I did a boot repair that didn't work.(3)Then tried to do a system restore but the first one didn't work and was "damaged or deleted" in the process.  I thought the second one didn't work either and tried it twice since I didn't get the "damaged" message on this restore point and then gave up for the night (the "novel" will include the error messages I received each time).(4)Then when I turned on my co... Read more

Answer:Can't Boot Into Safe Mode or Open msconfig

There are two ways to do this that I can think of.First way - do you have either a desktop PC you could hook the drive up to, or another PC of any description with a USB to SATA converter?  If so, you could hook the drive up that way, and copy your files off.Second way - do you have a Windows 7 install disk?  Not a restore disk, but a full install disk?  If so, you can install Windows back onto the C: drive, and your old install will be saved into a folder named windows.old.  Your files will still be there, so you will be able to copy them off and then delete the windows.old folder afterwards.Oh, bonus way - if you can download and burn a Linux LiveCD, you could boot from that, and try to copy your files from there.  Puppy Linux is what I usually use as it's quite easy to use, and has enough tools to be useful without being overwhelming for a Linux novice like myself.Regardless of the method you use, I'd be inclined to do a format and clean install of the laptop after you have your files safely stored away, sounds like something's gone really haywire there and even if you could get it up and running normally, I wouldn't trust it myself because you never know what else may be lurking.Hope this makes sense, if there's anything you're unsure about just ask, oh and welcome to the forums!

5 more replies
Relevance 70.52%

Hi,

I booted into the safe mode using the msconfig .
But iam stucked while booting in safe mode,the system gets hanged and also i could not log in normal mode also..please help

regards,
gautham
 

Answer:Problem after booting in Safe mode using MSconfig

7 more replies
Relevance 70.52%

I'm running Windows 8.1x64. I booted to safe mode today by changing the boot options in msconfig.exe. Now, msconfig won't let me change back to Normal startup, and I'm stuck in safe mode. When I check the Normal Startup box under the General Tab in msconfig and hit OK, I receive this message:

"System Configuration cannot save the original boot configuration for later restoration. Boot changes will be reverted.

"The system cannot find the file specified."

No file is specified.

I've booted to safe mode on other occasions but never have experienced this problem. Windows 8.1 has been running normally with no problems. The reason I went into safe mode is that a non-bootable drive has disappeared from Explorer and I wanted to see if it showed up in Safe Mode.

Answer:In Safe Mode, msconfig won't allow normal startup

Hello John,

You might see if you may be able to use one of the options in the tutorial below to boot back into normal mode.

Safe Mode - Start Windows 8 in

3 more replies
Relevance 70.52%

Hi

My laptop was having some iexplorer bugs so I ran a virus scan with symnatec, and was then advised to log in via safe mode and run the scan again. I turned on safe mode in msconfig and restarted, but when the log in screen appeared in safe mode, my mouse or keyboard did not work so I can't get in.

If I try holding F8 and choosing to boot normaly or under any other condition it reverts to safe mode, presumably because of the msconfig change, so I can't get back to msconfig to chane the setting back.

Any idea how I can get round this?

Thanks

Dave
 

Answer:XP Safe Mode / Msconfig / Keyboard problem

Forget about Symantec. Run your next scan with Avast or Avira, then SuperAntispyware and MalwareBytes...
You are apparently using USB mouse and USB keyboard which have not installed yet in the install run.
 

22 more replies
Relevance 70.52%

Hi

I'll get straight to the issue in hand

I have a virus on my laptop, i was in the process of sorting this out, however i clicked on run - Msconfig - Boot - safe boot and selected minimal. I re-started and the computer loaded automatically in safe mode, however it got to the blue screen and the computer shut down automatically.

I take it i need to de-select this option, but i can't even get beyond this blue screen which keeps shutting the computer down. There is an option on my windows 7 Operating system to use CMD as part of the recovery process, however i've tried to open MSCONFIG in there but to no avail. I dont have any system restore points set up either, so all i have is the Regedit option as i can get into Regedit.

My two questions are quite simply: Can i open MSCONFIG in cmd? and Why is safe mode not loading and shutting the computer down? Is this virus related?

I guess a third question would also be, what can i do besides reverting back to default factory settings?

Kind regards, your help is much obliged

Thanks
 

More replies
Relevance 70.52%

is there someway to get back to msconfig when I am caught in this limbo state between starting up in safe mode and normal mode? I would love to change the setting back to normal start up in msconfig.Just to help here are some more details on my problem. When the computer boots it tries to start up in safe mode and has a problem with agp.440.sys then goes back to the screen where you can select to start in safe mode, or regular mode, etc. If I choose safe mode it will have the same problem and go back to the selection screen. If I select start in regular mode it will try then fault and go back to the same selection screen again. I can't get beyond this screen. I believe this is happening because I have selected safe mode in msconfig and now I can't get at it to change the setting. I didn't have any booting problems before doing this

Answer:i used MSCONFIG process and got strucked in safe mode,help m

MSCONFIG has nothing to do with it.http://support.microsoft.com/kb/324764

2 more replies
Relevance 70.52%

i cant boot into safe mode,

cant run regedit and some command

cant open task manager,

some time when looking for some antivirus webpage will auto close the browser

even my hijack this cant run(but i already rename the hijackthis.exe to scanner.exe,so it works)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:01 AM, on 11/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\LckFldService.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\Program Files\CyberLink\Shared files\RichVideo.exe
E:\Program Files\Spyware Terminator\sp_rsser.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\WINDOWS\system32 ... Read more

Answer:Cant boot into safe mode,cant run regedit,task manager

anybody help pls...............

4 more replies
Relevance 69.7%

Just had to share this free utility. I've tried it, works great.

Here's a utility that makes booting into Safe Mode easy. You
don't have to hit the F8 key or make changes in msconfig.
BootSafe:

http://www.superadblocker.com/bootsafe.html
 

Answer:Boot into Safe Mode, no tapping F8, no changing msconfig

kniht, Regarding the BootSafe program see Posts #4 and #5 by Mosaic1 in the thread at the link below. She is very sharp with computers and on her word I don't recommend BootSafe anymore. This is just my opinion.

http://forums.techguy.org/windows-nt-2000-xp/662339-cannot-boot-into-safe-mode.html

Tufenuf
 

3 more replies
Relevance 69.7%

I was trying to get into safe mode on my T61. Went to cmd prompt. typed msconfig went and clicked statrt in safe mode in the boxes you can click. All this just to get it to start in safemode... Now it repeats over and over in "safe mode restart.  Wont stop cycling through. I have been trying to remove this **bleep** NOD32 antiviris software.  Had to get it to boot in safe mode to get to properly "uninstall"...CAme to the forum here to find out why after pressing F8 a million times it would still pass by safe mode into normal startup windows.   After I read goto cmd prompenter msconfigclig on safe mode now it wont stop cycling... How to I get back to the cmd prompt?  Or does anyone know what I am dealing with? Thank you in advance.

Answer:T61 will not stop rebooting after msconfig safe mode cycles over and over and over........

Hey there Pyroplantfreak,
 
What version of windows are you using? I found an article that seemed to be dealing with a similar issue to your own over on the microsoft forums, it may be of some interest to you. It recommends you try going into the recovery console, which may help you get back to the command prompt. Hope this helps.





Did someone help you today? Press the star on the left to thank them with a Kudo!If you find a post helpful and it answers your question, please mark it as an "Accepted Solution".! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.

1 more replies
Relevance 69.7%

First off let me start by saying hello. I am a newbie and would greatly appreciate any help or advice that the forum can give.

I am running windows xp on an older dell desktop.

While following the bc tutorial "remove antispyware soft" I was directed to the "how to start windows in safemode" tutorial. This tutorial instructed me to start computer in safe mode using MSconfig. Upon doing so my computer gets stuck in a re-boot cycle that I cannot get out of. According to the tutorial this is because of the malware, (see section titled, "Problems that can occur by forcing Safe Mode using the System Configuration Utility", unfortunately this section is at the very bottom and not sequential. It should be at the top for morons like me). The tutorial recommends using boot disk to reboot my computer. Unfortunately this is my old computer and I no longer have any XP associated disks. Can I fix this problem without any xp boot disk? I have no floppy disk drive (its been broken for years), but my cd-rom drive works. Again any help would be greatly appreciated.

Answer:safe mode loop using msconfig, no floppy bootdisk

Hello, we can create a bootable disk that allows you to access the Recovery Console.

However, first I would like to know what exactly happens when you try to boot. Does safe mode automatically load (you see the drivers rolling over the screen) and then you get a blue screen/reboot?

36 more replies
Relevance 69.7%

Hi! I had a malware and decided to run malwarebytes anti-malware in safe mode. The problem was that my computer took too long to boot up before it lets me choose my operating system (i also have linux mint installed, just FYI) and I didn't want to wait 10 minutes just to miss hitting F8 so I changed msconfig to automatically load in Safe mode, so i went ahead and checked that. It booted up fine in safe mode, malarebytes found nothing (I also ran this in normal windows right before...again just FYI).

Now the problem is that I cant get out of safe mode. I tried changing msconfig back but it wouldnt save the settings and the check box that I had checked on normal windows (on the second tab) was unchecked and wouldnt even let me interact with it. I even tried selecting 'normal mode' on the first tab. Anything I did to it would result in a message saying 'windows configuration could not be saved' or something (I'm at work, I don't remember exactly what the message was but I will post it later) after I clicked ok or apply.

I also waited and pressed F8 to select how I wanted to boot and went to normal mode and it still went into safe mode. I tried repairing too but it didn't even find an operating system on my computer, but that probably has to do with the fact that I use linux to boot up.

Any ideas on what to try next?

Thanks in advance

Answer:Windows keeps booting in Safe Mode after msconfig change

To Remove Linux take look at this post:
Error 0xc0000225 on boot

4 more replies
Relevance 69.7%

Hi, I had a virus on my laptop that I wanted to remove, so I downloaded some software to remove it, but when I went into safemode all I got on my screen was a blue screen that said that Windows had been shut down to protect my computer and it just stopped, never did anything else. It also told me to restart my computer, so I did. Then I stupidly went into msconfig and made it safeboot and restarted my computer. Well now all I ever get when I start my computer is the same blue screen, it doesn't matter what I do or how I choose to start Windows, it just stops it and shows that blue screen and I have to restart it. Ive tried all the different types of starting up the computer, with normal, or last settings that worked, but nothing seems to work. Any help would be greatly appreciated, thank you.

Answer:Problem with safe mode in msconfig, always blue screen

Keep in mind that using MSConfig to access (force) safe mode when there is malware on your system could have disastrous results and render your computer unbootable. Some types of malware can delete or alter the safeboot key in the registry resulting in the inability to reboot fully into safe mode or back to normal mode. The Safeboot option modifies the Boot.ini file and you may be locked in a continuous reboot loop afterwards where you cannot get back to MSConfig and undo your selection. The same thing can occur with BootSafe as you may not be able to get back to Normal mode and undo your selection. See "Booting into Safe Mode safely".How to fixhttp://www.bleepingcomputer.com/tutorials/...#force_safemodeAll the way at the bottom of the page

2 more replies
Relevance 69.7%

Running XP, SP3. Have run avast antivirus in both regular and doot scan with no results. Tried to run MalwareBytes but it hangs when trying to update definitions.
 
When I reboot and select Safe Mode it hangs while loading files.
 
Can't find files like Syetem Restore or msconfig.
 
Ran Unhide with following results:
 
Unhide by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
  http://www.bleepingcomputer.com/forums/topic405109.html
Program started at: 11/23/2013 02:45:10 PM
Windows Version: Windows XP
Please be patient while your files are made visible again.
Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.
Processing the C:\ drive
Finished processing the C:\ drive. 186756 files processed.
Processing the E:\ drive
Finished processing the E:\ drive. 1234 files processed.
The C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html
Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\polic... Read more

Answer:Can't get to Safe Mode, System Restore msconfig or Malwarebytes

Hello John, please try this, it will create a shortcut to your system restore.
 
Right-click the desktop
Choose New-Shortcut
For the location of the item, enter:%SYSTEMROOT%\System32\restore\rstrui.exe
Click “Next”
Enter a name for the shortcut
Click “Finish” 
After that try to restore your PC. I hope this will help. Give us updates.

5 more replies
Relevance 69.7%

hello everyone,
 
well, the problem is my pc actualy infected by virus
so i try to fix it with safe mode, when i chage boot from msconfig to safe mode. my pc keep restarting.
if anybody know how to fix it, please help me

Answer:keep restarting after i change msconfig boot to safe mode

In safe mode open msconfig and uncheck safemode to normal mode. You can startup msconfig either by opening run and msconfig, or open CMD and type msconfig.

0 more replies
Relevance 69.7%

hello everyone,
 
well, the problem is my pc actualy infected by virus
so i try to fix it with safe mode, when i chage boot from msconfig to safe mode. my pc keep restarting.
if anybody know how to fix it, please help me

Answer:keep restarting after i change msconfig boot to safe mode

In safe mode open msconfig and uncheck safe mode to normal mode. You can startup msconfig either by opening run and msconfig, or open CMD and type msconfig.

1 more replies
Relevance 69.7%

My computer has been attacked by FBI moneypak. As soon as I saw the notification, I unplugged the network cable and shut off the computer. It showed up on my wife's user name. I tried to boot into safe mode with another account and was able to run malwarebytes. It found a lot of viruses and needed to restart. When I restarted, the computer ran much faster and I figured it was safe. However, when my wife logged into her account, it came back. Now the only safe mode that I can access is safe mode with command prompt. I tried to use the task manager while in safe mode with cmd prompt, but now it says that it has been disabled. I checked the gpedit it settings, but they were not restricted. Also, the registry editor is locked too, but that was also fine in gpedit. So after looking through the forums I found ways to make sure it will be properly deleted from my computer. However, if I cannot access windows, the task manager, registry editor, or the Internet, then all of the forum suggestions (ie. go to this website and download tools, etc.) cannot be tried.

The computer is very old.

Running windows xp professional

Answer:FBI moneypak runs in safe mode. Task mgr and regedit are locked too,

Hy my name is Daniel and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Lets try a different way here.Please download tb.exe on a flashdrive.Plug in the flashdrive to the infected one. Reboot in Safemode with Command Prompt. Next you have to find the correct Driveletter from your Flashdrive ( typically F: or E: ).For this,In the Black Window type in Notep... Read more

15 more replies
Relevance 69.7%

Any program that invokes cmd.exe crashes the explorer (task bar goes away for 3 seconds). Also regedit works for 10 seconds and then closes. The machine claims to come up in normal mode, however, when I check, not all services are running and when I try to start them, I get a message saying: "Cannot run service in Safe Mode". I also cannot run dds.scr.

Ive run the following virus software to no avail:
Symantec endpoint
AVG free
Super antispyware
Spybot search and destroy 1.6.2

I am attching HJT v.2.0.2 output:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:50 PM, on 3/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Answer:infection causes cmd.exe to crashe explorer, regedit to die after 10 sec and computer to come up in safe mode

Hi JoshBers,Welcome to BC HijackThis forum. Sorry for the delay. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.Tell me if you have done anything since previous post. Or you have run any other tools. If yes please provide the logs if available. Also tell me how is the current condition of your computer.

To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Set the scan files/folders to 3 Months.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

Note 2: The tool takes not more than one minute to scan the system.You might want to save this page on your favorites, so you can find it again when you return.

3 more replies
Relevance 69.7%

My father downloaded a major virus to this computer (again!!). Regedit and task manager have both been disabled, and when you attempt to go on the internet you get a popup saying "Procedure entry point..." I can't even log in under safe mode. My Spybot spyware software is also being blocked. Can you please please help to get this virus removed? Attached is my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:46 PM, on 3/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Garmin\gStart.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.... Read more

More replies
Relevance 69.7%

Basically, my cousin tried downloading these fake facebook password crackers and they had viruses. Now If i try to system restore, it fails because the file (C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHA0922H\all[2].js)
can't be extracted.
Furthermore I can't access such a file.
I tried using HJT and i have the log which i will leave at the end.
When i try to access task manager it says it has been disabled by the administrator. Same with Registry Editor. Also, When i try to access safe mode, I can't select safe mode or any other option and the timer just runs out and the computer starts up normally. Can anyone help me?
Here's the log by the way.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:12 PM, on 7/11/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Users\Chris\Downloads\HijackThis.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.... Read more

Answer:Virus disabled Task Manager, Regedit, and Safe mode

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/409028 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have p... Read more

2 more replies
Relevance 69.29%

Hi.

I can't update my antivirus : BitDefender Free Edition v10.

I also can't enter windows xp in safe mode. An error msg will come out (like computer crash, in blue screen).

I also can't enter or scan online from any antivirus website.

Could this be virus?

Answer:Can't update antivirus, can't access any antivirus website, can't enter safe mode.

Hello it most likely is..I am moving this topic to the Am I Infected forum. Can you do these?You will need to Download and Run DDS which will create a Pseudo HJT Report as part of its log..If for some reason you cannot perform a step, move on to the next.Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help . Then go here Virus, Trojan, Spyware, and Malware Removal Logs ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

3 more replies
Relevance 69.29%

Hello there, I really need help here..

I've booted into safe mode in windows 8.1 by setting the safe mode option in msconfig..

However, when I booted into safemode i realized that I've forgot my password because i usually use a pincode.

How to I get it out of safe boot again? - I've tried to access command prompt, but everything needs that password.

Please help, is there any way to force it to boot up normally again? ;(

- Thanks in advance

Answer:msconfig boot settings sat to safe mode, forgot password

When it reboots into normal mode, won't you still need the password?

Do you have the ability to boot into the recovery environment using the install media and not recovery media?

15 more replies
Relevance 69.29%

I opened msconfig and after clicking on the Services tab --> hide all Micorsoft services --> disable all and then clicked on 'apply' System Configuration Stopped responding [and I could not even restart my PC]. I did so manually. I tried again this time instead of selecting 'Disable all'' I just disabled one of them (Adobe update service) to see if I could do this one at a time. but still it stopped responding and froze everything.
Having no choice I rebooted manually and then pressed the F8 key to reboot in safe mode BUT I got a boot menu asking me which HD I wanted to use to boot into and not the DOS screen giving me a choice for safe mode.
BTW my Win 7 OS HP 64bit is now booting from an SSD drive on a PCI-e card and am wondering if this has anything to do with it.
Anyhow, having done my usual monthly virus scan as well as malaware by using 3 different sources (mine and 2 online ones) just yesterday this virus/trojan/malware is probably not the cause.
Why do I want msconfig or a safe mode boot. Trying to reinstall my HP scanner software and drivers which I am having a little bit of problems with--so not related.

Answer:urgent; Can't boot in safe mode and msconfig stops responding

Not knowing what was in startup originally, it's hard to say what you deleted but I'm guessing it had to do with a driver for your PCI-e SSD. If that's the drive you boot from, the startup boot is saying it's not there. What's the BIOS say for the order of boot devices? What other drives are installed?

9 more replies
Relevance 69.29%

OK, here it goes. My parent's Desktop was having a side x side error and i've been trying to help her get it repaired. Her problem is that none of the programs will open except for internet explorer. All other applications give the sxstrace.exe error and won't open. I advised her to hit F8 and get into safe mode so I could try and help her further. She couldn't get that to work so I had her force safe mode through msconfig. That worked and got her into safe mode and she's still getting the sxs error and can't get anything to work for her. I advised her to go back into mconfig and uncheck the safe mode boot and wait til I come home and fix it. Now the problem is when she tries opening the msconfig, she gets an error on that saying it can't open the application with the error code 0xc000142 Now she's stuck in safe mode with no networking and the computer is basically useless. I need help getting her going if anyone has any suggestions. I'm 800 miles from home and won't be there until thanksgiving and i'm trying to help her over the phone so im kind of limited here. I was trying to get remote assist going for her but she couldn't install that either without the sxstrace.exe error. Thanks in advance.

they're running windows 7, If i remember correctly it's the x64 version.

Answer:stuck in safe mode msconfig application error 0xc000142

I guess the best bet is to reinstall windows.

2 more replies
Relevance 69.29%

Lenovo ideapad 710s . after selecting safe mode, switch off and switch on, I get black screen with LOGO and I see the BIOS does not recognize the ssd anymore. After a new samsung with a pc board factory defective (well known board problem that the model was withdrawn from the market), now i fall again in a big problem with lenovo. i m a little bit boring. did I loose all my data on ssd? and how to get back this new computer, now?

Answer:Lenovo ideapad 710s safe mode from msconfig, and does not recognized the ssd. Please help...

I m now downloading the win10 recovery usb key software >(thanks to the current guarantee it is on). anyone knows if it is going to restore the Bios so that the SSD come up again?

1 more replies
Relevance 69.29%

Lenovo ideapad 710s . after selecting safe mode, switch off and switch on, I get black screen with LOGO and I see the BIOS does not recognize the ssd anymore. After a new samsung with a pc board factory defective (well known board problem that the model was withdrawn from the market), now i fall again in a big problem with lenovo. i m a little bit boring. did I loose all my data on ssd? and how to get back this new computer, now?

More replies
Relevance 69.29%

Hi all, looks like a good forum here, hoping I can finally find a solution...

This has not been a week that's made me much enamored of Vista.

In order to troubleshoot my parents' Vista PC after their wireless
mouse/keyboard suddenly stopped working after 4/9's automatic updates, I had
to a do a system restore from Safe Mode. Their corded USB keyboard we got to
work (along with a PS2 mouse) to do the fixing wouldn't work using the
F8-method to get into Safe Mode, so I had use MSCONFIG to force a safe mode
boot.

The system restore worked, and I've disabled automatic updates until MS
comes out with a fix for the apparently widespread original problem, but now
I'm stuck with a very frustrating situation.

My parents' computer will only boot up into Selective Startup (which leaves
some important things such as graphics drivers unloaded) or into Safe Mode.
Within MSCONFIG, when I choose "Normal Startup", it automatically checks the
"Safe Mode" Box in the boot tab, and when I uncheck that box, it
automatically selects "Selective Start" on the previous tab. (I've tried
hitting apply on each of the tabs, but it doesn't help).

I've found a few other threads with this same problem across the web, but
never found a solution. Can anyone help?

Thanks very much.
 

Answer:Solved: MSCONFIG - Stuck in Safe Mode/Selective Startup

6 more replies
Relevance 68.47%

It seems that I have the same issue as this person http://forums.techguy.org/virus-othe...me-access.html . I can't use task manager or msconfig, stuff like malwarebytes doesn't work, safe mode crashes and won't allow me to do anything + I have performance issues in video games or music production software.

It seems that the virus is blocking other tech support sites other than this one too! I'm really scared, I would really appreciate help as soon as possible!

to sum up, I can't run task manager, msconfig, any kind of malwarebytes type program, MSE doesn't detect anything, it blocks certain sites, safe mode can accessed but I can't do anything with it - an error show up shortly after running it.
 

Answer:Bug won't let me access Task Manager, Safe Mode, MsConfig etc. + slowing down my comp

Welcome aboard

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

9 more replies
Relevance 68.47%

Hi,

It seems that I have the same issue as this person http://forums.techguy.org/virus-other-malware-removal/1144834-virus-wont-let-me-access.html . I can't use task manager or msconfig, stuff like malwarebytes doesn't work, safe mode crashes and won't allow me to do anything + i have performance issues in video games or music production software.

In the following post(s) I'll attach the results of the scans with Farbar Recovery Scan Tool after the scans are over (First, Addition and shortcut).
 

Answer:Bug won't let me access Task Manager, Safe Mode, MsConfig etc. + slowing down my comp

15 more replies
Relevance 68.47%

Spyware that removes msconfig and disables Add/Remove Programs, even in safe mode. simple as that. and adaware does not find it at all. what would you guys do? websearch is on there, and so is the homesearch hijacker. any thoughts?
 

Answer:Spyware that removes msconfig and disables Add/Remove Programs, even in safe mode

Hi, Your first step, if you can get it to run, is to post a Hijackthis log--

http://tools.radiosplace.com/HijackThis.exe

Make a new folder somewhere like Program Files....download the file to that folder and run it from there. Hit the Scan button, when the Save Log button shows, save the log as hijackthis.txt and copy/paste it to a blank reply here at your thread.
 

2 more replies
Relevance 64.37%

My administrator disabled task manager when i tried to scan in safe mode neither d antivirus or windows defender will run

Answer:Antivirus will not run in safe mode

that is a virus defenitly a virus try to use command prompt if th works personal message me.else Download malwarebytes anti malware and rename the setup file to something random like sdggfhf and run it and install it.if the setup dosent terminate it will work.now goto the place were you installed malwarebytes rename the file mbam.exe to a random name too and run it.if it starts run a quick scan and remove the viruses then run a full scan.after all this is over(if)the task mgr will still not work.but i ll tell you how to after.

2 more replies
Relevance 64.37%

Hi
 
I downloaded dodgy file last week. Afterwards my antivirus (Vodafone PC Protection) wouldn't run normally or in safe mode. Neither would AVG or malwarebytes. Before malwarebytes stopped its scan I glimpsed a message saying something like boot files hidden.
 
I decided to reinstall OS using drive partition.
 
Everything seemed fine until yesterday when I found a message saying the laptop had just recovered from a blue screen crash. Then this morning everything froze on startup. 
 
I can currently boot in safe mode but I can't run the antivirus.
 
I've just run Kaspersky TDSSKiller in safemode and when I included 'Loaded Modules' among objects to scan it reboots to normal, bypassing safe mode, then freezes at 75% installation of the Kaspersky utility. I can't copy and past the report. 
 
I guess my partition drive must have been infected as well. Any help would be greatly appreciated.
 
 
Evolver
Edited by hamluis, Today, 07:46 AM.Moved from Win 7 to Am I Infected - Hamluis..
 
Moderator Edit: Moved from the AII forum to the Malware Logs forum Due to Combofix Log
Roger

Answer:Antivirus won't run in safe mode

Have removed PUP.Optional.Conduit via MWB and a ton of trackers via Hitman Pro but the AV still won't open. 

5 more replies
Relevance 63.55%

I have a host of problem that have developed of late. I installed a file conversion program called Audio Convert and during the install some odd 'windows related" messages came up. Awhile ago you helpedme solve an issue regarding a "No Disk" error. You saw that I had no antivirus engine and I've been tring with my IS{P to get their program working but still have had no luck, you suggested AVG and I tried and failed to get it to install and load properly. After that little incident recently, I've lost my "Run" button, after clicking stat, I ahve no Shut Down/REstart buttons, instead I have a switch user button. I lost my Msconfig, and can't restart in safe mode, in any of them, the computer goes into a restart.



I've got an HP Pavillion m7480n, P4 930, 2G of RAm, Wndow XP Media Center Edition, it's 2 months old



Can you help?

 




Relevance 63.55%

Okay so I am having major problems! Running Windows XP First I started getting all these BAD popups and nothing made them go away. So I ran a Ccleaner, and Spybot S&D. I was prompted to reboot. I did. when I got to log in screen, it immediately prompted an automatic reboot citing a NT Authority\system reboot. So I rebooted in safe mode with networking, tried to run antivirus. then I tried to run SuperAntiSpyware, it started to run, showed 2 trojans and something else, then stoped running and I no longer have access to it. So I tried running malewarebytes (also renamed it mb.exe). Same thing. Starts to run, dissapears then I no longer have access to it. Happened to spy bot S&D. Tried to access the online SuperAntiSpyware. No go. Runs, picks up 2 Trojans and quits working. HELP!!! I can not boot in normal mode.

I can not run a Hijackthis....

Answer:Can not run Antivirus, can only boot in safe mode

You mentioned that you booted into safe mode with networking.
Have you tried regular safe mode?

3 more replies
Relevance 63.55%

As I stated on my other post, my computer has been formatted for a month now. I?m using windows XP. My main antivirus (McAfee) just can?t complete a whole scan without the pc restarting by itself. It happens with all antivirus and anti malwares and some other kind of programs too. I just don?t know what to do anymore.

On the other post someone told me to try my scans on safe mode. McAfee restarted, SpyBot closed and couldn?t get open again and stinger had to close. Only hijack worked all the way through. I have disabled windows restore.
This is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:03, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARQUIV~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Softw... Read more

Answer:All Antivirus Cant Go Through Even In Safe Mode (hijack Log)

Hello katia and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

3 more replies
Relevance 63.55%

Hi, i am new to this forum and i have a pretty big problem with my computer. Dell Dimension 4550, windows xp home edition, service pack 3.

I first encountered the problem when i was bombarded by a ton of popups of random things in internet explorer, but i use opera as my main browser. so that was odd. The popups then turned into an automatic installation that looked to be authentic windows security center, but was a fake, and i could do nothing about it. if i ended the process, another would start.

The popups have now stopped, i ran superantispyware and found many viruses. I fixed all, but when i log onto windows, i get error messages of missing .dll files: ntuser.dll, calc.dll, sinuvili.dll, pofutuva.dll.

Another problem is my safe mode. when i attempt to run, a blue screen appears stating that windows has shutdown to prevent damage to computer, and at the bottom of screen i see: *** STOP: 0x0000007B (0xF7A46528, 0xC0000034, 0x00000000, 0x00000000)

I saw in another forum that to fix this, i could boot from the original xp disc, select "R" to repair, and enter "CHKDSK /R". I tried this, but nothing happened.

Another observation is my computer clock, it has changed to military time.

I have now tried to run a HIJACK THIS log, but i wasn't able to. So i ran rsit.exe, and came up with the attached log file.

Can someone please look over the log file and tell me if there is anything i can do? i am lost when it comes to this.

Thank you, ... Read more

Answer:Cannot Run antivirus programs, or run in safe mode.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\rsit\info.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

I need to see a gmer log in order to help you.

Delete your existing copy of gmer. Please run this special version of gmer:

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it... Read more

2 more replies
Relevance 63.55%

Hi,
I have an infected windows XP SP2 pc.
I do not have any active antivirus software on this pc ( ESET NOD32 is expired).
1. I tried downloading a few free antivirus softwares like avira/avg/avast/MSE but was unsuccessful as -
a) either they do not support sp2 or
b) on clicking download the page does not load
2. I have tried running online antivirus softwares like bitdefender (cannot load) and ESET (after running the activeX control tried downloading the .cab file but nothing happened)

Following is the info from SysInfo -

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
Processor: Intel(R) Pentium(R) D CPU 2.66GHz, x86 Family 15 Model 4 Stepping 7
Processor Count: 2
RAM: 501 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 39997 MB, Free - 24258 MB; D: Total - 39997 MB, Free - 218 MB; E: Total - 39997 MB, Free - 222 MB; F: Total - 32624 MB, Free - 398 MB;
Motherboard: Gigabyte Technology Co., Ltd., G31M-S2L
Antivirus: ESET NOD32 Antivirus 4.0, Updated: No, On-Demand Scanner: Enabled
 

Answer:Cannot run antivirus scan even in safe mode

-----------------------------------------------------------
Be sure to read the information in these threads about Windows XP risks and options:
Derek's post here is a view of the risks : End of Support For Windows XP
You have already taken this risk with an SP2 machine, and lost the bet.
My post concentrates on software options for saving the machine: Windows XP - The Elephant In The Room
Read it very carefully.
Your machine will support the simplest of Linux systems, but really will not be satisfactory with ANY of the newer Windows.
I don't think trying to Fix this will produce a good result.
Almost all of our Fixing tools actually require XP Service Pack 3 to work, and installing Service pack 3 on an infected machine will usually fail or produce an unstable system.
This may be why the programs you are trying to use don't work.
Windows SP3 came out in 2008, and Support for SP2 ended in 2010.
 

2 more replies
Relevance 63.55%

If i restart in safe mode and run an antivirus scan with the AV installed on my PC, is that as good a scan compared to scanning in normal mode. (Do scans in safe mode miss anything that a scan in normal mode would pick up?)

Answer:AntiVirus scan in safe mode

you need to scan in normal mode not everything is running in safe mode

6 more replies
Relevance 63.55%

Okay so I am having major problems! Run ning Windows XP First I started getting all these porn popups and nothing made them go away. So I ran a Ccleaner, and Spybot S&D. I was prompted to reboot. I did. when I got to log in screen, it immediately prompted an automatic reboot citing a NT Authority\system reboot. So I rebooted in safe mode with networking, came here and have tried to follow read and run me first. Now every time I try to run SuperAntiSpyware, it starts to run, shows 2 trojans and something else, then stops running and I no longer have access to it. So I tried running malewarebytes (also renamed it mb.exe). Same thing. Starts to run, dissapears then I no longer have access to it. Happened to spy bot S&D. Came here and tried to access the online SuperAntiSpyware. No go. Runs, picks up 2 Trojans and quits working. HELP!!! I can not boot in normal mode.
 

Answer:Can not boot with out safe mode can not run any antivirus

Not trying to bump, I have an update...


I finally got combofix to work. Ran it. It detected a rootkit. It removed a bunch of infected stuff. This allowed me to boot in normal mode and download/run malewarebytes
I've also attached a couple of logs. Not sure if they are time stamped. But the order of running was
Root repeal last night
CF alog fter running it
Malwarebytes


I still can not run SAS but am actively trying.
 

6 more replies
Relevance 63.14%

I followed these steps to enable it:
Uninstall and Remove Software in Safe Mode
Keep getting error 1084. I am working in safe mode w/networking.

Really, the biggest problem is the BSOD, but after having it analysed (dmp files), it turned out to be a symantec driver. Need to uninstall it, but the symantec uninstaller won't work until i remove elements of the program with the windows installer... need my computer back

Answer:windows 7, 64, safe mode, windows installer not working after regedit

Hi,

I am Chetan Savade from Symantec Technical Support team.

I would like to assist here.

In your case cleanwipe is the easiest way to remove SEP from the System but need to contact Support team to receive credentials to download the tool.
Manual uninstall process is quite time consuming however it can be used as a last resort.
Safe mode should help to remove SEP client completely.
Refer this article : How to remove SEP in Safe mode.
https://www-secure.symantec.com/connect/articles/h...
It's very important to know the SEP client version because many blue screen (BSOD) related issues are fixed in new SEP versions.

Methods for uninstalling Symantec Endpoint Protection
http://www.symantec.com/docs/TECH184988

Regards,
Chetan Savade

1 more replies
Relevance 62.73%

Help, I cannot load Norton antivirus 2005 in safe mode (windows XP - service pack 1).

It generates an error and says the symantec integrator has generated an error??

Any ideas how I get this service started manually?
 

Answer:No Norton Antivirus 2005 in SAFE mode

Norton will not install in Safe Mode.
 

5 more replies
Relevance 62.73%

Greetings All!
I'm reaching out to the Pro's.

Huge mess on my bosses laptop - kids used it need I say more. It started with Internet Security 2010 which I thought I had removed and now Antivirus Live is in there. I can't get McAfee to load, rkill is now detected and blocked, won't work, can't get network connection any more. All this in just 6 hours yesterday!

I can't get on line to get HJT nothing is being allowed to run other than the fake infection warnings. This is a WinXP media center OS running IE7.

I'm open to suggestions, and need some help.
 

Answer:Antivirus-Live not able to boot into safe mode

16 more replies
Relevance 62.73%

I am newly registered to this great site. I am also a very infected Dad trying to remove Personal Antivirus from our family computer. I could not download/then launch Malwarebytes tool in normal mode. I am now following another thread trying to progress in save mode...

Any help advice is appreciated running malware quick scan...

Safe mode allowed download and quick scan now completed
Malwarebytes' Anti-Malware 1.38
Database version: 2283
Windows 5.1.2600 Service Pack 2

6/25/2009 8:07:06 PM
mbam-log-2009-06-25 (20-07-06).txt

Scan type: Quick Scan
Objects scanned: 112670
Time elapsed: 13 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 157
Registry Values Infected: 12
Registry Data Items Infected: 0
Folders Infected: 31
Files Infected: 193

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfu... Read more

Answer:Safe Mode Stage Personal Antivirus XP

For what its worth after copying th deleted files into this thread and closing down the priogram in safe mode and restarting in normal mode I was able to access the malware program and have found an additional 21 infected files full scan continues.....more to follow..

3 more replies
Relevance 62.73%

I may be infected with a virus. I am scanning using Norton right now and OneCare won't turn on its firewall, telling me that I am 'At Risk'.

If nessesary, could I install antivirus software like Norton on my computer using Safe Mode? Note that it is likely I have been infected.

If you need anymore information, please feel free to ask.

-Elk

EDIT: Also know that recently my computer had been randomly freezing in the past three weeks. I remember I stumbled onto a website where it suddenly told me that 'MY COMPUTER WAS INFECTED'. From experience I knew it was spyware, and instead of saying YES or NO on the warning popup, I clicked the X. Norton immeditely told me I was infected and tried 5 times to remove it. Then the warnings from Norton stopped, thinking that it finally got the trojan.

More replies
Relevance 62.73%

My husband's friend brought his computer over. He thought he had a simple hijack situation. Whenever he opened IE, Firefox, Nortons, etc it woudl immediately close. My husband has tried numerous things. He cannot even get these programs to run in safe mode. Even in safe mode, these programs immediately close. We dont even know what we're trying to kill. Any suggestions???

Answer:Cannot run antivirus, antimalware, or internet even in safe mode

Sorry, he is on a Dell laptop, running XP.

1 more replies
Relevance 62.73%

Please let me know if there is anything I can do to get rid of antivirus live. My computer will not run any security software and it will not go into safe mode.

Answer:Can not get into safe mode and laptop has antivirus live

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 62.73%

HI GUYS. I badly need help. My PC is acting weird. The symptoms are enumerated below. Suggestions are very much welcome. I found a similar thread with almost the exact symptoms. The guy found a solution. I am really hope I'll find mine. Please do take time to read my post.


SYMPTOMS:
I first found out about the infection about two days after the internet connection at home was restored.(My provider had a routine maintenance check up for the lines in my neighborhood.) I can't really say when is the exact date of the attack. So here is a list of symptoms of the infection/attack?.

1. McAfee anti virus stopped working.

2. Can't install anti virus. Tried to install other anti virus. The list includes AVG, Kaspersky, and Nod 32 but all failed.

3. The IE and opera browsers does not work but firefox is fine.

4. Can't connect to Yahoo! Messenger. Prompts a message telling to try again. Every time I do, it prompts the message again.

5. Can't boot in safe mode. When I try to boot in safe mode, it loads all the drivers and reboots again. Normal mode is fine.



WHAT I TRIED TO DO:

Note: Since my pc is sooooooooo slow, I reformatted my pc hoping the problem would go away. Unfortunately, it didn't do anything good with regards to the infection. It did make my pc a little bit faster though. Also, I can now use the opera and ie. Still, the problems persist.


1. Installed SuperAntiSpyware. Scanned pc and detected infections. The Lo... Read more

Answer:can't boot in safe mode; can't install antivirus

Assuming you are trying to run the Read and RUn First instructions, you don't mention whether you tried running ComboFix and MGTools......we need more than just the SAS log to see what is happening in your system.

And yes, I would advise staying off the web (physically disconnect) until you have to attach logs here.
 

1 more replies
Relevance 62.73%

i have some error while installing antivirus BIT DEFENDER in normal mode so i am trying to use safe mode but i am scared that what will be on that case
will any features be missed out when we install in safe mode rather than normal mode?
ANY DEMERITS PLZ MENTION

More replies